Redirect based on Credentials

[sonnieboy]

Greetings gurus,

 

I need some help, please.

 

I have a classic ASP background and now trying to get my feet wet with php.

 

We have a web app that is used by several depts.

 

I have been told to modify the app so that user is redirected to a site specific to their dept.

 

For instance, if we have say, 3 deppts, HR, IT, and Payroll; if a user who belongs to the Payroll dept logs into the system, s/he will be redirected to PayRoll section of the page.

 

I have done this tons of times using asp.

 

Below is the code I used for asp:

 

'Page = validateUser.asp

SQL ="SELECT * FROM users " _
      & " WHERE Username = '" & Request.Form("txtUserid") & "'" _
      & " AND password = '" & Request.Form("TxtPassword") & "' "

Set objRS = objConn.Execute( SQL )


  If Not objRS.EOF Then
    If objRS("password") = Request.Form("txtPassword") Then
      Session.Contents("access_level") = objRS("access_level")
      Session.Contents("userID") = objRS("userID") 'ID column
      Session("username") = objRS("username")
      Session("password") = objRS("password")

      access_level = CInt(Session("access_level"))
      username = CStr(Session("username"))


       Select Case access_level
         Case 1
           Response.Redirect "HRPage.asp"
         Case 2
           Response.Redirect "PayrollPage.asp"
         Case 3
           Response.Redirect "ITPage.asp"
         Case Else
          Response.Redirect "default.asp"
       End Select
    Else
      Response.Write "Sorry, but the password that you entered is incorrect."
    End If
  Else
    Response.Write "Sorry, but the username that you entered does not exist."
  End If
  objRS.Close
  Set objRS = Nothing
  objConn.Close
  Set objConn = Nothing

 

Then on each page, I would do the check before redirecting the user:

 

 If Session.Contents("access_level") <> 1 AND _
Session.Contents("access_level") <> 2 AND _
Session.Contents("access_level") Then
   Response.Redirect "default.asp"
End If

How I can use similar code in php?

 

I hope you can assist me.

 

Thanks very much

[gizmola]

PHP has a similar session system.  sessions

 

Redirection is trivial:  header

[sonnieboy]

Thanks Gizmola for your prompt response.

 

How would you rewrite this in php?

 

I think it will help get me going.

 

  If Not objRS.EOF Then    If objRS("password") = Request.Form("txtPassword") Then      Session.Contents("access_level") = objRS("access_level")      Session.Contents("userID") = objRS("userID") 'ID column      Session("username") = objRS("username")      Session("password") = objRS("password")

[gizmola]

I'm not going to translate code for you, sorry.  I will pick out a few things that you can study yourself. 

 

Data from a form comes in via one of the PHP superglobal arrays.  If the method of the form was post, in the target script you have access to the form elements values via $_POST['txtPassword'] as one example.

 

Session variables can be set and read via the $_SESSION[] superglobal.

 

If you have specific questions I don't mind looking at them, but our goal here is to help developers learn PHP themselves.  As an ASP dev, you should find many of the basic strategies and concepts to be the same, but you still need to invest time in learning how PHP and mysql works. 

[sonnieboy]

but our goal here is to help developers learn PHP themselves.

 

Asking for an equalence of 5 ASP lines in php isn't a hindrance to learning php given that I have already written 7 files (not pages) of php files.

 

In any case, I thank you responding to my thread.

[gizmola]

You're better off then, posting pieces of those, and asking for help in filling in missing gaps.  For example, I assume in your code objRS is a row you've read from a database.  Are you asking for help on how to select from a database, and if so, which one?  I tihnk from the information I provided you, you should be able to translate that code into something similar, since all you're doing is getting some data from a form, comparing it to a row that was read from the db into an object, and setting some session variables.