Solved

PHP If Statement Admin / User

Posted on 2011-03-21
14
382 Views
Last Modified: 2012-05-11
Hi Experts,

what im trying to do is modify my code so when a username and password is entered it checks the information eneterd against the admin database to see if it exsits, If not then it searches the user table in the database and if it exsists in the user table it goes to user section, If it exsists in the admin table it goes to the admin section of the website. Ive attached the code ive got so far for when a user trys to login.

I would appricate if someone could help me adapt it so it checks the admin table for the users and if it doesnt exsist in there, then checks the user table and if exsists logs in. Obviously if it exsists in the admin table then it would log in to the admin section..

Many thanks..

All help is apprciated like always.
//////////////// THIS CHECKS THE LOGIN///////////


<?php
session_start();
?>
<?
//test//
include 'myphp.php';
$tbl_name="details"; // Table name



// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encpassword = md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encpassword' and userdeleted='no'";
//echo "!!!!$sql!!!!";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
    


$_SESSION['myusername']=$myusername;
$_SESSION['mypassword']=$mypassword;
//echo $_SESSION['myusername'];
$header = header("location:login_success.php");
}
else {
$header2 = header("Location:index.php");

}

?>

/////////////// Login_Success.php ////////////

<?php
session_start();
?>
<?
if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

/////////////////////// THE CODE ABOVE WOULD THEN SEND THEM TO THE REQUIRED PAGE//////////////////

Open in new window

0
Comment
Question by:NeoAshura
  • 8
  • 6
14 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35183066
Something along these lines. It is UNTESTED because I'm short on time but I'll check back later. My Mods are marked // BP so scan for that

<?php
session_start();

//test//
include 'myphp.php';
$tbl_name="details"; // Table name



// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encpassword = md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encpassword' and userdeleted='no'";
//echo "!!!!$sql!!!!";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
     $_SESSION['myusername']=$myusername;
     $_SESSION['mypassword']=$mypassword;
     //echo $_SESSION['myusername'];

     // BP I am assuming that you have an attribute in the database to
     // indicate if a user is an admin user. I will assume that a column
     // 'userType' exists.
     //
     $rw = mysql_fetch_assoc( $result );
     if ( $rw['userType'] == "admin" ) {
          $_SESSION['userType'] = md5( "admin" . $myusername );
          $_SESSION['myusername'] = $myusername;
     }

     $header = header("location:login_success.php");
}
else {
     $header2 = header("Location:index.php");
     $_SESSION['userType'] = '';
}

?>

/////////////// Login_Success.php ////////////

<?php
session_start();
?>
<?

// BP Detect admin
//
if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

// BP end of mod




if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

/////////////////////// THE CODE ABOVE WOULD THEN SEND THEM TO THE REQUIRED PAGE//////////////////

Open in new window

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35183767
Hi Bportlock thanks for your reply,

im guessing that userType is a column name in the table to see the difference between an admin and a user or am i completely off the mark here?
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35188675
Yes - I would have a column that indicates which users get "admin" rights. You could do this by having a column called "admin" and simply putting "Yes" or "No" in it, but why not build in future capabilities by simply having a column called "userType" witha value of "Admin" or blank. Then later on you can have other userTypes such as "Power user", "temporary", etc.

Make userType a VARCHAR(32) DEFAULT ''  and you will cover most situations.

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35188803
thanks i wil ltry this tomorrow and get back to you
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35188808
please could u take a look at this question for me as well?

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_26902915.html
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35189438
The question you have linked to is already solved. Did you mean to link to different question instead?
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35190709
No, It was solved before you seen it. :) many thanks for looking all the same.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 6

Author Comment

by:NeoAshura
ID: 35194000
Hi bprotlock i tried your code and it works apart from it directs the admin to the members page when it should be going to the admin page. I think this may be because on line 26 of your "login success page" you have

if ($results['myusername'] != (!isset($_POST['myusername']))) {

But have not declared $results anywhere?

im new to php so i dont really know, Ive attached your code. Please can u take a look.
<?php
session_start();
?>
<?



// BP Detect admin
//
if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

// BP end of mod




if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

Open in new window

0
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 35199477
This code

if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

doesn't go anywhere. I used the "echo" as an indicator of success, nothing more. If this should be going to "admin.php" then alter the code like so with a header statement and an exit

if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] ) {
          header( "Location: admin.php" );
          exit;
     }
}

I'm sorry, but I'm very rushed today and I can't spend much time on EE as a result.

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35205347
no problem, I will try this when i get to the computer tonight, i thank you for your time it is greatly appreciated.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35206174
Hi - where are we with this? What's the current state of play?

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35211120
Im testing as we speak, Our server is down so we are trying to fix that, As soon as its up (probably tomorrow) i will get back to you and award points accordingly. Im sure it will work, Looks right if it doesnt only thing wrong will be my code probs. Ill let u know at 9am GMT time.
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35216027
server is up and it worked like a charm thank you again.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216056
That's great. Glad to help!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
php image upload 3 27
sql sentence 2 12
showing numeric numbers 2 11
How Can I Use otf Custom Font with TCPDF 7 11
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now