Re: [PHP] Members area Login with permissions!
you didn't set the $message for example here that you mentioned: div class=messageYou have successfuly been logged in. You can now access the advanced area.br / change it to $message=You have successfuly been logged in. You can now access the advanced area; hope it will help.
RE: [PHP] Members area Login with permissions!
Hi, I don't see any redirection in your script! It just displays the link to the corresponding next homepage based on the user level. To really redirect, you should user header ('Location: URL');. Be aware, that if you pass ANY content out, the additional headers can't be set, so either use output buffer in php.ini, or ob_start somewhere. And hope you do session_start() in config.php ;) Cheers, Tamas -Original Message- From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:28 AM To: php-general@lists.php.net Subject: [PHP] Members area Login with permissions! Hi, I need some help with my html/php, restricted access script. The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. The different user-groups should have access to the following content: admin - permissions to everything (for now the same as advanced) advanced - lecture 1 and lecture 2 newbe - only lecture 1 The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why! ?php include('config.php'); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=utf-8 / link href=?php echo $design; ?/style.css rel=stylesheet title=Style / titleConnexion/title /head body div class=header a href=?php echo $url_home; ?img src=?php echo $design; ?/images/logo.png alt=Members Area //a /div ?php //If the user is logged, we log him out if(isset($_SESSION['username'])) { //We log him out by deleting the username and userid sessions unset($_SESSION['username'], $_SESSION['userid']); ? div class=messageYou have successfuly been loged out.br / a href=?php echo $url_home; ?Home/a/div ?php } else { $ousername = ''; //We check if the form has been sent if(isset($_POST['username'], $_POST['password'])) { //We remove slashes depending on the configuration if(get_magic_quotes_gpc()) { $ousername = stripslashes($_POST['username']); $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = stripslashes($_POST['password']); } else { $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; } //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username='.$username.''); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; //We compare the submited password and the real one, and we check if the user exists if($dn['password']==$password and mysql_num_rows($req)0) { //If the password is good, we dont show the form $form = false; //We save the user name in the session username and the user Id in the session userid $_SESSION['username'] = $_POST['username']; $_SESSION['userid'] = $dn['id']; if($usr_level == 1) { ? div class=messageYou have successfuly been logged in. You can now access the admin area.br / a href=index2.phpHome/a/div ?php } if($usr_level == 10) { ? div class=messageYou have successfuly been logged in. You can now access to the newbe area.br / a href=index1.phpHome/a/div ?php } if($usr_level == 11) { ? div class=messageYou have successfuly been logged in. You can now access the advanced area.br / a href=index2.phpHome/a/div ?php } } else { //Otherwise, we say the password is incorrect. $form = true; $message = 'The username or password is incorrect.'; } } else { $form = true; } if($form) { //We display a message if necessary if(isset($message)) { echo 'div class=message'.$message.'/div'; } //We display the form ? div class=content form action
RE: [PHP] Members area Login with permissions!
