Solved

PHP If Statement Admin / User

Posted on 2011-03-21
14
385 Views
Last Modified: 2012-05-11
Hi Experts,

what im trying to do is modify my code so when a username and password is entered it checks the information eneterd against the admin database to see if it exsits, If not then it searches the user table in the database and if it exsists in the user table it goes to user section, If it exsists in the admin table it goes to the admin section of the website. Ive attached the code ive got so far for when a user trys to login.

I would appricate if someone could help me adapt it so it checks the admin table for the users and if it doesnt exsist in there, then checks the user table and if exsists logs in. Obviously if it exsists in the admin table then it would log in to the admin section..

Many thanks..

All help is apprciated like always.
//////////////// THIS CHECKS THE LOGIN///////////


<?php
session_start();
?>
<?
//test//
include 'myphp.php';
$tbl_name="details"; // Table name



// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encpassword = md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encpassword' and userdeleted='no'";
//echo "!!!!$sql!!!!";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
    


$_SESSION['myusername']=$myusername;
$_SESSION['mypassword']=$mypassword;
//echo $_SESSION['myusername'];
$header = header("location:login_success.php");
}
else {
$header2 = header("Location:index.php");

}

?>

/////////////// Login_Success.php ////////////

<?php
session_start();
?>
<?
if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

/////////////////////// THE CODE ABOVE WOULD THEN SEND THEM TO THE REQUIRED PAGE//////////////////

Open in new window

0
Comment
Question by:NeoAshura
  • 8
  • 6
14 Comments
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35183066
Something along these lines. It is UNTESTED because I'm short on time but I'll check back later. My Mods are marked // BP so scan for that

<?php
session_start();

//test//
include 'myphp.php';
$tbl_name="details"; // Table name



// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$encpassword = md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encpassword' and userdeleted='no'";
//echo "!!!!$sql!!!!";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1)
{
     $_SESSION['myusername']=$myusername;
     $_SESSION['mypassword']=$mypassword;
     //echo $_SESSION['myusername'];

     // BP I am assuming that you have an attribute in the database to
     // indicate if a user is an admin user. I will assume that a column
     // 'userType' exists.
     //
     $rw = mysql_fetch_assoc( $result );
     if ( $rw['userType'] == "admin" ) {
          $_SESSION['userType'] = md5( "admin" . $myusername );
          $_SESSION['myusername'] = $myusername;
     }

     $header = header("location:login_success.php");
}
else {
     $header2 = header("Location:index.php");
     $_SESSION['userType'] = '';
}

?>

/////////////// Login_Success.php ////////////

<?php
session_start();
?>
<?

// BP Detect admin
//
if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

// BP end of mod




if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

/////////////////////// THE CODE ABOVE WOULD THEN SEND THEM TO THE REQUIRED PAGE//////////////////

Open in new window

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35183767
Hi Bportlock thanks for your reply,

im guessing that userType is a column name in the table to see the difference between an admin and a user or am i completely off the mark here?
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35188675
Yes - I would have a column that indicates which users get "admin" rights. You could do this by having a column called "admin" and simply putting "Yes" or "No" in it, but why not build in future capabilities by simply having a column called "userType" witha value of "Admin" or blank. Then later on you can have other userTypes such as "Power user", "temporary", etc.

Make userType a VARCHAR(32) DEFAULT ''  and you will cover most situations.

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35188803
thanks i wil ltry this tomorrow and get back to you
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35188808
please could u take a look at this question for me as well?

http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_26902915.html
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35189438
The question you have linked to is already solved. Did you mean to link to different question instead?
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35190709
No, It was solved before you seen it. :) many thanks for looking all the same.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Author Comment

by:NeoAshura
ID: 35194000
Hi bprotlock i tried your code and it works apart from it directs the admin to the members page when it should be going to the admin page. I think this may be because on line 26 of your "login success page" you have

if ($results['myusername'] != (!isset($_POST['myusername']))) {

But have not declared $results anywhere?

im new to php so i dont really know, Ive attached your code. Please can u take a look.
<?php
session_start();
?>
<?



// BP Detect admin
//
if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

// BP end of mod




if($_SESSION['myusername']!=""){
header("location:membersarea.php");
}

else {
if ($results['myusername'] != (!isset($_POST['myusername']))) {
          // authentication failed, dont add a cookie, redisplay login with a message
          echo "Sorry. Authentication failed!";
}

    header("Location:index.php");
}
?>

Open in new window

0
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 500 total points
ID: 35199477
This code

if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] )
          echo "<h1>Admin login</h1>";
}

doesn't go anywhere. I used the "echo" as an indicator of success, nothing more. If this should be going to "admin.php" then alter the code like so with a header statement and an exit

if ( isset( $_SESSION['userType'] ) && isset( $_SESSION['myusername'] ) ) {
     $md5 = md5( "admin" . $_SESSION['myusername'] );
     if ( $md5 == $_SESSION['userType'] ) {
          header( "Location: admin.php" );
          exit;
     }
}

I'm sorry, but I'm very rushed today and I can't spend much time on EE as a result.

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35205347
no problem, I will try this when i get to the computer tonight, i thank you for your time it is greatly appreciated.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35206174
Hi - where are we with this? What's the current state of play?

0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35211120
Im testing as we speak, Our server is down so we are trying to fix that, As soon as its up (probably tomorrow) i will get back to you and award points accordingly. Im sure it will work, Looks right if it doesnt only thing wrong will be my code probs. Ill let u know at 9am GMT time.
0
 
LVL 6

Author Comment

by:NeoAshura
ID: 35216027
server is up and it worked like a charm thank you again.
0
 
LVL 34

Expert Comment

by:Beverley Portlock
ID: 35216056
That's great. Glad to help!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now