im new in php i need help.

angkornimotlga · July 17, 2014, 7:06am

i need some help in putting user level access in my codes.
what i have in my database are:
database name = test
table name = members
and inside members i have: username, password and access
in the access i have 1,2,3,4. the 1 is the admin, 2 is the power user, 3 is the user and 4 is only a viewer.
im new in programming and i am having a hard time in understanding the use of session. thats why i really need your help.
i dont know what to put on my codes. example on my account.php i want the power user can only access it, the billing.php only the user can access it. and the admin can access them all.

here is my main_login.php
[php]

Member Login
Username	:
Password	:

[/php]

then here is my checklogin.php

[php]

<?php session_start(); $host="localhost"; // Host name $username="root"; // Mysql username $password="LNKmis000"; // Mysql password $db_name="test"; // Database name $tbl_name="members"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); if($count==1){ $_SESSION['isLogged'] = true; session_register("myusername"); session_register("mypassword"); header("location:index.php"); } else { echo "Wrong Username or Password"; } ?>

<p><a href="main_login.php">back</a></p>

[/php]

and next is the index.php

[php]<?php

session_start();

if(!isset($_SESSION[‘isLogged’])){
header(“location: main_login.php”);
}

?>

L&K Billing System

<?php include('includes/header.php'); ?> <?php include('includes/nav.php'); ?>

Welcome to L&K Billing System.

To get started please use the navigation button on the right side.
Below navigation are the choices available:

		<?php include('includes/sidebar.php'); ?>
		<?php include('includes/footer.php'); ?>

	</div> <!-- End #wrapper -->
</body>

[/php]

Topcoder · July 18, 2014, 4:55pm

I would so something like this…

Under:

[php]$_SESSION[‘isLogged’] = true;[/php]

Add:
[php]
$row = mysql_fetch_assoc($result)
$_SESSION[‘userAccess’] = $row[‘access’];[/php]

Now you will have a session variable with users access level…

Then in your Account.php you will add conditions around the functionality you want to show…

[php]If ($_SESSION[‘userAccess’]==1) {
//Do this
} else {
//Do That
};[/php]

angkornimotlga · August 1, 2014, 6:05am

hello sir, there is an error that says
Parse error: syntax error, unexpected T_VARIABLE in /var/www/1/checklogin.php on line 35

here is the line 35

$_SESSION[‘userAccess’] = $row[‘access’];

Topcoder · August 1, 2014, 12:02pm

I’m sure it’s the line above that…

[php]$row = mysql_fetch_assoc($result)[/php]

I forgot the semi-colon…

It should be.

[php]$row = mysql_fetch_assoc($result);[/php]

angkornimotlga · August 4, 2014, 1:00am

Thank you. im working on it now sir… i will just click the “give karma” under your name to give my sincere gratitude for all your help am i right sir?

Topcoder · August 6, 2014, 1:46am

Sure, did it work?

angkornimotlga · August 6, 2014, 6:56am

Yes sir, it worked but i encountered another problem.

the browser say that “This webpage has a redirect loop”
i tried to put die(); and exit(); but still the problem is still there.

what i am trying to do is when i click the link for p1_view_record.php it will check the level access and if the level access is equals to 2 it will continue to the p1_view_record.php page. if not it will go to not.php

here is my p1_view_record.php
[php]<?php

session_start();

if(!isset($_SESSION[‘isLogged’])){
header(“location: main_login.php”);
}
?>

<?php session_start(); If ($_SESSION['userAccess']==2) { header("location: p1_view_record.php"); } else { header("location: not.php"); }; ?> L&K Billing System

<body>
	<div id="wrapper">
		<?php include('includes/header.php'); ?>
		<?php include('includes/nav.php'); ?>
		<div id="content">
			<h3>Product 1 Viewing Invoice</h3>
			<p>
				View invoice that was created. Please input invoice record number.
			</p>
		
			<form action="p1_view_inv.php" method="post" target="_blank">
				<fieldset>
					<div>
					<input name="inv_rec_no" type="Text" placeholder="Invoice Record Number">
					</div>
					
					<input value="View Invoice" name="submit" type="submit">
				</fieldset>
			</form>
			
		</div> <!-- end #content -->

		<?php include('includes/p1_sidebar.php'); 
		      include('includes/footer.php'); ?>

	</div> <!-- End #wrapper -->
</body>

[/php]

Topcoder · August 6, 2014, 11:32am

You should make this a new topic. I think some other members would be able to help you on this one.

angkornimotlga · August 7, 2014, 1:20am

ok sir, thank you then.