One more thought, why not separating the things? I mean separate HTML with a template engine ( like Smarty ) and separate PHP code ( also separated to files ). Like: index.php: if ( ! $_session['username'] ) { $_SESSION['message'] = Please log in; header('Location: login.php'); } //process $_Session['message'] if any, and assign it to template variable, etc switch ( $_session['username'] ) { case '10': //processing, template display break; case '11': //processing, template display break; } --- login.php: if ( $_POST['username'] $_POST['password'] ) { //process login if ( $login_ok ) { $_SESSION['message'] = MESSAGE; header('Locatin: index.php'); } else { $_SESSION['message'] = MESSAGE; } } //display login form, with message, if any ( bad user name, etc ) -- On more complex sites, you may want to use classes, so the PHP code gets really separated and clean. If you decide to a template engine, you may also want to create a global $conf var and export that to the engine, so you can set the design, lang code, etc from one variable. Let me know, if I can helo you further :) Cheers, Tamas -Original Message- From: Dajka Tamas [mailto:vi...@vipernet.hu] Sent: Sunday, July 24, 2011 11:53 AM To: 'alekto'; php-general@lists.php.net Subject: RE: [PHP] Members area Login with permissions! Hi, I don't see any redirection in your script! It just displays the link to the corresponding next homepage based on the user level. To really redirect, you should user header ('Location: URL');. Be aware, that if you pass ANY content out, the additional headers can't be set, so either use output buffer in php.ini, or ob_start somewhere. And hope you do session_start() in config.php ;) Cheers, Tamas -Original Message- From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:28 AM To: php-general@lists.php.net Subject: [PHP] Members area Login with permissions! Hi, I need some help with my html/php, restricted access script. The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. The different user-groups should have access to the following content: admin - permissions to everything (for now the same as advanced) advanced - lecture 1 and lecture 2 newbe - only lecture 1 The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why! ?php include('config.php'); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=utf-8 / link href=?php echo $design; ?/style.css rel=stylesheet title=Style / titleConnexion/title /head body div class=header a href=?php echo $url_home; ?img src=?php echo $design; ?/images/logo.png alt=Members Area //a /div ?php //If the user is logged, we log him out if(isset($_SESSION['username'])) { //We log him out by deleting the username and userid sessions unset($_SESSION['username'], $_SESSION['userid']); ? div class=messageYou have successfuly been loged out.br / a href=?php echo $url_home; ?Home/a/div ?php } else { $ousername = ''; //We check if the form has been sent if(isset($_POST['username'], $_POST['password'])) { //We remove slashes depending on the configuration if(get_magic_quotes_gpc()) { $ousername = stripslashes($_POST['username']); $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = stripslashes($_POST['password']); } else { $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; } //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username='.$username.''); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; //We compare the submited password and the real one, and we check if the user exists if($dn['password']==$password and mysql_num_rows($req)0) { //If the password is good, we dont show
Re: [PHP] Members area Login with permissions!
Hi, thank you for answering! I do have a session_start() in config.php. For now there is no redirection as you mentioned, but it should display a link to the corresponding next homepage based on user level, which it does not do at this time! I thought div class=message was only a class? I already have a $message variable that do display: $message = 'The username or password is incorrect.'; When it comes to separating the code, I think this is a good idea, afraid this will mess the code further up to do at this point?! Regards Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas: Hi, I don't see any redirection in your script! It just displays the link to the corresponding next homepage based on the user level. To really redirect, you should user header ('Location: URL');. Be aware, that if you pass ANY content out, the additional headers can't be set, so either use output buffer in php.ini, or ob_start somewhere. And hope you do session_start() in config.php ;) Cheers, Tamas -Original Message- From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:28 AM To: php-general@lists.php.net Subject: [PHP] Members area Login with permissions! Hi, I need some help with my html/php, restricted access script. The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. The different user-groups should have access to the following content: admin - permissions to everything (for now the same as advanced) advanced - lecture 1 and lecture 2 newbe - only lecture 1 The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why! ?php include('config.php'); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=utf-8 / link href=?php echo $design; ?/style.css rel=stylesheet title=Style / titleConnexion/title /head body div class=header a href=?php echo $url_home; ?img src=?php echo $design; ?/images/logo.png alt=Members Area //a /div ?php //If the user is logged, we log him out if(isset($_SESSION['username'])) { //We log him out by deleting the username and userid sessions unset($_SESSION['username'], $_SESSION['userid']); ? div class=messageYou have successfuly been loged out.br / a href=?php echo $url_home; ?Home/a/div ?php } else { $ousername = ''; //We check if the form has been sent if(isset($_POST['username'], $_POST['password'])) { //We remove slashes depending on the configuration if(get_magic_quotes_gpc()) { $ousername = stripslashes($_POST['username']); $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = stripslashes($_POST['password']); } else { $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; } //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username='.$username.''); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; //We compare the submited password and the real one, and we check if the user exists if($dn['password']==$password and mysql_num_rows($req)0) { //If the password is good, we dont show the form $form = false; //We save the user name in the session username and the user Id in the session userid $_SESSION['username'] = $_POST['username']; $_SESSION['userid'] = $dn['id']; if($usr_level == 1) { ? div class=messageYou have successfuly been logged in. You can now access the admin area.br / a href=index2.phpHome/a/div ?php } if($usr_level == 10) { ? div class=messageYou have successfuly been logged in. You can now access to the newbe area.br / a href=index1.phpHome/a/div ?php } if($usr_level == 11) { ? div class=messageYou have successfuly been logged in. You can now access the advanced
RE: [PHP] Members area Login with permissions!
