|
PHP - One Login Form Can Differentiate User Or Admin
Login.php
Code: [Select] <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("Regis") or die(mysql_error()); if (isset($_POST["sub"])) { $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); $_POST['pass'] = addslashes($_POST['pass']); } $usercheck = $_POST["username"]; $check = mysql_query("SELECT username FROM registration WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Sorry, the username" ." ".$usercheck." ". "is already in use.')</SCRIPT>"); echo ("<SCRIPT LANGUAGE='JavaScript'>setTimeOut(window.location = 'registration.php',1)</script>"); } else if($_POST['username'] && $_POST['pass'] && $_POST['pass2'] ) { $insert = "INSERT INTO registration (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Registration had been succesfully added :)')</SCRIPT>"); } } ?> <html> <head> <script type="text/javascript"> function a() { var x = document.login.username.value; var y = document.login.pass.value; if(x==""&& y=="") { alert("Please insert all message!"); return false; } if(x=="") { alert("Please insert an username!"); return false; } if(y=="") { alert("Please insert an password!"); return false; } } </script> </head> <body> <table border="0"> <form name="login" method="post" action="form2.php" onsubmit="return a()"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td> <td><input type="text" name="username" maxlength="40"></td></tr> <tr><td>Password:</td> <td><input type="password" name="pass" maxlength="50"></td></tr> <tr><td><input type="submit" name="submit" value="Register"></a></td> <td><input type="submit" name="submit" value="Login"></td></tr> </form> </body></html> form2.php Code: [Select] <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $n=$_POST['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type="hidden" name="username" value="<?php echo $n;?>"> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> My problem is in login.php in form section, can one form can be used user or admin because just now im doing is for user if user login it goes to form2.php but im want also in the same form if admin the form post to form3.php any way to do that thank you Similar TutorialsHi guys, Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!" Any suggestion and help would be appreciated. Thanks. login.php <?php //Assigned varibale $error_msg as empty //$error_msg = ""; session_start(); $error_msg = ""; if (isset($_POST['submit'])) { if ($a_username = "admin" && $a_password = "123") { //Define $_POST from form text feilds $username = $_POST['username']; $password = $_POST['password']; //Add some stripslashes $username = stripslashes($username); $password = stripslashes($password); //Check if usernmae and password is good, if it is it will start session if ($username == $a_username && $password == $a_password) { session_start(); $_SESSION['session_logged'] = 'true'; $_SESSION['session_username'] = $username; //Redirect to admin page header("Location: admin_area.php"); } } $username = (isset($_POST['username'])) ? $_POST['username'] : ''; $password = (isset($_POST['password'])) ? $_POST['password'] : ''; if($username && $password) { $connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!"); mysql_select_db("friendsdb") or die ("Couldn't find the DB"); $query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'"); $numrows = mysql_num_rows($query); if ($numrows != 0){ while ($row = mysql_fetch_array($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } //Check to see if they are match! if ($username == $dbusername && md5($password) == $dbpassword) { header ("Location: user_area.php"); $_SESSION['username'] = $username; } else $error_msg = "Incorrect password!"; //code of login }else $error_msg = "That user does not exist!"; //echo $numrows; } else $error_msg = "Please enter a username and password!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> </head> <body> <br /> <?php require "header.php"; ?><br /> <div align="center"> <table width="200" border="1"> <?php // If $error_msg not equal to emtpy then display error message if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?> <form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post"> <!--form action="login_a.php" method="post"--> Username: <input type="text" name="username" /><br /><br /> Password: <input type="password" name="password" /><br /><br /> <input type="submit" name = "submit" value="Log in" /> </form> <p> </p> Register a <a href="register.php">New User</a> </table> </div> </body> </html> Login.php Code: [Select] <?php session_start(); mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $username = $_POST['username']; $password = $_POST['pass']; if (isset($_POST["submit"])) { $log = "SELECT * FROM regis WHERE username = '$username'"; $login = mysql_query($log); $row = mysql_fetch_array($login); $number = mysql_num_rows($login); if ($number > 0) { $_SESSION['username'] = $row['username']; $_SESSION['userlevel'] = $row['userlevel']; if($_SESSION['userlevel']==1) { $_SESSION['is_logged_in'] == 1; header("Location: form2.php"); } else if($_SESSION['userlevel']== 0) { $_SESSION['is_logged_in'] == 1; header("Location: registration.php"); } } Registration.php Code: [Select] <?php echo 'Welcome:' .