Solved

LOGIN SCRIPT WITH ACCESS LEVEL HELP

Posted on 2007-04-10
2
197 Views
Last Modified: 2013-12-12
Hello Experts,

I am trying to put a login script together which would redirect the user according to the ACCESSLEVEL value stored in DB.

So lets say if I have two types of users: ADMIN and USERS.

ADMIN ACCESSLEVEL is = 1;
USER ACCESSLEVER is = 2;

Now I have this simple login script:

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$username=$_POST['username'];
$password=$_POST['password'];

$sql="SELECT * FROM $tbl_name WHERE `username`='$username' and `password`='$password'";
      
$result=mysql_query($sql);
$row = mysql_fetch_array($result);
$count=mysql_num_rows($result);

if ($count > 0)
{
header("Location:../default.php");
}

As you can see my script only checks for the LOGIN AND PASSWORD. Now I want to be able to check the ACCESSLEVEL and then redirect the user to the appropriate page. I think accesslevel then have to be set as the SESSION VARIABLE.

I thought about using the SWITCH STATEMENT once I get the authentication and then check for the ACCESSLEVEL:

switch ($level) {
 case 1:
header("Location:../admin_default.php");
 exit;

 case 2:
header("Location:../user_default.php");
 exit;

I would highly appreciate any help in this matter.
0
Comment
Question by:combustion007
2 Comments
 
LVL 1

Expert Comment

by:pablocubico
Comment Utility
I don't understand what the problem is.

Everything you said sounds just ok. You can store the access level on the session. You should check session_start() functions on PHP documentation, which you should include at the beginning of your scripts.

Then just use the global $_SESSION array to store the access level ($_SESSION['level'] = $level).

The header redirection is fine also.

It's quite simple, it looks like you already got it.
0
 
LVL 14

Accepted Solution

by:
Aamir Saeed earned 500 total points
Comment Utility
You can also store User Access Levels in the database. For example

  ID                Name                     Level                Password
  1                Admin                       1                            123
  2                 User                        2                             456

when you 'll retrieve information, you get the Level info too. Its OK what you doing i.e.

$level = GET_VALUE_FROM_DB
switch ($level) {
 case 1:
header("Location:../admin_default.php");
break;

 case 2:
header("Location:../user_default.php");
break;
}
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now