Hi, yes, class=message just sets the HTML class for that div element. BTW, I've found the error: //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username='.$username.''); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; You're setting $usr_level from a mysql_resource! So it's always null ( you would have guessed it by adding a var_dump($usr_level); after setting $usr_level ). The fix: just change it to: $usr_level = $dn['usr_level']; Cheers, Tamas From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:00 PM To: Dajka Tamas Cc: php-general@lists.php.net Subject: Re: [PHP] Members area Login with permissions! Hi, thank you for answering! I do have a session_start() in config.php. For now there is no redirection as you mentioned, but it should display a link to the corresponding next homepage based on user level, which it does not do at this time! I thought div class=message was only a class? I already have a $message variable that do display: $message = 'The username or password is incorrect.'; When it comes to separating the code, I think this is a good idea, afraid this will mess the code further up to do at this point?! Regards Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas: Hi, I don't see any redirection in your script! It just displays the link to the corresponding next homepage based on the user level. To really redirect, you should user header ('Location: URL');. Be aware, that if you pass ANY content out, the additional headers can't be set, so either use output buffer in php.ini, or ob_start somewhere. And hope you do session_start() in config.php ;) Cheers, Tamas -Original Message- From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:28 AM To: php-general@lists.php.net Subject: [PHP] Members area Login with permissions! Hi, I need some help with my html/php, restricted access script. The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. The different user-groups should have access to the following content: admin - permissions to everything (for now the same as advanced) advanced - lecture 1 and lecture 2 newbe - only lecture 1 The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why! ?php include('config.php'); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=utf-8 / link href=?php echo $design; ?/style.css rel=stylesheet title=Style / titleConnexion/title /head body div class=header a href=?php echo $url_home; ?img src=?php echo $design; ?/images/logo.png alt=Members Area //a /div ?php //If the user is logged, we log him out if(isset($_SESSION['username'])) { //We log him out by deleting the username and userid sessions unset($_SESSION['username'], $_SESSION['userid']); ? div class=messageYou have successfuly been loged out.br / a href=?php echo $url_home; ?Home/a/div ?php } else { $ousername = ''; //We check if the form has been sent if(isset($_POST['username'], $_POST['password'])) { //We remove slashes depending on the configuration if(get_magic_quotes_gpc()) { $ousername = stripslashes($_POST['username']); $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = stripslashes($_POST['password']); } else { $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; } //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username='.$username.''); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; //We compare the submited password and the real one, and we check if the user exists if($dn['password']==$password and mysql_num_rows($req)0) { //If the password is good, we dont show the form $form = false; //We save the user name in the session username and the user Id
RE: [PHP] Members area Login with permissions!