$_SESSION['is_logged_in'];?> form2.php Code: [Select] <?php session_start(); if (empty($_SESSION['is_logged_in'])) { header("Location:chatframe.php"); die(); // just to make sure no scripts execute } ?> <?php mysql_connect("localhost","root") or die(mysql_error()); mysql_select_db("cute") or die(mysql_error()); $message=$_POST['message']; $a=$_SESSION['username']; if(isset($_POST['submit'])) //if submit button push has been detected { if(strlen($message)>1) { $message=strip_tags($message); $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP $checkforbanned="SELECT IP from ipbans where IP='$IP'"; $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS"); if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list { print "You IP is banned from posting."; } else { $thedate = date("U"); //grab date and time of the post $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$a','$IP','$thedate','$message')"; mysql_query($insertmessage) or die("Could not insert message"); } } } ?> <html> <head> <script type="text/javascript"> function addsmiley(code) { var pretext = document.smile.message.value; this.code = code; document.smile.message.value = pretext + code; } function a() { var x = document.smile.message.value; if(x=="") { alert("Please insert an message!"); return false; } } </script> <style type="text/css"> body{ background-color: #d8da3d } </style> </head> <body> <form name="smile" method="post" action="form2.php" onSubmit="return a()" > Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br> <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" /> <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" /> <input type='submit' name='submit' value='Send' class='biasa' ></form> <br> <br> </body> </html> In this registration.php when im called back its appear nothing im means the number is not showing and the login code even im had also put the "$_SESSION['is_logged_in'] == 1;" outside if else userlevel statement and then i put $d= $_SESSION['is_logged_in'] == 1; and im echoing back but it is nothing im thinks something wrong in session is login and also still it cannot redirect to admin -form2.php when session is login in is 1 Hi guy's, I'm having problems adjusting a script to add a level (user rights) function. When i login with a admin or normal user it gives a blank page (not redirecting to home.php). It even does'nt return an echo that user / pass is incorrect. I'm breaking my head over this for day's now. Can you help me out? Code: [Select] <?php session_start(); //Login form (index.php) include "db_connect.php"; if(!$_POST['submit']) { ?> <html> <head> <!--[if IE]> <link rel="stylesheet" type="text/css" href="style.css" /> <![endif]--> <![if !IE]> <link rel="stylesheet" type="text/css" href="firefox.css" /> <![endif]> </head> <body> <div id="wrapper"> <div id="header"> <?php include('header.php'); ?> </div> <div class="divider"> <strong>Login</strong> <form method="post" action="index.php"> <div class="formElm"> <label for="username">Klantnummer:</label> <input id="username" type="text" name="username" maxlength="16"> </div> <div class="formElm"> <label for="password">Wachtwoord:</label> <input type="password" name="password" maxlength="16"> </div> <input type="submit" name="submit" value="Login"> </form> </div> <div id="footer"> <?php include('footer.php'); ?> </div> </div> </html> <?php } else { $user = protect($_POST['username']); $pass = protect($_POST['password']); $level = protect($_POST['level']); if($user && $pass && $level) { $pass = md5($pass); //compare the encrypted password $sql1 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='1'"; $sql2 ="SELECT id,username FROM `users` WHERE `username`='$user' AND `password`='$pass' AND `level`='9'"; $queryN=mysql_query($sql1) or die(mysql_error()); $queryA=mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($queryN) == 1) { $resultN = mysql_fetch_assoc($queryN); $_SESSION['id'] = $resultN['id']; $_SESSION['username'] = $resultN['username']; header("location:home.php"); } elseif(mysql_num_rows($queryA) == 1) { $resultA = mysql_fetch_assoc($queryA); $_SESSION['id'] = $resultA['id']; $_SESSION['username'] = $resultA['username']; header("location:home.php"); } else{ echo "Wrong Username or Password"; } } } ?