PDA

View Full Version : Login - Different User Groups


cocoonfx
02-24-2007, 12:41 AM
Hello


I have created a login page using the tutorials and now i want the script to look at a field in my MySQL table called level and when the username and password are successfully entered the script then checks there Level.

So if user 1 has A in 'level' then he has administration rights if he has a U then he has user rights.

I have tried to add an if statement in several different ways to see if i can get the logic to work correctly but for some reason i can not figure it out!.

I have tried combing if statements with no joy. Could some one point me in the right direction on how to tackle this???

davidj
02-24-2007, 06:22 PM
paste your login script

cocoonfx
02-24-2007, 07:17 PM
Log Script:


<?PHP
//open the connection
$dbh=mysql_connect ("localhost", "username", "password");
//pick the database to use
mysql_select_db ("DB");
session_start();
//////////////////////////////////
$username = $_POST['username'];
$password = $_POST['password'];
$submit = $_POST['submitted'];
if ($username && $password){
$query =sprintf("SELECT * FROM user_admin where username = '$username' and password ='$password'");
$result =mysql_query($query,$dbh);
$rowAccount = mysql_fetch_array($result);
}
if ($rowAccount){
$_SESSION['id'] = $rowAccount['user_id'];
header("location:welcomelog2.php");
exit;
}elseif($submit){
header("location:log2.php");
exit;
}
?>
Welcomelog:


<?PHP
//open the connection
$dbh=mysql_connect ("localhost", "username", "password");
//pick the database to use
mysql_select_db ("DB");
session_start();
include("includes/security.php");
/*if (! isset($_SESSION['id'])){
header("location:log.php");
exit;
}*/
$id = $_SESSION['id'];
$admin = 'A';
$user = 'U';
////////////////////////////////////////////////////////
$query =sprintf("SELECT * FROM user_admin where user_id='$id' ");
$result =mysql_query($query,$dbh);
$rowAccount = mysql_fetch_array($result);
/////////////////////////////////////////////////////////
/////selects data from Database///////////////
$query =sprintf("SELECT * FROM user_admin WHERE level ='$user'");
$result =mysql_query($query,$dbh);
$rowUser = mysql_fetch_array($result);
/////selects data from Database///////////////
$query =sprintf("SELECT * FROM user_admin WHERE level ='$admin'");
$result =mysql_query($query,$dbh);
$rowAdmin = mysql_fetch_array($result);
////selects data from Database///////////////
$query =sprintf("SELECT * FROM contact where contact_id='$id'");
$result =mysql_query($query,$dbh);
$rowContact = mysql_fetch_array($result);
if ($rowAdmin){
header("location:welcomelog3.php");
exit;
}elseif($rowUser){
header("location:welcomelog2.php");
exit;
}
?>

davidj
02-24-2007, 07:45 PM
ok

first you must have a level field in your db and use numerics when setting this field up

example key...

1 = admin
2 = superuser
3 = user

etc
remember to comment your key (above) into the script so when you come to editit later on you can instantly understand the key.

///////////

now in the login script you have this...

$_SESSION['id'] = $rowAccount['user_id'];

now add another session below it and set it using the db level field

$_SESSION['id'] = $rowAccount['user_id'];
$_SESSION['level'] = $rowAccount['user_level']; // <<


now what you can do is create a blank page (No html in it at all) and insert your nav table and call the page nav.php ...


<table width="621" border="1">
<tr>
<?php if($_SESSION['level'] == 1){?>
<td>admin</td>
<?php } ?>
<td>option 1 </td>
<td>option 2 </td>
<td>option 3 </td>
<td>option 4 </td>
</tr>
</table>


then in your welcome page just include the nav.php. This will draw your nav table in every page you include it so you only have to maintain 1 table for navigation

include("nav.php");
as you can see i have an IF in the nav.php which checks for a ADMIN level before drawing the <td which contains the link to the ADMIN page

you should be able to adapt this method to your own requirements

cocoonfx
02-25-2007, 02:27 AM
Excellent, thank you for your help again.


I had just found another solution before reading your post so i was on the right tracks.

I created to containers in a blank page.


$admin = A
$user = U

if ($user == $rowAccount['level']){
header("location:cocoonuser.php");
exit;
}
if ($admin == $rowAccount['level']){
header("location:cocoonadmin.php");
exit;
}

I am now on my next little task.....

Thanks again.

davidj
02-25-2007, 10:00 AM
here is a different method when using multi IF statements

try a switch instead (nice and tidy)

example...


switch($rowAccount['level'])){
case '1': $page = "cocoonadmin.php"; break;
case '2': $page = "cocoonsuperuser.php"; break;
case '3': $page = "cocoonuser.php"; break;
}
header("location:$page");
exit;

cocoonfx
02-25-2007, 12:29 PM
The switch works well, i didn't know you could use this function in PHP. I use it a lot in Access.