I don't think, that separating the code messes up anything, cos it's just separating processing/displaying and you can always debug processing by adding some echo $var, print_r($var) or var_dump($var). Moreover, by separating the PHP and HTML you get clearer code for both, giving easier debugging, Tamas From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:00 PM To: Dajka Tamas Cc: php-general@lists.php.net Subject: Re: [PHP] Members area Login with permissions! Hi, thank you for answering! I do have a session_start() in config.php. For now there is no redirection as you mentioned, but it should display a link to the corresponding next homepage based on user level, which it does not do at this time! I thought div class=message was only a class? I already have a $message variable that do display: $message = 'The username or password is incorrect.'; When it comes to separating the code, I think this is a good idea, afraid this will mess the code further up to do at this point?! Regards Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas: Hi, I don't see any redirection in your script! It just displays the link to the corresponding next homepage based on the user level. To really redirect, you should user header ('Location: URL');. Be aware, that if you pass ANY content out, the additional headers can't be set, so either use output buffer in php.ini, or ob_start somewhere. And hope you do session_start() in config.php ;) Cheers, Tamas -Original Message- From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:28 AM To: php-general@lists.php.net Subject: [PHP] Members area Login with permissions! Hi, I need some help with my html/php, restricted access script. The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. The different user-groups should have access to the following content: admin - permissions to everything (for now the same as advanced) advanced - lecture 1 and lecture 2 newbe - only lecture 1 The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why! ?php include('config.php'); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=utf-8 / link href=?php echo $design; ?/style.css rel=stylesheet title=Style / titleConnexion/title /head body div class=header a href=?php echo $url_home; ?img src=?php echo $design; ?/images/logo.png alt=Members Area //a /div ?php //If the user is logged, we log him out if(isset($_SESSION['username'])) { //We log him out by deleting the username and userid sessions unset($_SESSION['username'], $_SESSION['userid']); ? div class=messageYou have successfuly been loged out.br / a href=?php echo $url_home; ?Home/a/div ?php } else { $ousername = ''; //We check if the form has been sent if(isset($_POST['username'], $_POST['password'])) { //We remove slashes depending on the configuration if(get_magic_quotes_gpc()) { $ousername = stripslashes($_POST['username']); $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = stripslashes($_POST['password']); } else { $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; } //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username='.$username.''); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; //We compare the submited password and the real one, and we check if the user exists if($dn['password']==$password and mysql_num_rows($req)0) { //If the password is good, we dont show the form $form = false; //We save the user name in the session username and the user Id in the session userid $_SESSION['username'] = $_POST['username']; $_SESSION['userid'] = $dn['id']; if($usr_level == 1) { ? div class=messageYou have successfuly been logged in. You can now access the admin area.br / a href=index2.phpHome/a/div ?php
Re: [PHP] Members area Login with permissions!
Thanks a lot :) This solved the user level issue, I can now login with different user levels and get displayed with a link to the corresponding index-pages. But I am now facing a new issue regarding this; when I am entering the URL's of the corresponding index-pages I do get access to the corresponding index-pages without having to login at all!! Is there a way to prevent this form happening? And is there also a way to hide the URL's that goes beyond www.url.com, e.i. www.url.com/index_admin.php? Regard Den 24. juli 2011 kl. 13.26 skrev Dajka Tamas: Hi, yes, class=”message” just sets the HTML class for that div element. BTW, I’ve found the error: //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username='.$username.''); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; You’re setting $usr_level from a mysql_resource! So it’s always null ( you would have guessed it by adding a var_dump($usr_level); after setting $usr_level ). The fix: just change it to: $usr_level = $dn[’usr_level’]; Cheers, Tamas From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:00 PM To: Dajka Tamas Cc: php-general@lists.php.net Subject: Re: [PHP] Members area Login with permissions! Hi, thank you for answering! I do have a session_start() in config.php. For now there is no redirection as you mentioned, but it should display a link to the corresponding next homepage based on user level, which it does not do at this time! I thought div class=message was only a class? I already have a $message variable that do display: $message = 'The username or password is incorrect.'; When it comes to separating the code, I think this is a good idea, afraid this will mess the code further up to do at this point?! Regards Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas: Hi, I don't see any redirection in your script! It just displays the link to the corresponding next homepage based on the user level. To really redirect, you should user header ('Location: URL');. Be aware, that if you pass ANY content out, the additional headers can't be set, so either use output buffer in php.ini, or ob_start somewhere. And hope you do session_start() in config.php ;) Cheers, Tamas -Original Message- From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:28 AM To: php-general@lists.php.net Subject: [PHP] Members area Login with permissions! Hi, I need some help with my html/php, restricted access script. The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. The different user-groups should have access to the following content: admin - permissions to everything (for now the same as advanced) advanced - lecture 1 and lecture 2 newbe - only lecture 1 The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why! ?php include('config.php'); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=utf-8 / link href=?php echo $design; ?/style.css rel=stylesheet title=Style / titleConnexion/title /head body div class=header a href=?php echo $url_home; ?img src=?php echo $design; ?/images/logo.png alt=Members Area //a /div ?php //If the user is logged, we log him out if(isset($_SESSION['username'])) { //We log him out by deleting the username and userid sessions unset($_SESSION['username'], $_SESSION['userid']); ? div class=messageYou have successfuly been loged out.br / a href=?php echo $url_home; ?Home/a/div ?php } else { $ousername = ''; //We check if the form has been sent if(isset($_POST['username'], $_POST['password'])) { //We remove slashes depending on the configuration if(get_magic_quotes_gpc()) { $ousername = stripslashes($_POST['username']); $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = stripslashes($_POST['password']); } else { $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password
RE: [PHP] Members area Login with permissions!