> and the mysql code: Code: [Select] CREATE TABLE `user` ( `id` int(4) unsigned NOT NULL auto_increment, `username` varchar(32) NOT NULL, `password` varchar(32) NOT NULL, `level` int(4) default '1', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=latin1; hi i need help an idea how can i separate members from admins since i dont know how to create login form i used tutorial ( http://www.youtube.com/watch?v=4oSCuEtxRK8 ) (its session login form only that i made it work other tutorials wre too old or something) how what i want to do is separate members and admins because admin need more rights to do now i have idea but dont know will it work like that what i want to do is create additional row in table named it flag and create 0 (inactive user) 1 (member) 2 (admin) will that work? and how can i create different navigation bars for users and admins? do you recommend that i use different folders to create it or just script based on session and flag? hello. I need your help please. I'm building logistics website with user panel and admin panel. I've done all login and register forms. now I want to : admin can add package with: tracking number , weight , cost , and declaration form. user can fill declaration form after admin add package to user panel. then admin can see the declared form. is it possible in php? thank you in advance Hey guys, I'm kind of a n00b with PHP and i'm trying to practice by building a mock e-comm site, but i'm having a problem with my admin login form. When the information is submitted the form just clears and doesn't redirect me to the index.php file i have set-up. My knowledge of php isn't where i'd like it to be yet, so i'm here for help! I'll post the code for bpoth the admin login page and the index.php file. ADMIN LOGIN PAGE | | V <?php session_start(); if (isset($_SESSION["username"])) { header("location: index.php"); exit(); } ?> <?php if (isset($_POST["username"]) && isset($_POST["password"])){ $username = $_POST["username"]; // filter everything but numbers and letters $password = $_POST["password"]; // filter everything but numbers and letters include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$username' AND password='$password' LIMIT 1"); $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 1) { // evaluate the count while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["username"] = $username; $_SESSION["password"] = $password; header("location: index.php"); exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Store Admin Area</title> <link rel="stylesheet" type="text/css" href="../css/main_style.css" /> </head> <body> <div id="wrapper"> <div id="text"><br /> <div align="left" style="margin-left:100px; margin-top:100px;"> <h2>Please Login To Manage The Store</h2> <br /><br /> <form id="form1" name="form1" method="post" action="admin_login.php"> <strong>Username</strong> <input name="username" type="text" id="username" size="40" /> <br /><br /> <strong>Password</strong> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <input type="submit" name="button" id="button" value="Login" /> </form> </div> </div><!--closes wrapper--> </body> </html> INDEX.PHP FILE | | V <?php session_start(); if (!isset($_SESSION["username"])) { header("location: admin_login.php"); exit(); } $usernameID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); $username = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["username"]); $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT * FROM admin WHERE id='$usernameID' AND username='$username' AND password='$password' LIMIT 1"); // query the person $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 0) { // evaluate the count echo "Your login session data is not on record in the database."; exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Store Admin Area</title> <link rel="stylesheet" type="text/css" href="../css/main_style.css" /> </head> <body> <div id="wrapper"> <div id="text"><br /> <div align="left" style="margin-left:100px; margin-top:100px;"> <h2>Hello store manager, what would you like to do today?</h2> <p><a href="inventory_list.php">Manage Inventory</a><br /> <a href="#">Manage Blah Blah </a></p> </div> <br /> <br /> <br /> </div><!--closes wrapper--> </body> </html> Any help and suggestions are greatly appreciated! Thanks! Any help would be greatly appreciated! <?php $host="localhost"; // Host name $username="user"; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $barcodeID=$_POST['barcode']; echo $barcodeID; $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $count=mysql_num_rows($result); if($count==1){ $_SESSION['barcode'] = $barcodeSession; $_SESSION['userlevel'] = $row['Priority']; if($row['userlevel'] == "Admin") { header("location:AdminSection.php"); }else{ header("location:index.php"); } header("location:LoggedIn.php"); } else { header("location:index.php"); } ?> when the script has been run, I want it to redirect to either the user page or admin page depending on their priority level. if Priority field == "Admin" then go to admin page. Can you see anything missing? Thank You Hallo I have a problem.
