MySQL PHP login Admin, normal User

schumanna

Hi Everyone,
I'm trying to figure out what is the best methed for a web login system reconise Admin account from a normal user account. I thught that maybe I could have a boolan value saved into a table in a mysql database

i.e
0 = Admin user
1 = normal user

I have never built something like this before can anyone give me some tips on how you maybe designed it and structured your tables for this perpass? 🙂

Or maybe even a complet deffrent methed?

Thank you. 🙂

schumanna

ZibingsCoder

Well, personally I'd say you're on the right track. I usually leave a 3 digit smallint field for my access levels, that way I have more room to give people "unique" access situations, but that's up to you.

Basically, go with that if that's only as complicated as you want/need for your site. 🙂

schumanna

Hi again,
Okay I have build my login system. Now I want the log process to know how is admin and not.

i.e

1 = deny
2 = user
3 = editor
4 = admin
5 = root // dangeres. heh

The above being stored in the database.

and so I had adden this to the login bit


// Check for permission and then redirect
if ($_SESSION["permission"] == '1')
{
header("Location: signup.php?error=1");
}
elseif ($_SESSION["permission"] == '2')
{
header("Location: page2.php");
}
elseif ($_SESSION["permission"] == '3')
{
header("Location: page3.php");
}
elseif ($_SESSION["permission"] == '4')
{
header("Location: page4.php");
}
elseif ($_SESSION["permission"] == '5')
{
header("Location: page5.php");
}
else
{
header("Location: signup.php?error=1");
}
}

It works but now if the user does not login currect becouse for some reasion the

else
{
header("Location: signup.php?error=1");
}

bit does not work.

What do you think is rung with it. The PHP Manual says

There may be several elseifs within the same if statement.

so what am I doing rung?

And secand do you think this is a secure way of doing it and if not what would be a better way of coding it? 🙂

Thanks again,

schumanna

tommynanda

does it throw up some error? wats the current output when the user is invalid?

schumanna

It's not giving out any error messages. The login script just halt and displays nothing without redirecting. 🙁

schumanna

tommynanda

why do u have 2 }s at the end of ur code?

else 
{ 
header("Location: signup.php?error=1"); 
} 
}

schumanna

Ops, here is all the code

if (mysql_num_rows ($result) > 0)
	{ 
		$data = mysql_fetch_array ($result);

	// Register session
	$_SESSION["user_id"] = $data["user_Id"];
	$_SESSION["user_username"] = $data["username"];
	$_SESSION["user_surname"] = $data["surname"];
	$_SESSION["user_firstname"] = $data["firstname"];
	$_SESSION["user_email"] = $data["email"];
	$_SESSION["user_registered"] = $data["registered"];
	$_SESSION["user_last_logged"] = $data["last_logged"];
	$_SESSION["user_birth_date"] = $data["birth_date"];
	$_SESSION["user_permission"] = $data["permission"];

	// Check for permission and then redirect
	if ($_SESSION["user_permission"] == '0')
	{
		header("Location: signup.php?error=1");
	}
		elseif ($_SESSION["user_permission"] == '1')
	{
		header("Location: page1.php");
	}
		elseif ($_SESSION["user_permission"] == '2')
	{
		header("Location: page2.php");
	}
		elseif ($_SESSION["user_permission"] == '3')
	{
		header("Location: page3.php");
	}
		elseif ($_SESSION["user_permission"] =='4')
	{
		header("Location: page4.php");
	}
	else
	{
		header("Location: signup.php?error=1");
	}
}

schumanna