Solved

PHP If Statement Admin / User

Posted on 2011-03-21
14
391 Views
Last Modified: 2012-05-11
Hi Experts,

what im trying to do is modify my code so when a username and password is entered it checks the information eneterd against the admin database to see if it exsits, If not then it searches the user table in the database and if it exsists in the user table it goes to user section, If it exsists in the admin table it goes to the admin section of the website. Ive attached the code ive got so far for when a user trys to login.

I would appricate if someone could help me adapt it so it checks the admin table for the users and if it doesnt exsist in there, then checks the user table and if exsists logs in. Obviously if it exsists in the admin table then it would log in to the admin section..

Many thanks..

All help is apprciated like always.
//////////////// THIS CHECKS THE LOGIN///////////


<?php
session_start();
?>
<?
//test//
include 'myphp.php';
$tbl_name="details"; // Table name



// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encpassword = md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encpassword' and userdeleted='no'";
//echo "!!!!$sql!!!!";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
    


$_SESSION['myusername']=$myusername;
$_SESSION['mypassword']=$mypassword;
//echo $_SESSION['myusername'];
$header = header("location:login_success.php");
}
else {
$header2 = header("Location:index.php");

}

?>

/////////////// Login_Success.php ////////////

<?php
session_start();
?>
<?
if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

/////////////////////// THE CODE ABOVE WOULD THEN SEND THEM TO THE REQUIRED PAGE//////////////////

Open in new window

0
Comment
Question by:NeoAshura
  • 8
  • 6
14 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35183066
Something along these lines. It is UNTESTED because I'm short on time but I'll check back later. My Mods are marked // BP so scan for that

<?php
session_start();

//test//
include 'myphp.php';
$tbl_name="details"; // Table name



// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encpassword = md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encpassword' and userdeleted='no'";
//echo "!!!!$sql!!!!";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
     $_SESSION['myusername']=$myusername;
     $_SESSION['mypassword']=$mypassword;
     //echo $_SESSION['myusername'];

     // BP I am assuming that you have an attribute in the database to
     // indicate if a user is an admin user. I will assume that a column
     // 'userType' exists.
     //
     $rw = mysql_fetch_assoc( $result );
     if ( $rw['userType'] == "admin" ) {
          $_SESSION['userType'] = md5( "admin" . $myusername );
          $_SESSION['myusername'] = $myusername;
     }

     $header = header("location:login_success.php");
}
else {
     $header2 = header("Location:index.php");
     $_SESSION['userType'] = '';
}

?>

/////////////// Login_Success.php ////////////

<?php
session_start();
?>
<?

// BP Detect admin
//
if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

// BP end of mod




if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

/////////////////////// THE CODE ABOVE WOULD THEN SEND THEM TO THE REQUIRED PAGE//////////////////

Open in new window

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35183767
Hi Bportlock thanks for your reply,

im guessing that userType is a column name in the table to see the difference between an admin and a user or am i completely off the mark here?
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35188675
Yes - I would have a column that indicates which users get "admin" rights. You could do this by having a column called "admin" and simply putting "Yes" or "No" in it, but why not build in future capabilities by simply having a column called "userType" witha value of "Admin" or blank. Then later on you can have other userTypes such as "Power user", "temporary", etc.

Make userType a VARCHAR(32) DEFAULT ''  and you will cover most situations.

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Author Comment

by:NeoAshura
ID: 35188803
thanks i wil ltry this tomorrow and get back to you
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35188808
please could u take a look at this question for me as well?

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_26902915.html
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35189438
The question you have linked to is already solved. Did you mean to link to different question instead?
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35190709
No, It was solved before you seen it. :) many thanks for looking all the same.
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35194000
Hi bprotlock i tried your code and it works apart from it directs the admin to the members page when it should be going to the admin page. I think this may be because on line 26 of your "login success page" you have

if ($results['myusername'] != (!isset($_POST['myusername']))) {

But have not declared $results anywhere?

im new to php so i dont really know, Ive attached your code. Please can u take a look.
<?php
session_start();
?>
<?



// BP Detect admin
//
if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

// BP end of mod




if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

Open in new window

0
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 35199477
This code

if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

doesn't go anywhere. I used the "echo" as an indicator of success, nothing more. If this should be going to "admin.php" then alter the code like so with a header statement and an exit

if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] ) {
          header( "Location: admin.php" );
          exit;
     }
}

I'm sorry, but I'm very rushed today and I can't spend much time on EE as a result.

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35205347
no problem, I will try this when i get to the computer tonight, i thank you for your time it is greatly appreciated.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35206174
Hi - where are we with this? What's the current state of play?

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35211120
Im testing as we speak, Our server is down so we are trying to fix that, As soon as its up (probably tomorrow) i will get back to you and award points accordingly. Im sure it will work, Looks right if it doesnt only thing wrong will be my code probs. Ill let u know at 9am GMT time.
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35216027
server is up and it worked like a charm thank you again.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216056
That's great. Glad to help!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question