This is my code:
<?php include 'connect.php';
?>
<html>
<head>
<title>Admin Insert page!</title>
</head>
<body>
<?php
error_reporting(-1);ini_set('display_errors',1);
if (isset($_POST['submit'])){
$name = $_POST['name'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM users WHERE user='$name' AND password='$password'");
$num = mysql_num_rows($result);
if($num == 0){
echo "Bad login, go <a href='login.php'>back</a>";
}else{
session_start();
$_SESSION['name'] = $name;
header("Location: admin.php");
}
}else{
?>
<form action='login.php' methody='post'>
Username: <input type='text' name='name'/><br />
Password: <input type='password' name='password'/><br />
<input type='submit' name='submit' value='Login' />
</body>
</html>
I try to use console to find the problem but I didn't....
I know that there is some problem with $num
Can somebody help me?
Thank you.
Edited by Artur, 19 October 2014 - 12:11 PM. hi guys how you doing? i new here so take it easy on me . basically just need some quick help and i thought this would be the best place to ask. ive been working on a admin login script but cant seem to get it right, i mean i can login in with random passwords :/ and also everytime i go to the index.php it shows the information i dont want it without being logged in. ive got the script running live just incase anyone wants to see what i mean its at http://www.lukerodham.co.uk/admin heres the code. Thanks in advance. index.php Code: [Select] <?php require_once("login.php"); $adminuser = $_SESSION['user']; ?> <html> <head> <title>hoonigans.co.uk</title> </head> <body> <h3 align="center">Welcome to the admin page.</h3> <span class="maintext"><br /> <p align="center">If you would like to post some news please <a href="news/post.php">click here</a>.<br /> To logout please <a href="logout.php">click here</a></p> </body> </html> login.php Code: [Select] <?php function loginpage($error){ echo " <html> <body> <div align='center'> <form method='post' action='".$_SERVER['REQUEST_URI']."'> <label>username: <input type='text' name='username' id='username'><br> <label>password: <input type='password' name='password' id='password'><br> </label> <label> <input type='submit' name='submit' id='submit' value='submit'> </label> </form> </div> </body> </html> "; } $username = $_POST['username']; $password = $_POST['password']; $login = $_post['login']; $host = *********; $dbuser = *********; $dbname = *********; $dbpass = *********; mysql_connect("$host","$dbuser","$dbpass"); mysql_select_db("$dbname"); session_start(); if($_SESSION['user'] != $username){ if(!$submit){ loginpage(false); } elseif($submit){ $get = mysql_query("SELECT * FROM users WHERE username='$username'"); while ($row = mysql_fetch_assoc($get)){ $admin = $row['admin']; $passwordmatch = $row['password']; if ($passwordmatch==$password&&$admin==1){ $_SESSION['user']="$username"; echo "this worked"; } else{ die("Sorry wrong information."); } } } } ?> Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 16 Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\sas\shoppingcart\adminlogin.php:16) in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 33 Ok.. I have made an admin section for a couple of sites, and it works fine, alough i'm almost certain that the way i have done it is not the "proper way". What I have done is had a form with a password field that sends the password via POST to another script that checks the password is correct via variable, something like this: Code: [Select] <?php $pass = $_POST["pass"]; $correct = "imapassword"; if($pass == $correct){ //display contents of page else{ //return user to login screen } ?> And then it saves the password into a cookie, that dies either over time or when the browser closes. And then on each page it tests wether that cookie is still there and is correct. When the user wants to log out it just destroys the cookie. This seems like a really hashed up way of doing it, could anybody let me know the bare essentials for making a similar system, but the "right way". Thankyou in advance Hello, I have a problem with my website, Admin login page (http://www.tranceprofile.com/storeadmin/admin_login.php I can not login to my Admin controle panel. Login information: Username: Mitch Password: schuur111 Username: Admin Password: poopoo Can someone help me ? Here is my admin_login.php source code. If you need some other source code in my /storeadmin folder please tell Code: [Select] <?php session_start(); if (isset($_SESSION["manager"])) { header("location: index.php"); exit(); } ?