Topic: how to make php determine privileges in login?

[zyonsherlock]

guys what's up? i got a problem, i dunno how to make php determine the privilege of the user, i use  sessions but it doesn't work, dunno if it was correct, here is the code:

the login page:

Code: [Select]

<?php

session_start();

$error = '';
if(isset($_POST['username']) && isset($_POST['password'])){
  
  //if ($_POST['username'] == jovy && $_POST['password'] == jovy){
  include 'library/dbconfig.php';
  include 'library/dbconn.php';
  
  $username = $_POST['username'];
  $password = $_POST['password'];
  
  $query="SELECT * FROM admin_sfs WHERE user = '$username' AND pass = PASSWORD('$password')";

$result = mysql_query($query) or die ('Error! Query Failed! '.mysql_error());

if (mysql_num_rows($result) == 1){
  
  $_SESSION['db_logged_in'] = true;
 // $_SESSION['db_privileges'] = $result['privileges'];
 
  if ($result['privileges'] == "admin"){
  $_SESSION['db_privileges_admin'] = true;
    }
elseif($result['privileges'] == "accounting"){
    $_SESSION['db_privileges_accounting'] = true;
}
  header('Location: main.php');
  exit;
}else{
  $error = 'Wrong ID/Password! Sorry...';
}

include 'library/close.php';

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
<link href="library/css.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
.style2 {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 14px;
}
-->
</style>
</head>

<body class="css">
<?php
if ($error != '') {
?>
<p align="center"><strong><?php echo $error; ?></strong></p>
<?php
}
?>
<form id="frmLogin" name="frmLogin" method="post" action="">

<table width="309" height="109" border="1" align="center">
  <tr bgcolor="#003366">
    <td colspan="4"><div align="center" class="style2">Login</div></td>
  </tr>
  <tr>
    <td width="37" height="24" align="left" valign="top" bgcolor="#003366">&nbsp;</td>
    <td width="65" align="left" valign="top"><label><span class="css">Username:</span></label></td>
    <td width="144" align="left" valign="top"><input type="text" maxlength=20 name="username" id="username"/></td>
    <td width="35" align="left" valign="top" bgcolor="#003366">&nbsp;</td>
  </tr>
  <tr>
    <td height="24" align="left" valign="top" bgcolor="#003366">&nbsp;</td>
    <td align="left" valign="top"><label><span class="css">Password:</span></label></td>
    <td align="left" valign="top"><input type="password" name="password" maxlegth=45 id="password" /></td>
    <td align="left" valign="top" bgcolor="#003366">&nbsp;</td>
  </tr>
  <tr>
    <td height="26" align="left" valign="top" bgcolor="#003366">&nbsp;</td>
    <td align="left" valign="top" bgcolor="#003366">&nbsp;</td>
    <td align="left" valign="top" bgcolor="#003366"><input name="Login" class="css" type="Submit" id="Login" value="Login" /></td>
    <td align="left" valign="top" bgcolor="#003366">&nbsp;</td>
  </tr>
</table>
<p>
  <label></label>
</p>
</form>
</body>
</html>

...and the main page:

Code: [Select]

<?php

session_start();

if(!isset($_SESSION['db_logged_in']) || $_SESSION['db_logged_in'] !== true){
  
  header('Location: login.php');
  exit;
}
?>


<table width="990" height="591" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td height="93" colspan="2">&nbsp;</td>
  </tr>
  <tr>
    <td width="18%" height="603" valign="top"><table width="206" height="153" border="0" cellpadding="0" cellspacing="0">
      <tr valign="top">
        <td width="206" height="33">REQUEST FOR PROPOSALS </td>
      </tr>
      <tr valign="top">
        <td class="navi"><p><a target="content" href="welcome.php">WELCOME TO SFS-OLP</a></p>
            <p>REQUEST PROPOSALS</p>
          <p><a target="content" href="peo-table.php">PEO</a></p>
          <p>
          <?php
          
          if (isset($_SESSION['db_logged_in'])){
            
  /*include 'library/dbconfig.php';
     include 'library/dbconn.php';
     
     $query = "select * from admin_sfs";
     
     $result = mysql_query($query)or die ('query error!' .mysql_error());
     $row = mysql_fetch_assoc($result);*/
          
     if (isset($_SESSION['db_privileges_admin'])){echo '<BR><a target="content" href="olp-table.php">OLP</a>';}
     else
{ echo 'OLP'; }

  if (isset($_SESSION['db_privileges_accounting'])){echo '<BR><a target="content" href="accounting.php">Accounting</a>';}
     else
{ echo '<BR> Accounting'; }

echo '<BR><a target="parent" href="logout.php">logout</a>';
   }  
   ?>
          </p>
          <p>&nbsp; </p></td>
      </tr>
    </table>
    <p>&nbsp;</p></td>
    <td width="82%" height="603" valign="top" ><table width="810" height="602">
      <tr>
        <td bordercolor="#000000"><iframe name="content" src="welcome.php" width="100%" height="100%"></iframe></td>
      </tr>
    </table></td>
  </tr>
</table>


hope someone can help me with this one. Thanks in advance!!!

[chriscloyd]

hey ur login code looks alright but my suggestion make the session like
$_SESSION['db_privileges']
and then everytime u look for it do if ($_SESSION['db_privileges'] == "admin") {
and on ur check to see if they are logged in it loks weird just do
if(!isset($_SESSION['db_logged_in'])){
header("Location: linkhere.php");
}

[zyonsherlock]

hi chriscloyd! thanks for your reply, but i've tried that yesterday and it still doesn't work. The error is that it doesn't show anything!just the logout link.

[zyonsherlock]

hey guy's! i need an answer to this problem... please........................thanks!