0

K just been looking at me own login script and realised it's been made in a different way and no use at this time, good luck, happy code, happy day. This may be of use though.. Login.php

<?php 
include("dbconnect.php");
// Same checking stuff all over again.
if(isset($_POST['submit'])) {
	
if(empty($_POST['admin_username']) || empty($_POST['admin_password'])) {
		echo "Opps! You have to fill in all forms";		
$head_info='<meta http-equiv="refresh" content="2;url=login.php">';		
exit;	
}	// Create the variables again.	
$username = $_POST['admin_username'];	$password = $_POST['admin_password'];	
// Encrypt the password again with the md5 hash. 	
// This way the password is now the same as the password inside the database.	
$password = md5($password);		
// Store the SQL query inside a variable. 	
// ONLY the username you have filled in is retrieved from the database.	
$query = "SELECT admin_username, admin_password 			 
 FROM	 admin_login			  
WHERE	 admin_username='$username'";		
$result = mysql_query($query);	
if(!$result) { 		
// Gives an error if the username given does not exist.		
// or if something else is wrong.		
echo "Failed " . mysql_error();
	} else {		
// Now create an object from the data you've retrieved.		
$row = mysql_fetch_object($result);		
// You've now created an object containing the data.		
// You can call data by using -> after $row.		
// For example now the password is checked if they're equal.		

include("session.php");		
echo "login sucessful. Please wait. Redirecting you to our administration page now";
$head_info='<meta http-equiv="refresh" content="2;url=admin.php">';
	if($row->password != $password) {			
echo "Wrong password.";			
$head_info='<meta http-equiv="refresh" content="2;url=login.php">';			
exit;		
}
	}
}
?>
<html>

Session.php

<?php
session_start();
$_SESSION['your_name']=$admin_username;
?>

Edited by harry_watson: May be of use

0

here it is

script status array

Array
(
    [0] => db connection fine
    [1] => is not admin start
    [2] => SELECT * FROM users WHERE username = 'admin' AND password = 'admin' AND isadmin = '0'
    [3] => query returned 1 rows
)

session data

Array
(
    [logged] => 1
    [admin] => 
)

post data

Array
(
    [username] => admin
    [password] => admin
)

So what this is telling me is that your script is taking the non-admin flow. You say that it should be taking the admin flow but your post data does not contain "isadmin". According to your script you need the existence of $_POST in order to go the admin flow but is admin is not in the following post array:

post data

Array
(
[username] => admin
[password] => admin
)


In order to create this you will need some type of form field, even if it is hidden. I don't know why you would do this as I would just determine if the user is an admin by the admin field in the database. I would use that to control which flow my script takes.

If that is what you want to do then you should change your script a little bit, I would do something like this.

<?php
session_start();

//connect to db
$conn = mysql_connect("localhost", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());

//declares variable
$username=trim($_POST["username"]);
$password=trim($_POST["password"]);

$q = mysql_query ("SELECT isadmin FROM users WHERE username = '$username' AND password = '$password'");
$row = mysql_fetch_assoc($q);

$redirectLoc = "";
if(isset($row['isadmin']) && is_numeric($row['isadmin']))
{
	$_SESSION['admin'] = $row['isadmin'] == "1"?true:false;
	$_SESSION['user'] = $username;
	$_SESSION['logged'] = 1;
	
	$redirectLoc = $_SESSION['admin']?"main.php":"index.php";
	
	header("Location: " . $redirectLoc); // redirect to correct page
	exit();
}

// if user is not an admin || user
header ("Location: login.php?e=Error"); // error page && try again
exit();
?>

Edited by OS_dev: n/a

0

Wow it finally works.

Although if I leave both fields blank it brings back the following error:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Are there simpler ways to redirect them instead of using $redirectloc?

0

Wow it finally works.

Although if I leave both fields blank it brings back the following error:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Are there simpler ways to redirect them instead of using $redirectloc?

Sorry, gotta go to bed, I will be back with you tomorrow night if you are still struggling.

0

O so good! Nice talking. could always use....

$redirectLoc='<meta http-equiv="refresh" content="2;url=index.php">

Edited by harry_watson: off to sleep

0

Wow it finally works.

Although if I leave both fields blank it brings back the following error:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

Are there simpler ways to redirect them instead of using $redirectloc?