> <?php // Parse the log in form if the user has filled it out and pressed "Log In" if (isset($_POST["username"]) && isset($_POST["password"])) { $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters // Connect to the MySQL database include "../storescripts/connect_to_mysql.php"; $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person // ------- MAKE SURE PERSON EXISTS IN DATABASE --------- $existCount = mysql_num_rows($sql); // count the row nums if ($existCount == 1) { // evaluate the count while($row = mysql_fetch_array($sql)){ $id = $row["id"]; } $_SESSION["id"] = $id; $_SESSION["manager"] = $manager; $_SESSION["password"] = $password; header("location: index.php"); exit(); } else { echo 'That information is incorrect, try again <a href="index.php">Click Here</a>'; exit(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin Log In </title> <link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" /> </head> <body> <div align="center" id="mainWrapper"> <?php include_once("../template_header.php");?> <div id="pageContent"><br /> <div align="left" style="margin-left:24px;"> <h2>Please Log In To Manage the Store</h2> <form id="form1" name="form1" method="post" action="admin_login.php"> User Name:<br /> <input name="username" type="text" id="username" size="40" /> <br /><br /> Password:<br /> <input name="password" type="password" id="password" size="40" /> <br /> <br /> <br /> <input type="submit" name="button" id="button" value="Log In" /> </form> <p> </p> </div> <br /> <br /> <br /> </div> <?php include_once("../template_footer.php");?> </div> </body> </html> Hi guys, Can anyone help me; I have created a registration form (can be use for create or modify) and login form (Admin). What I am trying to do is; once the admin log in he/she can create / register a new user which contains: -Firstname -Surname -Address -Mobile -Dept Name -Username -Password -Repeat Password My DB will look like this: Table PERSONS: id, firstname, surname, address, mobile, dept_id, username, password. Table USER: id, username, password Table DEPT: id, dept_name Can anyone help me how am I going to related the USER table into the PERSONS so when admin register a new user - the data will be created the into database as well as the data can be extracted for modification. Any suggestion? Here are my code: register.php <?php require 'includes/application_top.php'; if (!isset($_POST['name']) && isset($_GET['id'])) { $mode = "Modifying"; // Get data from DB $q = "SELECT * FROM `persons` WHERE `ID` = '".$_GET['id']."'"; $result = mysql_query($q) or die (mysql_error()); $row = mysql_fetch_array($result); $name = $row['firstname']; $surname = $row['surname']; $address = $row['address']; $dept = $row['dept_id']; $mobile = $row['mobile']; }else if (!isset($_POST['name']) && !isset($_GET['id'])) { $mode = "Register"; // Data is empty $name = $surname = $address = $dept = $mobile = ""; } else { $errors = array(); if ($_POST['name'] == "") $errors[] = "Name"; if ($_POST['surname'] == "") $errors[] = "Surname"; if ($_POST['mobile'] == "" || !is_numeric ($_POST['mobile'])) $errors[] = "Mobile No"; if (count($errors)) { $errormsg = "Please fill the blank info:<br/ >".implode('<br />',$errors); $mode = $_POST['mode']; $name = $_POST['name']; $surname = $_POST['surname']; $address = $_POST['address']; $dept = $_POST['dept']; $mobile = $_POST['mobile']; } else { foreach ($_POST as $key => $val) { $_SESSION[$key] = $val; } header("Location: confirmPage.php"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Modify Document</title> </head> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <?php if (isset($errormsg)) echo "<div id=\"error_message\" style=\"color:red;\">$errormsg</div>"; ?> <div align="center"> <table width="370" border="0"> <h1> <?php echo $mode; ?> A User </h1> <p><font color="orangered" size="+1"><tt><b>*</b></tt></font> indicates a required field</p> <tr> <th width="200" height="35" align="left" scope="row" >First Name <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td width="160"><input type="text" name="name" value="<?php echo $name;?>" size="25"/></td> </tr> <tr> <th height="35" align="left"> Surname <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td> <input type="text" name="surname" value="<?php echo $surname; ?