Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 411
  • Last Modified:

PHP If Statement Admin / User

Hi Experts,

what im trying to do is modify my code so when a username and password is entered it checks the information eneterd against the admin database to see if it exsits, If not then it searches the user table in the database and if it exsists in the user table it goes to user section, If it exsists in the admin table it goes to the admin section of the website. Ive attached the code ive got so far for when a user trys to login.

I would appricate if someone could help me adapt it so it checks the admin table for the users and if it doesnt exsist in there, then checks the user table and if exsists logs in. Obviously if it exsists in the admin table then it would log in to the admin section..

Many thanks..

All help is apprciated like always.
//////////////// THIS CHECKS THE LOGIN///////////


<?php
session_start();
?>
<?
//test//
include 'myphp.php';
$tbl_name="details"; // Table name



// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encpassword = md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encpassword' and userdeleted='no'";
//echo "!!!!$sql!!!!";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
    


$_SESSION['myusername']=$myusername;
$_SESSION['mypassword']=$mypassword;
//echo $_SESSION['myusername'];
$header = header("location:login_success.php");
}
else {
$header2 = header("Location:index.php");

}

?>

/////////////// Login_Success.php ////////////

<?php
session_start();
?>
<?
if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

/////////////////////// THE CODE ABOVE WOULD THEN SEND THEM TO THE REQUIRED PAGE//////////////////

Open in new window

0
NeoAshura
Asked:
NeoAshura
  • 8
  • 6
1 Solution
 
Beverley PortlockCommented:
Something along these lines. It is UNTESTED because I'm short on time but I'll check back later. My Mods are marked // BP so scan for that

<?php
session_start();

//test//
include 'myphp.php';
$tbl_name="details"; // Table name



// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encpassword = md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encpassword' and userdeleted='no'";
//echo "!!!!$sql!!!!";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
     $_SESSION['myusername']=$myusername;
     $_SESSION['mypassword']=$mypassword;
     //echo $_SESSION['myusername'];

     // BP I am assuming that you have an attribute in the database to
     // indicate if a user is an admin user. I will assume that a column
     // 'userType' exists.
     //
     $rw = mysql_fetch_assoc( $result );
     if ( $rw['userType'] == "admin" ) {
          $_SESSION['userType'] = md5( "admin" . $myusername );
          $_SESSION['myusername'] = $myusername;
     }

     $header = header("location:login_success.php");
}
else {
     $header2 = header("Location:index.php");
     $_SESSION['userType'] = '';
}

?>

/////////////// Login_Success.php ////////////

<?php
session_start();
?>
<?

// BP Detect admin
//
if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

// BP end of mod




if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

/////////////////////// THE CODE ABOVE WOULD THEN SEND THEM TO THE REQUIRED PAGE//////////////////

Open in new window

0
 
NeoAshuraAuthor Commented:
Hi Bportlock thanks for your reply,

im guessing that userType is a column name in the table to see the difference between an admin and a user or am i completely off the mark here?
0
 
Beverley PortlockCommented:
Yes - I would have a column that indicates which users get "admin" rights. You could do this by having a column called "admin" and simply putting "Yes" or "No" in it, but why not build in future capabilities by simply having a column called "userType" witha value of "Admin" or blank. Then later on you can have other userTypes such as "Power user", "temporary", etc.

Make userType a VARCHAR(32) DEFAULT ''  and you will cover most situations.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
NeoAshuraAuthor Commented:
thanks i wil ltry this tomorrow and get back to you
0
 
NeoAshuraAuthor Commented:
please could u take a look at this question for me as well?

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_26902915.html
0
 
Beverley PortlockCommented:
The question you have linked to is already solved. Did you mean to link to different question instead?
0
 
NeoAshuraAuthor Commented:
No, It was solved before you seen it. :) many thanks for looking all the same.
0
 
NeoAshuraAuthor Commented:
Hi bprotlock i tried your code and it works apart from it directs the admin to the members page when it should be going to the admin page. I think this may be because on line 26 of your "login success page" you have

if ($results['myusername'] != (!isset($_POST['myusername']))) {

But have not declared $results anywhere?

im new to php so i dont really know, Ive attached your code. Please can u take a look.
<?php
session_start();
?>
<?



// BP Detect admin
//
if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

// BP end of mod




if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

Open in new window

0
 
Beverley PortlockCommented:
This code

if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

doesn't go anywhere. I used the "echo" as an indicator of success, nothing more. If this should be going to "admin.php" then alter the code like so with a header statement and an exit

if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] ) {
          header( "Location: admin.php" );
          exit;
     }
}

I'm sorry, but I'm very rushed today and I can't spend much time on EE as a result.

0
 
NeoAshuraAuthor Commented:
no problem, I will try this when i get to the computer tonight, i thank you for your time it is greatly appreciated.
0
 
Beverley PortlockCommented:
Hi - where are we with this? What's the current state of play?

0
 
NeoAshuraAuthor Commented:
Im testing as we speak, Our server is down so we are trying to fix that, As soon as its up (probably tomorrow) i will get back to you and award points accordingly. Im sure it will work, Looks right if it doesnt only thing wrong will be my code probs. Ill let u know at 9am GMT time.
0
 
NeoAshuraAuthor Commented:
server is up and it worked like a charm thank you again.
0
 
Beverley PortlockCommented:
That's great. Glad to help!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now