Ah, you know why. Because that second redirect needs to go back to account.php right. Because that is where the user is trying to login from, not login.php. Login.php is just the form handler for account.php. What this is doing to redirecting back to itself in an endless loop. So here is the updated login.php script:

<?php
session_start();

//connect to db
$conn = mysql_connect("localhost", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());

//declares variable
$username=trim($_POST["username"]);
$password=trim($_POST["password"]);

$q = mysql_query ("SELECT isadmin FROM users WHERE username = '$username' AND password = '$password'");
$row = mysql_fetch_assoc($q);

$redirectLoc = "";
if(isset($row['isadmin']) && is_numeric($row['isadmin']))
{
	$_SESSION['admin'] = $row['isadmin'] == "1"?true:false;
	$_SESSION['user'] = $username;
	$_SESSION['logged'] = 1;
	
	$redirectLoc = $_SESSION['admin']?"main.php":"index.php";
	
	header("Location: " . $redirectLoc); // redirect to correct page
	exit();
}

// if user is not an admin || user
header ("Location: account.php?e=Error"); // error page && try again
exit();
?>

Edited by OS_dev: n/a

0

Sweet.

Thanks for your help.

One last question at the moment the first 5-6 pages are html in order to keep a user logged in how would I go about it? Would I have to change the 5-6 pages to Php and add session_start(); to each of my php pages?

As the admin logs in to index.php and gets different rights than a user would however if they try to view a different page currently all their rights disappear and become logged out.

thanks again

0

Would I have to change the 5-6 pages to Php and add session_start(); to each of my php pages?

exactly.

0

Ok i've done that...however face a small barrier....

On each of the php pages in my site I cant seem to find a way to make it so a user would get rights such as "My bookings Search and logout" and an admin would get "Add Event Search and logout" as well as all the normal linked pages.

any ideas?

0

Ok i've done that...however face a small barrier....

On each of the php pages in my site I cant seem to find a way to make it so a user would get rights such as "My bookings Search and logout" and an admin would get "Add Event Search and logout" as well as all the normal linked pages.

any ideas?

Post the script in question.

0

well so far i've put this at the top of my php pages

<?php
// like i said, we must never forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['basic_is_logged_in'])
    || $_SESSION['basic_is_logged_in'] !== true) {

    // not logged in, move to login page
    header('Location: account.html');
    exit;
}

?>

and I added the SESSION['basic_is_logged_in' to the login script as I couldnt figure out how to make it work as the login script currently is:

<?php
session_start();

//connect to db
$conn = mysql_connect("localhost", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error()); 

//declares variable
$username=trim($_POST["username"]);
$password=trim($_POST["password"]);

//Main query finds all of the fields from the users table and picks username and password
$q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
$row = mysql_fetch_assoc($q);

$redirectLoc = "";
if(isset($row['isadmin']) && is_numeric($row['isadmin']))
{
	$_SESSION['basic_is_logged_in'] = true;
	$_SESSION['admin'] = $row['isadmin'] == "1"?true:false;
	$_SESSION['user'] = $username;
	$_SESSION['logged'] = 1;
	
	$redirectLoc = $_SESSION['admin']?"main.php":"index.php";
	
	header("Location: " . $redirectLoc); // redirect to correct page
	exit();
}

// if user is not an admin || user
header ("Location: account.html"); // error page && try again
exit();
?>

Edited by dan4domination: n/a

0

well so far i've put this at the top of my php pages

<?php
// like i said, we must never forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['basic_is_logged_in'])
    || $_SESSION['basic_is_logged_in'] !== true) {

    // not logged in, move to login page
    header('Location: account.html');
    exit;
}

?>

and I added the SESSION['basic_is_logged_in' to the login script as I couldnt figure out how to make it work as the login script currently is:

<?php
session_start();

//connect to db
$conn = mysql_connect("localhost", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error()); 

//declares variable
$username=trim($_POST["username"]);
$password=trim($_POST["password"]);

//Main query finds all of the fields from the users table and picks username and password
$q = mysql_query ("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
$row = mysql_fetch_assoc($q);

$redirectLoc = "";
if(isset($row['isadmin']) && is_numeric($row['isadmin']))
{
	$_SESSION['basic_is_logged_in'] = true;
	$_SESSION['admin'] = $row['isadmin'] == "1"?true:false;
	$_SESSION['user'] = $username;
	$_SESSION['logged'] = 1;
	
	$redirectLoc = $_SESSION['admin']?"main.php":"index.php";
	
	header("Location: " . $redirectLoc); // redirect to correct page
	exit();
}

// if user is not an admin || user
header ("Location: account.html"); // error page && try again
exit();
?>

OK, the best way to do this is to create another php file called functions.php which you are going to stick inside of a directory called "includes" where you are going to put all of your other include files. Inside this functions.php file you will have different functions that you have made that you will be using throughout your site. The purpose is to preserve code that you have already written so that you don't have to keep writing it over and over again. Lets start with an authenticate function. This is going to be the contents of the file. BTW: you don't need a session_start() on this file because you will already have it, take my word for it. So here it is:
functions.php:

<?php
//"basic" is the default for $type if you don't pass anything to the function
//this will enable you to pass in "admin" only when you want to authenticate an admin
//I would also eliminate the basic_is_logged_in because you don't need it
function authenticate($type="basic")
{
    if($type == "admin")
    {
        return isset($_SESSION['admin']) && $_SESSION['admin'] == true?true:false;
    }
    else if($type == "basic")
    {
        return isset($_SESSION['logged']) && $_SESSION['logged'] == true?true:false;
    }

    return false;
}
?>

then on this page you do this

<?php
// like i said, we must never forget to start the session
session_start();
include("includes/functions.php");

// is the one accessing this page logged in or not?
//then you just perform basic authentication like so
if(!authenticate())//for admins, use if(!authenticate("admin"))
{
    header("Location login.php");
    exit();
}

//Lets say you have a link that you only want an admin to see
if(authenticate("admin"))
{
    ?><a href="controlPanel.php">Control Panel</a>
    <?php
}
?>

Edited by OS_dev: n/a

0

Right I've given it a try I cant get it to work

I presume i add the following code to my page in this case music.php

<?php
// like i said, we must never forget to start the session
session_start();
include("includes/functions.php");

// is the one accessing this page logged in or not?
//then you just perform basic authentication like so
if(!authenticate())//for admins, use if(!authenticate("admin"))
{
    header("Location login.php");
    exit();
}

//Lets say you have a link that you only want an admin to see
if(authenticate("admin"))
{
    ?><a href="controlPanel.php">Control Panel</a>
    <?php
}

Its allowing an admin to log in however a user cannot.

Edited by dan4domination: n/a

0

Ignore that I've managed to get it to work. thanks

However I cant seem to style the link, If I attempt to make it a div and then position it using my external css it just becomes almost like an image I can see it but for some reason cannot click it

<a href="controlPanel.php">Control Panel</a>
0

Ignore that I've managed to get it to work. thanks

However I cant seem to style the link, If I attempt to make it a div and then position it using my external css it just becomes almost like an image I can see it but for some reason cannot click it

<a href="controlPanel.php">Control Panel</a>

here is a good page to copy and paste from and then fill in the blanks, if it still doesn't work, post your css.

0

Spent most of my evening playing around with various ways of styling the hyperlinks.

Tried using divs, then tried using unordered lists but still fails to allow me to click the actual link and just remains almost like an image

CSS code

body {
	margin:0px; padding:0px;
	background-color:#ffffff;
	font-family:Arial, Helvetica, sans-serif;

}
#outside_container {
	background:url(images/background_slice.jpg) repeat-x #000000;
	}
#container{   
    background:url(images/bg.jpg) no-repeat;   
    width: 1000px;
	height: 800px;
    margin-left:auto ;
    margin-right:auto ;
    position: relative;		
}     
ul#menu {    
    margin:0px; padding:0px;   
    position:absolute; top:120px; left:270px;   
}     
ul#menu li {   
    margin:0px; padding:0px;   
    list-style:none;   
    margin-right:55px;   
    font-size:12px; 
    font-family: Arial;	
    text-transform:uppercase;   
    display:inline;   
}   
ul#menu li a {   
    text-decoration:none;   
    color:#cc9900;   
}   
ul#menu li a:hover {   
    text-decoration:none;   
    color:#ffffff;   
} 
ul#submenu {    
    margin:0px; padding:0px;   
    position:absolute; top:2px; left:680px;   
}     
ul#submenu li {   
    margin:0px; padding:0px;   
    list-style:none;   
    margin-right:10px;   
    font-size:12px; 
    font-family: Arial;	
    text-transform:uppercase;   
    display:inline;   
}   
ul#submenu li a {   
    text-decoration:none;   
    color:#cc9900;   
}   
ul#submenu li a:hover {   
    text-decoration:none;   
    color:#ffffff;   
} 
 

/* Header */

#banner {
	width: 1000px;
	height: 203px;
	margin: 0 auto;
	color: #FFFFFF;
}

#logo h1, #logo p {
	float: left;
	margin: 0px;
}

#logo span {
	color: #FFFFFF;
}

#logo h1 {
	padding-top: 40px;
	letter-spacing: -1px;
	text-transform: lowercase;
	font-weight: normal;
	font-size: 2em;
}