>" size="25"/></td> </tr> <tr> <th height="35" align="left"> Address</th> <td> <input type="text" name="address" value="<?php echo $address; ?>" size="25"/></td> </tr> <tr> <th height="35" align="left"> Choose a username <font color="orangered" size="+1"><tt>*</tt></font></th> <td> <input name="username" type="text" maxlength="100" size="25" /> </td> </tr> <tr> <th height="35" align="left"> Choose a password <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td> <input name="password" type="password" maxlength="100" size="25" /> </td> </tr> <tr> <th height="35" align="left"> Repeat your password <font color="orangered" size="+1"><tt><b>*</b></tt></font> </th> <td> <input name="repeatpassword" type="password" maxlength="100" size="25" /> </td> </tr> <tr> <th height="35" align="left">Department</th> <td> <select name="dept"> <option value="">Select..</option> <?php $data = mysql_query ("SELECT * FROM `dept` ORDER BY `id` DESC") or die (mysql_error()); while($row_dept = mysql_fetch_array( $data )) { ?> <option value="<?php echo $row_dept['id'] ;?>" <?php if($row_dept['id']==$dept){echo ' selected="selected"';}?>> <?php echo $row_dept['dept_name'] ;?> </option> <?php } ?> </select> </td> </tr> <tr> <th height="35" align="left">Mobile</th> <td><input type="text" name="mobile" value="<?php echo $mobile; ?>" size="25"/></td> </tr> <tr> <td align="right" colspan="2"> <hr noshade="noshade" /> </td> </tr> </table> <br/> <a href="index.php"> <input type="button" name="back" value="Back" /></a> <input type="hidden" name="id" value="<?php echo isset($_GET['id']); ?>"> <input type="hidden" name="mode" value="<?php echo $mode; ?>"> <input type="submit" value="<?php echo ($mode == "Register") ? 'Register' : 'Modify'; ?>"/> </div> </form> </body> </html> I am developing a system that with have 4 different levels of permissions. My question is this. From a structure standpoint, some systems will have the administrators area in one file and the users admin area in another file. Others will have a level of permission with all the different levels of administrative tasks, menus, etc, coming from the database. Is one of these better than the other or does it matter. From a coding standpoint it would be much easier to just have permissions and allow access to user menus and admin pages accordingly. Thanks in advance. I am trying to check for an admin user to access the admin panel. I have been playing around try different things and this what I have ended up with in my database table I have a column called usergroup and i do the follow to check for admin user. Code: [Select] $checkAdmin = mysql_query("SELECT * FROM `users` WHERE email='$email' , usergroup = 'admin'"); $adminUser = mysql_num_rows($checkAdmin); if ($adminUser == 0) { echo count($adminUser); die ('You do not have permissions to access this area'); } I do the select statement through phpmyadmin and it comes back with one row. which is basically hat i want to check for. I do have a variable called $email which is getting a value from the email cookie. currently $adminUser Return a value of 10. All of the count() functions is for testing purposes only. Howdy colleagues,
Please help! I am writing a WP plugin the boss of the website to be notified when an admin logs in. So far so good, but I can't make the damn code to send the email when the user logs in. If I change the add_action to "admin_notices" the email is being sent, but if I put "wp_login" it does not Please help, here is the code so far...
function _emnoti_get_time_of_login(){
$time_of_login = date('l F Y');
return $time_of_login;
}
# Get the IP of the user that logged themselves as admin
function _emnoti_get_ip(){
$sources = array(
'REMOTE_ADDR',
'HTTP_X_FORWARDED_FOR',
'HTTP_CLIENT_IP',
);
foreach ($sources as $source) {
if(!empty($_SERVER[$source])){
$ip = $_SERVER[$source];
}
}
return $ip;
}
# Email all the info above to a pointed email address
function emnoti_send_email($user_login, $user){
if(_emnoti_check_if_admin() === true){
// print _emnoti_get_time_of_login();
// print _emnoti_get_ip();
wp_mail("MY EMAIL!", "Test subject", 'test body');
}
}
add_action('wp_login', 'emnoti_send_email', 10, 2);
?>
I am trying to learn php and I cannot figure out how to get a simple login form going. I am getting this error.