You're welcome J Yes, you can hide the urls, just google for url rewriting or seo urls. Unfortunatelly, this is not basic level stuff and you cannot hide completly the urls. About your issue: that's why I've added to my example's index.php this line: if ( ! $_session['username'] ) { $_SESSION['message'] = Please log in; header('Location: login.php'); } For your situation, I would change it a bit ( for ANY index pages, which is not a login page ): if ( ! $_SESSION['username'] || $_SESSION['usr_level'] != CURRENT_SITE_PERMISSION ) { //we set a message in session to the user $_SESSION['message'] = Please log in; //we redirect the user to the login page header('Location: index.php'); } This will redirect an unlogged user to the login form ( if logged in, but has no access rights, your login page will log out the user ). Don't forget to store the users' access level in the session, or this will not work! Cheers, Tamas From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 3:23 PM To: Dajka Tamas Cc: php-general@lists.php.net Subject: Re: [PHP] Members area Login with permissions! Thanks a lot :) This solved the user level issue, I can now login with different user levels and get displayed with a link to the corresponding index-pages. But I am now facing a new issue regarding this; when I am entering the URL's of the corresponding index-pages I do get access to the corresponding index-pages without having to login at all!! Is there a way to prevent this form happening? And is there also a way to hide the URL's that goes beyond www.url.com, e.i. www.url.com/index_admin.php? Regard Den 24. juli 2011 kl. 13.26 skrev Dajka Tamas: Hi, yes, class=message just sets the HTML class for that div element. BTW, I've found the error: //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username='.$username.''); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; You're setting $usr_level from a mysql_resource! So it's always null ( you would have guessed it by adding a var_dump($usr_level); after setting $usr_level ). The fix: just change it to: $usr_level = $dn['usr_level']; Cheers, Tamas From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:00 PM To: Dajka Tamas Cc: php-general@lists.php.net Subject: Re: [PHP] Members area Login with permissions! Hi, thank you for answering! I do have a session_start() in config.php. For now there is no redirection as you mentioned, but it should display a link to the corresponding next homepage based on user level, which it does not do at this time! I thought div class=message was only a class? I already have a $message variable that do display: $message = 'The username or password is incorrect.'; When it comes to separating the code, I think this is a good idea, afraid this will mess the code further up to do at this point?! Regards Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas: Hi, I don't see any redirection in your script! It just displays the link to the corresponding next homepage based on the user level. To really redirect, you should user header ('Location: URL');. Be aware, that if you pass ANY content out, the additional headers can't be set, so either use output buffer in php.ini, or ob_start somewhere. And hope you do session_start() in config.php ;) Cheers, Tamas -Original Message- From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:28 AM To: php-general@lists.php.net Subject: [PHP] Members area Login with permissions! Hi, I need some help with my html/php, restricted access script. The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. The different user-groups should have access to the following content: admin - permissions to everything (for now the same as advanced) advanced - lecture 1 and lecture 2 newbe - only lecture 1 The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why! ?php include('config.php'); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=utf-8 / link href=?php echo $design; ?/style.css rel=stylesheet title=Style / titleConnexion/title /head body div class=header
Re: [PHP] Members area Login with permissions!
