0
<?php

$host="localhost"; // Host name 
$db_username="root"; // Mysql username 
$db_password=""; // Mysql password 
$db_name="shop"; // Database name 
$tbl_name="users"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$db_username", "$db_password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username=@$_POST['username']; 
$psswd=@$_POST['password']; 
$password = md5(trim($psswd));

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM users WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password"); 
header("location:pocetna.php");
}
else {
echo "Внесовте погрешно корисничко име или лозинка.";
}

?>

hi i need help a have two tables for admin and user, now i have this script for checking the user if their registered but how can i insert to find when admin is logged and redirect to another page.

3
Contributors
2
Replies
4
Views
5 Years
Discussion Span
Last Post by veedeoo
0

@phphelp123

hi i need help a have two tables for admin and user, now i have this script for checking the user if their registered but how can i insert to find when admin is logged and redirect to another page.

The code you provided is very limited meaning it's not gonna work. It usually involve more than 1 file.

Here is an link that you can read and understand how to verify user and redirect to another page:

http://www.intechgrity.com/login-logout-and-administrate-using-php-session-cookie-mysql-version-2-with-remember-me-option/#

1

just to add some very important info. on your php function usage, session_register has already been deprecated and removed in php 5.4. So, if you will be writing an application based on this function, it might not work in production server of which the majority now are using php 5.4.x.

you can replace the session_register with something like this,

    $_SESSION['username'] = $username;

In addition, we can also create a session array to simplify the process and it can be coded like this

    $thisSessionArray = array($username, $privs, $item3, $item4);
    ## assign the above array into one session

    $_SESSION['user_credit'] = $thisSessionArray;

    ## or we can shorten  it by coding it like this
     $_SESSION['user_credit'] = array($username, $privs, $item3, $item4);

To use the above approach, we can assign the individual session value into constant, but it is not necessary. The idea of defining them into constant is the ease of implementation accross pages. Although not many developers would agree with me, I found it pretty useful in my projects, especially in the developement of the open source vidiscript years back ( I don't want to sound as if I am pretty old. I will be turning 20 next month, so I guess I am old.).

    ## grab the session values from the session array

    ## for username
    define('USERNAME',$_SESSION['user_credit'][0]);

    ## define the privs
    define('PRIVS', $_SESSION['user_credit'][1]);

You can create a more application friendly user table, and on this table you must have a priviledge column that will accept a numerical value as defined by you.

for example, user table below

table name: users
table columns: id, username, password, privs

    ----+------------+-------------+-----------+
    id  + username   + password    + privs     +
    ----+------------+-------------+-----------+
    1   + admin      + password    +  007      +
    ----+------------+-------------+-----------+
    2   + member     + password    +  001      +
    ----+------------+-------------+-----------+

The sample query for the above can be as simple as this

    $sql="SELECT username, privs FROM users WHERE username='$username' AND password='$password'";

    $result=mysql_query($sql);

    if($result['privs'] == 007){

    ## this user is an admin

    }
    elseif($result['privs'== 001){

    ## this user is a regular user

    }

    else{

    ## this user has no priviledges of any kind

    }

Edited by veedeoo: more info. added

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.