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given
I have no clue what I am doing wrong. I am following the "HowTo".
Here is my code
Index.php ( Login Form )
<form name="form1" method="post" action="checklogin.php">
<div id="wrappermiddle">
<h2>Login</h2>
<div id="username_input">
<div id="username_inputleft"></div>
<div id="username_inputmiddle">
<input name="myusername" type="text" id="myusername" value="Email Address">
<img id="url_user" src="./images/mailicon.png" alt="">
</div>
<div id="username_inputright"></div>
</div>
<div id="password_input">
<div id="password_inputleft"></div>
<div id="password_inputmiddle">
<input name="mypassword" type="text" id="mypassword" value="Password">
<img id="url_password" src="./images/passicon.png" alt="">
</div>
<div id="password_inputright"></div>
</div>
<div id="submit">
<input type="image" src="./images/submit.png" name="Submit" value="Login">
</form>
</div>
checklogin.php
<?php
$host="localhost"; // Host name
$username="MY DB USER"; // Mysql username
$password="Password"; // Mysql password
$db_name="MY DB Name"; // Database name
$tbl_name="admin"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
Any help would be greatly appreciated.
Edited by Oblivion13, 07 October 2014 - 05:25 PM. Hi all, Sorry to be a pain, but I've been out of the php game for quite a few years and have just come back to it briefly to help someone out. I've been using an old admin auth script that I used to use a long time ago but it's not working, and I can't for the life of me work it out :/ I apologise for the noobishness of the code, but as I said, it's been a long time. Any and all help would be very greatly appreciated. Here is the code: <? require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; $member_userlevel = $data["level"]; if($member_pass == $admin_pass) { SetCookie("mgdwebby","$member_name:$member_pass:$member_userlevel"); } include("header.php"); ?> <? if($action=="login") { if($admin_login==""){ echo"Wrong info. "; } elseif($admin_pass==""){ echo"Wrong info. "; } else{ require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; if($member_pass == $admin_pass) { echo"<head><meta http-equiv=\"refresh\" content=\"2;URL=admin.php\"></head><br><center>Please Wait.</center><br>"; $auth = explode(":",$HTTP_COOKIE_VARS["mgdwebby"]); if(empty($auth[0]) || empty($auth[1])) { } else { echo"Welcome<br>"; include("admin_left.php"); } } else { echo"Wrong info. "; } } } else { echo"<form method='post' action='?action=login'> <table width='307' align='center' cellspacing='0' cellpading='0' border='0'> <tr> <td width='200'> Login : </td> <td> <input type='text' name='admin_login'></td> </tr> <tr> <td width='200'> Password : </td> <td> <input type='password' name='admin_pass'></td> </tr> <tr> <td colspan='2' align='center'><center><input type='submit' value='Login'></center></td> </table> "; } ?> <? include("footer.php"); ?> <?php session_start( ); include_once( dirname( __FILE__ )."/../inc/func/get_sth.php" ); include_once( _ABSPATH_."/inc/func/header.php" ); if ( $_GET["f"] == "login" ) { $adminuser = strtolower( strip_tags( trim( $_POST["adminuser"] ) ) ); $r_0 = strtolower( strip_tags( trim( $_SESSION["r"] ) ) ); $r_1 = strtolower( strip_tags( trim( $_POST["r"] ) ) ); if ( $r_0 == $r_1 ) { $result = mysql_query( "SELECT password FROM admin where adminuser='".$adminuser."'" ); $val = mysql_fetch_array( $result ); if ( !$val["password"] ) { $loginfail = 1; } else { if ( $val[password] === md5( $_POST["password"] ) ) { $_SESSION['admin'] = $adminuser; header( "Location: ./" ); exit( ); } $loginfail = 1; } } else { $loginfail = 2; } } $page_title = l( "Administration Login" )." | ".get_sitename( ); $smarty->assign( "page_title", $page_title ); $smarty->assign( "loginfail", $loginfail ); $smarty->display( "mgt/login.tpl" ); ?> |
|||||||