One again, Thank you!! Your excellent advice saved my day ;) Den 24. juli 2011 kl. 16.07 skrev Dajka Tamas: You’re welcome J Yes, you can hide the urls, just google for „url rewriting” or „seo urls”. Unfortunatelly, this is not basic level stuff and you cannot hide completly the urls… About your issue: that’s why I’ve added to my example’s index.php this line: if ( ! $_session['username'] ) { $_SESSION['message'] = Please log in; header('Location: login.php'); } For your situation, I would change it a bit ( for ANY index pages, which is not a login page ): if ( ! $_SESSION['username'] || $_SESSION[’usr_level’] != CURRENT_SITE_PERMISSION ) { //we set a message in session to the user $_SESSION['message'] = Please log in; //we redirect the user to the login page header('Location: index.php'); } This will redirect an unlogged user to the login form ( if logged in, but has no access rights, your login page will log out the user ). Don’t forget to store the users’ access level in the session, or this will not work! Cheers, Tamas From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 3:23 PM To: Dajka Tamas Cc: php-general@lists.php.net Subject: Re: [PHP] Members area Login with permissions! Thanks a lot :) This solved the user level issue, I can now login with different user levels and get displayed with a link to the corresponding index-pages. But I am now facing a new issue regarding this; when I am entering the URL's of the corresponding index-pages I do get access to the corresponding index-pages without having to login at all!! Is there a way to prevent this form happening? And is there also a way to hide the URL's that goes beyond www.url.com, e.i. www.url.com/index_admin.php? Regard Den 24. juli 2011 kl. 13.26 skrev Dajka Tamas: Hi, yes, class=”message” just sets the HTML class for that div element. BTW, I’ve found the error: //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username='.$username.''); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; You’re setting $usr_level from a mysql_resource! So it’s always null ( you would have guessed it by adding a var_dump($usr_level); after setting $usr_level ). The fix: just change it to: $usr_level = $dn[’usr_level’]; Cheers, Tamas From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:00 PM To: Dajka Tamas Cc: php-general@lists.php.net Subject: Re: [PHP] Members area Login with permissions! Hi, thank you for answering! I do have a session_start() in config.php. For now there is no redirection as you mentioned, but it should display a link to the corresponding next homepage based on user level, which it does not do at this time! I thought div class=message was only a class? I already have a $message variable that do display: $message = 'The username or password is incorrect.'; When it comes to separating the code, I think this is a good idea, afraid this will mess the code further up to do at this point?! Regards Den 24. juli 2011 kl. 11.52 skrev Dajka Tamas: Hi, I don't see any redirection in your script! It just displays the link to the corresponding next homepage based on the user level. To really redirect, you should user header ('Location: URL');. Be aware, that if you pass ANY content out, the additional headers can't be set, so either use output buffer in php.ini, or ob_start somewhere. And hope you do session_start() in config.php ;) Cheers, Tamas -Original Message- From: alekto [mailto:alekto.antarct...@gmail.com] Sent: Sunday, July 24, 2011 1:28 AM To: php-general@lists.php.net Subject: [PHP] Members area Login with permissions! Hi, I need some help with my html/php, restricted access script. The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. The different user-groups should have access to the following content: admin - permissions to everything (for now the same as advanced) advanced - lecture 1 and lecture 2 newbe - only lecture 1 The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why! ?php include('config.php'); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv
[PHP] Members area Login with permissions!
