0

hello
I just started using headers and I have few problems that I don't know why and how to fix them I'am trying to set authentication for 6 users each one of them can't access his account unless the admin is logged in else they have an error message but if the admin logged in then they can log in either.I'm trying to use this page in 6 differnt pages to check the log in.the problem is if admin loge in all of them log in using admin account my code is:

session_start();
require_once ('phpauth.php');//the page that test the username and password
//echo "Authentication Successful!";
if($_SESSION["level"]==1)
 //this sesssion is for admin
{ 
       ob_start();
	   //first page in tawheed 
       echo '<meta http-equiv="refresh" content="1;http://myweb/page1.html" />';
       ob_flush();
}

 if($_SESSION["level"]==2)//this session for users of  level2
   {if(!isset($SESSION["admin"]))
     echo"not authorizes";
	 else
     {
       ob_start();
	   //first page in tawheed 
       echo '<meta http-equiv="refresh" content="1;http://myweb/page2.php" />';
       ob_flush();
	   }
	}
 if($_SESSION["level"]==3)//this session  for users of  level 3
   {if(!isset($SESSION["admin"]))
    echo"not authorizes";
	 else
      {
       ob_start();
	   //first page in tawheed 
       echo '<meta http-equiv="refresh" content="1;http://myweb/page3.php" />';
       ob_flush();
	   }
   }
  if($_SESSION["level"]==4)//this session  for users of  4
   {if(!isset($SESSION["admin"]))
    echo"not authorizes";
	 else
   {
       ob_start();
	   //first page in farez
       echo '<meta http-equiv="refresh" content="1;http://myweb/page4.php" />';
       ob_flush();
	 }
   }
if($_SESSION["level"]==5)//this session  for users of  level 5
   {if(!isset($SESSION["admin"]))
    echo"not authorizes";
	 else
    {
       ob_start();
	   //first page in farez
       echo '<meta http-equiv="refresh" content="1;http://myweb/page5.php" />';
       ob_flush();
	 }
   }
if($_SESSION["level"]==6)//this session  for users of  level 6
   {if(!isset($SESSION["admin"]))
    echo"not authorizes";
	 else
     {
       ob_start();
	   //first page in farez
       echo '<meta http-equiv="refresh" content="1;http://myweb/page6.php" />';
       ob_flush();
	 }
   }   

?>

the phpauth code that is used to test the username and password is:

?php
session_start("username");
// Define database constants
define('AUTH_HOST', 'localhost');
define('AUTH_USER', 'root');
define('AUTH_PASS', 'blahblah');
define('AUTH_DB','blahblah');
function attempt_auth()
{
// Send authentication headers
header('WWW-Authenticate: Basic realm="protected in php"');
header('HTTP/1.0 401 Unauthorized');
}
function check_login($username, $password)
{
$ret = false;
if ($username && $password)
{
// Check if login matches database values
$conn = mysql_connect(AUTH_HOST, AUTH_USER,AUTH_PASS);
if (mysql_select_db(AUTH_DB, $conn))
{
// Search for matches
$result =
mysql_query("SELECT COUNT(username) AS ucount
FROM password
WHERE username='" . addslashes($username) . "'
AND passwd_md5= MD5('" .addslashes($password) . "')
AND passwd_sha1=SHA1('". addslashes($password) . "')",
$conn);
// Check if a match was found
if (($row = mysql_fetch_array($result)) && $row['ucount'])
{
 $ret = true;
 $_SESSION["username"] = $username;
}
$a=("SELECT level FROM password WHERE username='" . addslashes($username) . "'");
$query = mysql_query($a);
if($level=mysql_fetch_array($query))
{
  $_SESSION["level"] = $level['level'];
  if($level['level']==1)
   $_SESSION["admin"]='yes';
}
// Close connection
mysql_close($conn);
}
}
return $ret;
}
// Check if using valid credentials
if (!(isset($_SESSION["username"]) ||
(isset($_SERVER["PHP_AUTH_USER"]) &&
check_login($_SERVER["PHP_AUTH_USER"],
$_SERVER["PHP_AUTH_PW"]))))
{
// Show login prompt
attempt_auth();
echo "Authorization Required";
exit;
}
?>

Is the problem in the first code or in the second?how to fix it?
thank you

Edited by aaraf: n/a

2
Contributors
2
Replies
3
Views
6 Years
Discussion Span
Last Post by aaraf
0

Assure me,
Users and admin username check queries are fine and session is set properly. (you can echo $_SESSION["admin"], $_SESSION["level"] etc to see if everything alright)

and try this

if(isset($SESSION["admin"]))
{
if($_SESSION["level"]==2)
{
//now both logged in...do whatev u wish
}
if($_SESSION["level"]==2)
{
//now both logged in...do whatev u wish
}
elseif($_SESSION["level"]==3)
{
//now both logged in...do whatev u wish
}
elseif($_SESSION["level"]==4)
{
//now both logged in...do whatev u wish
}
elseif($_SESSION["level"]==5)
{
//now both logged in...do whatev u wish
}
else
{
//now both logged in...do whatev u wish
}
}

Edited by TechySafi: n/a

0

TechySafi thank you for replying
I tried the echo and every thing is alright.My problem is if I used the code the first time for admin every thing work fine but when I use it then for users it deal with it as the admin level and header send me to the admin page not to that user page.
Is there something in my code I should change or replace with something else
I appreciate any help or suggestions:?:
thank you

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.