User management in a web application

General PHP Help
#1

Hi there,

I am working on the user side of a new webapp. Am coding using php on netbeans. I have a situation as below:

Background:I like the first page (index.php) to have the login page (with link to recover the password if forgotten only). After successful login, user must be checked if is admin or not. If admin, user is given other pages like register and view users with links to edit or delete user accounts. If user is not admin, link is given to perform other normal activities on the app including managing their account (like password change only…)

My problems are below:
i) creating that initial admin account to be used to create the users (either admin or normal user) , whose details will be communicated to them (users) via some other means…(since the app is in-house).
ii) integrating the login on the first page (index.php), and after successful login, user is redirected to respective pages based on their rights and if not successful, user is returned to index.php to login (ofcourse with details of any encountered error).

Grateful for any idea.

#2

create a users table, with fields:
userid primary auto increment
username
password
type
and what ever else you may need to be in the user table. you could tell the difference between the users by their “type”
so save admin type as 1 and everyone else who registers would be type two. so on the registration page when you insert data their type would be 2.
next you need to use sessions so on login page use your form for login, validate users info.
simple example
[php]

<?php if(isset($_POST["username"])){ $username = strip_tags($_POST["username"]); $username = mysql_escape_string($username); $password = strip_tags($_POST["password"]); $password =mysql_escape_string($password); $sql="SELECT id,username,type FROM admin WHERE username='".$username."' AND password='$password'"; $res=mysql_query($sql) or die("Error :
".mysql_Error()); if(mysql_num_rows($res)==0){ }else{ $row=mysql_fetch_assoc($res); $_SESSION["id"] = $row["id"]; $_SESSION["name"]= $row["username"]; $_SESSION["type"]= $row["type"]; header("Location:loggedin.php"); } }else{ $username = ""; $password = ""; echo"Username and/or password was not located! So get outta here :D ! "); } ?> 
	<form method="post" action="login.php">
	<table>
		<tr>
			<td class="side">Name</td>
			<td><input type="text" name="username" value="'.$username.'"></td>
		</tr>
		<tr>
			<td class="side">Password</td>
			<td><input type="password" name="password" value="'.$password.'"></td>
		</tr>
		<tr>
		
			<td>
				<input type="submit" value="Login" style="width:100px;">
			</td>
		</tr>	
	</table>
	</form>

[/php]
now the tricky part is on each of your pages you HAVE to have this on the first line of code
[php]session_start();
[/php]
if you want to keep non admins from an entire page do something like this at the top of the page
[php]
session_start();
if($_SESSION[“type”]!=1)){echo"<meta http-equiv=refresh content=0;url=login.php> ";}
[/php]
now if you want to just show different content to an admin user you can do something like

[php]
if($_SESSION[“type”]==1)){echo"

admin content
"; } [/php] again this is a real simple solution you could create header.php and use a user class and get all fancy but for the most part this should work ok!!!
Sponsor our Newsletter | Privacy Policy | Terms of Service