Start New Discussion within our Web Development Community

hiii!
Can any one help me to add super user to my login script that can veiw and edit all user,
and evry user can veiw his/her profile like facebook.
hope you people will help me.

<html>
<head>
<title>login page</title>
<link rel="stylesheet" type="text/css" media="all" href="style.css" />
</head>

<form action="index.php" method=get>

<?php
 $user;

session_start(); 

if( $_SESSION["logging"]&& $_SESSION["logged"])
{ 

     print_secure_contentt();
     print_secure_content();

}

else {
    if(!$_SESSION["logging"])
    {  
    $_SESSION["logging"]=true;
    loginform();
    }
       else if($_SESSION["logging"])
       {  

         $number_of_rows=checkpass();

         if($number_of_rows==1)
         {
                $_SESSION["admin"];
                 $_SESSION[admin]=$_GET[userlogin];
              $_SESSION[logged]=true;
              //header('Location:newAdmin.php');
               print_secure_contentt();
               }
         if($number_of_rows==1)
            {   
             $_SESSION["user"];
             $_SESSION[user]=$_GET[userlogin];
             $_SESSION[logged]=true;

             header('Location:welcome.php');


             print_secure_content();
            }

            else{
                print "wrong pawssword or username, please try again";  
                loginform();
            }
        }
     }


function loginform()
{
print "please enter your login information to proceed with our site";
//print ("<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
//print "<input type='submit' >";    
//print "<h3><a href='registerform.php'>register now!</a></h3>";    
}

function checkpass()
{
$servername="localhost";
$username="root";
$conn=  mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("test",$conn);
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[password]'";
$result=mysql_query($sql,$conn) or die(mysql_error());
return  mysql_num_rows($result);
}

function print_secure_content()

{    
    header ("Location: welcome.php");


}

function print_secure_contentt()
{   
    //header('Location:newAdmin.php');


}

?>


<form action="welcome.php" method="get">

<div class= "nine"><table border="0" cellpadding="1" cellspacing="0" id="tblsubmit" align="center" class="pos4">
<tr>
<td>  username:  </td>
<td><input type='text' name='userlogin' size'20'></td>
</tr>
<tr>
<td>password</td><td><input type='password' name='password' size'20'></td></tr></table></form>
<p class="submit">
<input type="submit" value="Log In" tabindex="100" ></p>
<p class="forgetmenot"><label for="rememberme"><input name="rememberme" id="rememberme" value="forever" tabindex="90" type="checkbox"> Remember Me</label></p></div>
<div class="pos2"><img border="0" src="login.jpg"  width="80" height="50"></div>       
<div id ="menu">If New User click here to:<a href='registerform.php'>register now!</a></div>
<p class="pos3">Login here</p>


</form>




</body>
</html>
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("test", $con);

$result = mysql_query("SELECT * FROM users");
?>
<div class= "nine"><table border="0" cellpadding="1" cellspacing="0" id="tblsubmit" align="center" class="pos6"> 
</div>
<?php
while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['name'] . "</td>";
  echo "<td>" . $row['email'] . "</td>";
   echo "<td>" . $row['password'] . "</td>";
  echo "</tr>";
  }
echo "</table>";

mysql_close($con);
?> 

thank you very much diafol!
i need help here it show all user while i want only that user which is login mean a user can see only his/her profile
hope now u will undertand my question.
$result = mysql_query("SELECT * FROM users");

For me a simple solution works off the session variable ($_SESSION['user_level']).
If an user is logged in, they should see their own profile page (including the admin user) - this works off $_SESSION['user_id']. This is only set when an user/admin has logged in.

The $_SESSION['user_level'] could hold an integer like 1 = regular user, 2 = admin, 3 = superadmin etc.

You may find that a separate page would serve as a place to edit all users. This could be placed in an admin nav item, which is only visible if the $_SESSION['user_level'] > 1. Also that page would be protected from direct access, like:

if(!isset($_SESSION['user_level']) || $_SESSION['user_level'] < 2){
    header('index.php');
    exit;
}

The table code you posted looks ok to me.

please give me all code because when i past it in my admin page it do nothing
when i remove the exit then my page not change

when i keep this code in my index.php it gives the following error

The page isn't redirecting properly

my index.php code is here

<form action="index.php" method=get>

<?php
 $user;

session_start(); 


if( $_SESSION["logging"]&& $_SESSION["logged"])
{ 

     print_secure_contentt();
     print_secure_content();

}

else {
    if(!$_SESSION["logging"])
    {  
    $_SESSION["logging"]=true;
    loginform();
    }
       else if($_SESSION["logging"])
       {  

         $number_of_rows=checkpass();

         if($number_of_rows==1)
         {
                $_SESSION["admin"];
                 $_SESSION[admin]=$_GET[userlogin];
              $_SESSION[logged]=true;
              //header('Location:newAdmin.php');
               print_secure_contentt();
               }
         if($number_of_rows==1)
            {   
             $_SESSION["user"];
             $_SESSION[user]=$_GET[userlogin];
             $_SESSION[logged]=true;

             header('Location:welcome.php');


             print_secure_content();
            }

            else{
                echo "wrong pawssword or username, please try again";   
                loginform();
            }
        }
     }

If this in in the index.php, then you don't want to redirect to the index.php as you may get an infinite redirect loop.

my index is ok except when i login as admin it does not go to admin page

 if($number_of_rows==1)
{
$_SESSION["admin"];
$_SESSION[admin]=$_GET[userlogin];
$_SESSION[logged]=true;
//header('Location:newAdmin.php');
print_secure_contentt();
}
if($number_of_rows==1)
{
$_SESSION["user"];
$_SESSION[user]=$_GET[userlogin];
$_SESSION[logged]=true;
header('Location:welcome.php');
print_secure_content();
}
else{
echo "wrong pawssword or username, please try again";
loginform();

this what i have do for user page and admin page please help me

ok diafol i have solved this problem by anthor method thinks for your help....

Again, down to session variable.

You could set up a profiles page where the profile showed is the one in the url querystring (similar to Daniweb). Only when the user id in the querystring is equal to the session user id (or if the user is an admin), do you make it editable.

This article has been dead for over six months. Start a new discussion instead.