June 19th, 2004, 04:02 AM
|
|
Registered User
|
|
Join Date: Jun 2004
Posts: 2
Time spent in forums: < 1 sec
Reputation Power: 0
|
|
|
Restricting Access to Page
Hi. I am creating a secure login area, restricting access only to those who are Admin level. I have done this with ASP but with MySQL I can't it to work. I created a database with a field called access_level as an Integer, Default 0, gave an admin a level of 1 and on the Login page restricted access only to those with a level of 1. But it won't allow anyone to login.
PHP Code:
[b]Code for Login.php:[/b]
<?php require_once('../Connections/connLogin.php'); ?>
<?php
mysql_select_db($database_connLogin, $connLogin);
$query_rsLogin = "SELECT * FROM `admin`";
$rsLogin = mysql_query($query_rsLogin, $connLogin) or die(mysql_error());
$row_rsLogin = mysql_fetch_assoc($rsLogin);
$totalRows_rsLogin = mysql_num_rows($rsLogin);
?>
<?php
// *** Validate request to login to this site.
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "access_level";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "login_failed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_connLogin, $connLogin);
$LoginRS__query=sprintf("SELECT username, password, access_level FROM admin WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $connLogin) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'access_level');
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<link href="../stylesheets/main.css" rel="stylesheet" type="text/css">
</head>
<body><br>
<form name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
<table width="33%" border="0" align="center" cellspacing="4" class="box">
<tr>
<td colspan="2"><div align="center" class="heading1">Login</div></td>
</tr>
<tr>
<td class="heading2">Username:</td>
<td><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td class="heading2">Password:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Enter"></td>
</tr>
</table>
</form>
</body>
</html>
<?php
mysql_free_result($rsLogin);
?>
|
Dev Articles Community Forums Sponsor:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