#logo p {
	display: block;
	padding-top: 80px;
	text-transform: uppercase;
	font-size: 10px;
	color: #FFFFFF;
}

#logo a {
	border: none;
	text-decoration: none;
	color: #000000;
}
/*
	Content
*/
#account{
	position:absolute; top:200px; left:440px;  
    color: #000000;	
	
}
#adminmenu {
	position:absolute; top:5px; left:900px;  
    color: #000000;	
	
}
#addevent{
	position:absolute; top:200px; left:440px;  
    color: #000000;	
	
}
#loginform {
	position:absolute; top:350px; left:740px;  
    color: #000000;	
	
}
#register{
	position:absolute; top:550px; left:540px;  
    color: #000000;	
	
	}
	
	#searchform{
	position:absolute; top:60px; left:640px;  
    color: #000000;	
	
	}
#content {
	padding-top:400px;
	padding-left:85px;
	width:815px;
	color:#674f5d;
	font-size:13px;
	line-height:20px;
	text-align:justify
	
}
.column1 { float:left; width:400px; margin-right:30px; }
.column2 { float:left; width:230px; margin-right:30px; }
.column3 { float:left; width:270px; }


/*
	General Styles
*/

a img { border:0px }

Edited by dan4domination: n/a

0

Just want the Link Add events to show up for only admin so that you can click it. However it wont allow me to do that

0

Just want the Link Add events to show up for only admin so that you can click it. However it wont allow me to do that

OK, there is generally two ways to write html, including hyperlinks, in php.
first:

<?php

//end parsing php here and start writing html
?>
<a href="http://www.daniweb.com">Daniweb</a>
<?php
//continue writing in php

?>

second:

<?php
//assign a hyperlink to a variable, just in plain text
$strHyperLink = '<a href="http://www.daniweb.com">Daniweb</a>';

//echo your hyperlink to the browser in plain html
echo $strHyperLink;
?>

If the link is not even working correctly, it's probably not your css but rather syntax is incorrect. If you are still having issues, post your code.

Edited by OS_dev: n/a

0

I understand that. The problem I'm having is adding the following Link into my website so It looks like its meant to be there. Basically I want to style the following link

?>
<a href="http://www.daniweb.com">Daniweb</a>
<?php

0

I understand that. The problem I'm having is adding the following Link into my website so It looks like its meant to be there. Basically I want to style the following link

?>
<a href="http://www.daniweb.com">Daniweb</a>
<?php

OK, so,

<html>
<head>
<style type="text/css">
/* stick this in your style sheet */
a:link {color:blue;}
a:visited {color:purple;}
a:hover {text-decoration: none; color: green;}
a:active {color: red;text-decoration: none}

a.bold:link {color:blue; font-weight:bold;}
a.bold:visited {color:purple; font-weight:bold;}
a.bold:hover {text-decoration: none; color: green; font-weight:bold;}
a.bold:active {color: red;text-decoration: none; font-weight:bold;}

</style>
</head>
<body>
<a href="http://www.daniweb.com">Daniweb</a><br />
<a class="bold" href="http://www.daniweb.com">Daniweb</a>
</body>
</html>

Edited by OS_dev: n/a

0

Cool what about how to Position the link?

Would that be within the Class or would I make a DIV?

Edited by dan4domination: n/a

0

Cool what about how to Position the link?

Would that be within the Class or would I make a DIV?

That depends, can you describe how you want to position it? Usually I would do this with an id rather than a class. Classes usually identify multiple items where as id only identifies a single item.

Then you have several options available. You will probably want to do some research on css margins and text positioning. The positioning of the link is going to be relative to whatever element the link is in. So if I do a margin-left:100px; in my css, it will position itself 100 pixels from the left edge of the <div> or <td>, that is if my text-align is set to left. If my text-align is set to center and my <div> or <td> is fairly wide, then chances are I won't notice a difference. This is all stuff that can't really be explained in a single forum post but is something that you just have to google and test and beat your head against the wall over for a while. It is more of a concept. But there is documentation all over the internet and it really is only as complicated as you want it to be. I have a lot of appreciation for simple yet tasteful website designs.

0

And one more thing. Not to offend you but I am helping you quite a bit with PHP because I enjoy PHP and programming in general. Once you start talking about CSS I get bored very easily. CSS is a drag. :)

Edited by OS_dev: n/a

0

Well I planned on placing it next to the normal menu. I'll fiddle around some more with it.

And fair enough you've helped me a hell of a lot I cant thank you enough.

0

Well I planned on placing it next to the normal menu. I'll fiddle around some more with it.

And fair enough you've helped me a hell of a lot I cant thank you enough.

no problem.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.