How to set up user level when in registration mode

[shebbycs]

CREATE TABLE user (username varchar(20),password varchar(20),level varchar(20),PRIMARY KEY(username));

 

INSERT INTO `user` VALUES ('a', 'pass1', 'admin');

INSERT INTO `user` VALUES ('b', 'pass2', 'admin');

INSERT INTO `user` VALUES ('c', 'pass3', 'user');

 

 

This is my database

 

and

 

Registration.php

 

<html>
<head>
<script type="text/javascript">
  function a()
{
   var x = document.register.username.value;
   var y = document.register.pass.value;
   var z = document.register.pass2.value;
   
   if(x==""&& y==""&& z=="")
   {
    alert("Please insert all message!");
    return false;
   }
   if(x=="")
   {
     alert("Please insert an username!");
     return false;
   }
   if(y=="")
   {
     alert("Please insert an password!");
     return false;
   }
   if(z=="")
   {
     alert("Please insert an password2!");
     return false;
   }
   
   if (y!=z)
   {
     alert("Your passwords did not match");
     return false;
   }
   



}
</script>
</head>
<?php
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("cute") or die(mysql_error());


     if (isset($_POST["sub"]))
     {
        $_POST['pass'] = md5($_POST['pass']);
      if (!get_magic_quotes_gpc())
       {
        $_POST['username'] = addslashes($_POST['username']);
        $_POST['pass'] = addslashes($_POST['pass']);
      }


       $usercheck = $_POST["username"];

       $check = mysql_query("SELECT username FROM regis WHERE username = '$usercheck'") or die(mysql_error());

       $check2 = mysql_num_rows($check);
        //if the name exists it gives an error
     if ($check2 != 0)
     {
      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Sorry, the username" ." ".$usercheck." ". "is already in use.')</SCRIPT>");
      echo ("<SCRIPT LANGUAGE='JavaScript'>setTimeOut(window.location = 'registration.php',1)</script>");

     }

      else if($_POST['username'] && $_POST['pass'] && $_POST['pass2'] )
     {
      $insert = "INSERT INTO regis(username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
      $add_member = mysql_query($insert);
      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Registration had been succesfully added ')</SCRIPT>");
      echo "<meta http-equiv='refresh' content='0; url=login.php'>";
     }

     }
     
?>
<body>



  <form name="register" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"  onsubmit="return a()">
  <table border='0'>
  <tr><td>Username:</td><td><input type="text"name="username" maxlength="60"></td></tr>
  <tr><td>Password:</td><td><input type="password" name="pass" maxlength="10"></td></tr>
  <tr><td>Confirm Password:</td><td><input type="password" name="pass2" maxlength="10"></td></tr>
  <tr><th colspan=2><input type="submit" name="sub" value="Register"></th></tr></table>
  </form>
  

  </body>
</html>

 

 

My main problem when in registration iam did not put user level field because it is not secure but how to manage or how to detect when someone registering he or she is user or admin?

[MasterACE14]

My main problem when in registration iam did not put user level field because it is not secure but how to manage or how to detect when someone registering he or she is user or admin?

errr.... what? Who told you that. Of course you can have a user level field in your database to determine who has what access to parts of your website.

[shebbycs]

My main problem when in registration iam did not put user level field because it is not secure but how to manage or how to detect when someone registering he or she is user or admin?

errr.... what? Who told you that. Of course you can have a user level field in your database to determine who has what access to parts of your website.

 

 

 

im not asking in database sir but my problem is when im registering in registration.php how to put user level field(textfield) if im put user field they can cheat whether they is admin or not

[floridaflatlander]

my problem is when im registering in registration.php how to put user level field(textfield) if im put user field they can cheat whether they is admin or not

 

I assign my new registors a user level automatically. I assign the lowest level, which means after they register I then have to review their information and then assign then the regular user level. As I get more users to help me police the site I'll make it where they are assigned as a regular user when they register.

[shebbycs]

my problem is when im registering in registration.php how to put user level field(textfield) if im put user field they can cheat whether they is admin or not

 

I assign my new registors a user level automatically. I assign the lowest level, which means after they registor then I have to review their information and then assign then the regular user level. As I get more users to help me police the site I'll make it where they are assigned as a regular user when they registor.

 

 

can you show me the sample of registration coding

[floridaflatlander]

This is my the basic set up, of course you'll use your own variables and password hashing methoed

// If the form is submitted
if (isset($_POST['submitted'])) {


// Trim all the incoming data:
$trimmed = array_map('trim', $_POST);

// Assume invalid values:
$city = $zip = $state = FALSE;

// Check  City

// Check state

// example of check for fields
// Check for a 5 digit US zip and extension if one entered:
if (preg_match ('/^(\d{5})(-\d{4})?$/', $trimmed['zip'])) { // You can clean your data anyway you want
	$zip = mysqli_real_escape_string ($dbc, $trimmed['zip']);
} else {
	$zip_e = '<p class="error">Please enter your town or cities zip code.</p>';
}

if ($city && $zip && $state) {

// Add the user to the database:
$query = "INSERT INTO members (id, city, state, zip, level) VALUES (Null,  '$city', '$state', '0')";
$result = mysqli_query ($dbconnet, $query) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbconnet))
}

} // end summited

[shebbycs]

This is my the basic set up, of course you'll use your own variables and password hashing methoed

{

// Add the user to the database:
$query = "INSERT INTO members (id, city, state, zip, level) VALUES (Null,  '$city', '$state', '0')";
$result = mysqli_query ($dbconnet, $query) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbconnet))
}

} // end summited

 

 

this is my doubt im means when you doing this 

$query = "INSERT INTO members (id, city, state, zip, level) VALUES (Null,  '$city', '$state', '0')";

query that level you assign yourself as 0 as in my problem is im want its automatic to detect whether he is admin or user member only

[floridaflatlander]

this is my doubt im means when you doing this

query that level you assign yourself as 0 as in my problem is im want its automatic to detect whether he is admin or user member only

 

I have a form and the moment someone clicks submit, the code INSERTS the new user. I then have a page with a select statement that echo's a users table. This table lets me know who is active and who isn't. If I see a zero I'll check that new user out, if their info seems good I'll activate their account, if not I'll give their profile another number to let me know it was rejected.

[shebbycs]

this is my doubt im means when you doing this

query that level you assign yourself as 0 as in my problem is im want its automatic to detect whether he is admin or user member only

 

I have a form and the moment someone clicks submit, the code INSERTS the new user. I then have a page with a select statement that echo's a users table. This table lets me know who is active and who isn't. If I see a zero I'll check that new user out, if their info seems good I'll activate their account, if not I'll give their profile another number to let me know it was rejected.

 

 

but still im din get you but let me has try to code