I made a login/logout page, but now I i’ll like to separate the admin from regular users as they login. What I am trying to do is to have regular users just view available files, and the admins well of course they will be able to view and edit those files.
Now my set up:
Login.php
[php]
<?php
session_start();
include(“password.php”);
require_once “config.php”;
/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$JAVASCRIPT = array();
$mode = $_GET["mode"];
/* Template */
require_once $TEMPLATE_PATH."header.php";
if ($mode == "login") { /// do after login form is submitted
if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted username and password exist in $USERS array
$_SESSION["login"]=$_POST["username"];
header("location:index.php");
} else {
echo "Incorrect username/password. Please, try again.";
};
} else if ($mode == "logout") {
session_start();
unset($_SESSION["login"],$USERS);
header("location: login.php");
exit(0);
};
echo <<< XHTML
<h1>$TITLE</h1>
<form id="form" method="post" action="{$LOGIN_URL}?mode=login">
<label id="username_label" for="username" class="normal">Username</label> :<br />
<input id="username" name="username" type="text" value="" class="half" /><br />
<label id="password_label" for="password" class="normal">Password</label> :<br />
<input id="password" name="password" type="password" value="" class="half" /><br />
<input id="submits" type="submit" value="Login" />
</form>
XHTML;
require_once $TEMPLATE_PATH . "footer.php";
?>
[/php]
Password.php (verifies users and passwords)
[php]
<?php
$USERS[“drodrig1”] = “pwd1”;
$USERS[“jsutta”] = “pwd2”;
$USERS[“username3”] = “pwd3”;
function check_logged(){
global $_SESSION, $USERS;
if (!array_key_exists($_SESSION["login"],$USERS)) {
header("Location: login.php");
exit(0);
};
};
?>
[/php]
Config.php
[php]
<?php
$ASSETS_URL = "https://url-link/formationXX/assets/";
$ASSETS_PATH = "serverpath/formationXX/assets/";
$TEMPLATE_URL = "https://url-link/formationXX/assets/template/";
$TEMPLATE_PATH = "serverpath/formationXX/assets/template/";
$LOGIN_URL = "https://url-link/formationXX/login.php";
$LOGIN_PATH = "serverpath/formationXX/login.php";
?>
[/php]
Index.php (After login, this is where I want to see admin differentiate from regular user. The admin should be able so see and edit the following: CSS, JS, Email, PDF and Spread Sheet. Meanwhile user can only view all except: CSS, JS)
[php]
<?php
require_once "config.php";
session_start(); /// initialize session
include("password.php");
check_logged(); /// function checks if visitor is logged.
/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$JAVASCRIPT = array();
/* Template */
require_once $TEMPLATE_PATH."header.php";
echo <<< XHTML
<form id="form" method="post" action="{$LOGIN_URL}?mode=login">
<div class="full row column">
<h1>{$TITLE}</h1>
</div>
<div class="full row column">
<div class="half column small">
<p>Logged in as: <strong>{$_SESSION["login"]}</strong> | <a href="{$LOGIN_URL}?mode=logout" class="small">Logout</a></p><br />
Add Form | Delete Selected Form(s)
</div>
</div>
<div class="full row column">
<table id="formslist" cellpadding="0" cellspacing="0">
<th>
<tr>
<td class="form_select">
<input id="selectallforms" name="selectallforms" type="checkbox" value="Select All Forms" />
</td>
<td class="form_id">
ID
</td>
<td class="form_url">
URL
</td>
<td class="form_dates">
Launch Date
</td>
<td class="form_dates">
Expiration Date
</td>
<td class="form_autofill">
Autofill
</td>
<td class="form_save">
**CSS**
</td>
<td class="form_save">
**JS**
</td>
<td class="form_save">
Email
</td>
<td class="form_save">
PDF
</td>
<td class="form_dates">
Spread sheet
</td>
</tr>
</th>
</table>
</div>
</form>
XHTML;
require_once $TEMPLATE_PATH . "footer.php";
?>
[/php]