Solved

PHP If Statement Admin / User

Posted on 2011-03-21
14
388 Views
Last Modified: 2012-05-11
Hi Experts,

what im trying to do is modify my code so when a username and password is entered it checks the information eneterd against the admin database to see if it exsits, If not then it searches the user table in the database and if it exsists in the user table it goes to user section, If it exsists in the admin table it goes to the admin section of the website. Ive attached the code ive got so far for when a user trys to login.

I would appricate if someone could help me adapt it so it checks the admin table for the users and if it doesnt exsist in there, then checks the user table and if exsists logs in. Obviously if it exsists in the admin table then it would log in to the admin section..

Many thanks..

All help is apprciated like always.
//////////////// THIS CHECKS THE LOGIN///////////


<?php
session_start();
?>
<?
//test//
include 'myphp.php';
$tbl_name="details"; // Table name



// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encpassword = md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encpassword' and userdeleted='no'";
//echo "!!!!$sql!!!!";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
    


$_SESSION['myusername']=$myusername;
$_SESSION['mypassword']=$mypassword;
//echo $_SESSION['myusername'];
$header = header("location:login_success.php");
}
else {
$header2 = header("Location:index.php");

}

?>

/////////////// Login_Success.php ////////////

<?php
session_start();
?>
<?
if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

/////////////////////// THE CODE ABOVE WOULD THEN SEND THEM TO THE REQUIRED PAGE//////////////////

Open in new window

0
Comment
Question by:NeoAshura
  • 8
  • 6
14 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35183066
Something along these lines. It is UNTESTED because I'm short on time but I'll check back later. My Mods are marked // BP so scan for that

<?php
session_start();

//test//
include 'myphp.php';
$tbl_name="details"; // Table name



// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encpassword = md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encpassword' and userdeleted='no'";
//echo "!!!!$sql!!!!";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
     $_SESSION['myusername']=$myusername;
     $_SESSION['mypassword']=$mypassword;
     //echo $_SESSION['myusername'];

     // BP I am assuming that you have an attribute in the database to
     // indicate if a user is an admin user. I will assume that a column
     // 'userType' exists.
     //
     $rw = mysql_fetch_assoc( $result );
     if ( $rw['userType'] == "admin" ) {
          $_SESSION['userType'] = md5( "admin" . $myusername );
          $_SESSION['myusername'] = $myusername;
     }

     $header = header("location:login_success.php");
}
else {
     $header2 = header("Location:index.php");
     $_SESSION['userType'] = '';
}

?>

/////////////// Login_Success.php ////////////

<?php
session_start();
?>
<?

// BP Detect admin
//
if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

// BP end of mod




if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

/////////////////////// THE CODE ABOVE WOULD THEN SEND THEM TO THE REQUIRED PAGE//////////////////

Open in new window

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35183767
Hi Bportlock thanks for your reply,

im guessing that userType is a column name in the table to see the difference between an admin and a user or am i completely off the mark here?
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35188675
Yes - I would have a column that indicates which users get "admin" rights. You could do this by having a column called "admin" and simply putting "Yes" or "No" in it, but why not build in future capabilities by simply having a column called "userType" witha value of "Admin" or blank. Then later on you can have other userTypes such as "Power user", "temporary", etc.

Make userType a VARCHAR(32) DEFAULT ''  and you will cover most situations.

0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 6

Author Comment

by:NeoAshura
ID: 35188803
thanks i wil ltry this tomorrow and get back to you
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35188808
please could u take a look at this question for me as well?

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_26902915.html
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35189438
The question you have linked to is already solved. Did you mean to link to different question instead?
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35190709
No, It was solved before you seen it. :) many thanks for looking all the same.
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35194000
Hi bprotlock i tried your code and it works apart from it directs the admin to the members page when it should be going to the admin page. I think this may be because on line 26 of your "login success page" you have

if ($results['myusername'] != (!isset($_POST['myusername']))) {

But have not declared $results anywhere?

im new to php so i dont really know, Ive attached your code. Please can u take a look.
<?php
session_start();
?>
<?



// BP Detect admin
//
if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

// BP end of mod




if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

Open in new window

0
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 35199477
This code

if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

doesn't go anywhere. I used the "echo" as an indicator of success, nothing more. If this should be going to "admin.php" then alter the code like so with a header statement and an exit

if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] ) {
          header( "Location: admin.php" );
          exit;
     }
}

I'm sorry, but I'm very rushed today and I can't spend much time on EE as a result.

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35205347
no problem, I will try this when i get to the computer tonight, i thank you for your time it is greatly appreciated.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35206174
Hi - where are we with this? What's the current state of play?

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35211120
Im testing as we speak, Our server is down so we are trying to fix that, As soon as its up (probably tomorrow) i will get back to you and award points accordingly. Im sure it will work, Looks right if it doesnt only thing wrong will be my code probs. Ill let u know at 9am GMT time.
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35216027
server is up and it worked like a charm thank you again.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216056
That's great. Glad to help!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question