Hi, I need some help with my html/php, restricted access script. The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. The different user-groups should have access to the following content: admin - permissions to everything (for now the same as advanced) advanced - lecture 1 and lecture 2 newbe - only lecture 1 The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why! ?php include('config.php'); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=utf-8 / link href=?php echo $design; ?/style.css rel=stylesheet title=Style / titleConnexion/title /head body div class=header a href=?php echo $url_home; ?img src=?php echo $design; ?/images/logo.png alt=Members Area //a /div ?php //If the user is logged, we log him out if(isset($_SESSION['username'])) { //We log him out by deleting the username and userid sessions unset($_SESSION['username'], $_SESSION['userid']); ? div class=messageYou have successfuly been loged out.br / a href=?php echo $url_home; ?Home/a/div ?php } else { $ousername = ''; //We check if the form has been sent if(isset($_POST['username'], $_POST['password'])) { //We remove slashes depending on the configuration if(get_magic_quotes_gpc()) { $ousername = stripslashes($_POST['username']); $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = stripslashes($_POST['password']); } else { $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; } //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username='.$username.''); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; //We compare the submited password and the real one, and we check if the user exists if($dn['password']==$password and mysql_num_rows($req)0) { //If the password is good, we dont show the form $form = false; //We save the user name in the session username and the user Id in the session userid $_SESSION['username'] = $_POST['username']; $_SESSION['userid'] = $dn['id']; if($usr_level == 1) { ? div class=messageYou have successfuly been logged in. You can now access the admin area.br / a href=index2.phpHome/a/div ?php } if($usr_level == 10) { ? div class=messageYou have successfuly been logged in. You can now access to the newbe area.br / a href=index1.phpHome/a/div ?php } if($usr_level == 11) { ? div class=messageYou have successfuly been logged in. You can now access the advanced area.br / a href=index2.phpHome/a/div ?php } } else { //Otherwise, we say the password is incorrect. $form = true; $message = 'The username or password is incorrect.'; } } else { $form = true; } if($form) { //We display a message if necessary if(isset($message)) { echo 'div class=message'.$message.'/div'; } //We display the form ? div class=content form action=connexion.php method=post Please type your IDs to log in:br / div class=center label for=usernameUsername/labelinput type=text name=username id=username value=?php echo htmlentities($ousername, ENT_QUOTES, 'UTF-8'); ? /br / label for=passwordPassword/labelinput type=password name=password id=password /br / input type=submit value=Log in / /div /form /div ?php } } ? div class=foota href=?php echo $url_home; ?Go Home/a/div /body /html
Re: [PHP] Members area
Brandon, The tutorials are there - look for them. They collectively describe all that you want to do vis-a-vis database manipulation. Miles At 06:58 PM 2/27/01 -0800, you wrote: Yea i cant find a good Tut, ok... i have a members directory with the inside that folder is status, goodies, ect and i want to get the information out my database for that specific member, how would i connect to my database, what would i select from "members" (my database) to get the field for that one person, so i can put there infomation when the logg in the members area Miles Thompson wrote: Brandon, It's a little confusing. Are you saying: 1. You have the members area - a directory, what? 2. You have created a database containing your members information. and now you: 3. Want to know how to connect to the database? 4. Add information to the database about the members? 5. Have the members add information to the database? Which database are you using? What kind of information do you want to capture? We need more information - Miles Thompson PS Have you looked at the PHP database tutorials at various php sites, like www.thickbook.com, devshed, php essentials, php builder etc.? /mt At 05:34 PM 2/27/01 -0800, Brandon Feldhahn wrote: Hi, eveyone, my name is brandon, and i made a members area for my site, a database driven http authentication and a database for all my members i got everything working but how do i make a database connection that recieve the infomation for that user that has loggin into the members area. If i wasen clear enough just tell me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Members area
Hi, eveyone, my name is brandon, and i made a members area for my site, a database driven http authentication and a database for all my members i got everything working but how do i make a database connection that recieve the infomation for that user that has loggin into the members area. If i wasen clear enough just tell me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Members area
Brandon, It's a little confusing. Are you saying: 1. You have the members area - a directory, what? 2. You have created a database containing your members information. and now you: 3. Want to know how to connect to the database? 4. Add information to the database about the members? 5. Have the members add information to the database? Which database are you using? What kind of information do you want to capture? We need more information - Miles Thompson PS Have you looked at the PHP database tutorials at various php sites, like www.thickbook.com, devshed, php essentials, php builder etc.? /mt At 05:34 PM 2/27/01 -0800, Brandon Feldhahn wrote: Hi, eveyone, my name is brandon, and i made a members area for my site, a database driven http authentication and a database for all my members i got everything working but how do i make a database connection that recieve the infomation for that user that has loggin into the members area. If i wasen clear enough just tell me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]