using sessions

natman3

I am having a bit of trouble. My goal is to have a user once he submits his user name and password be directed to the correct page depending on what what value is in a field within his users table. In my case i have a table that is titled users where when a person registers he chooses his user name, pw, and fills in the appropriate data within the form. In one opion within the form he must choose either college or highschool. this gets placed in a field within the table. I am wanting to have a login that will look at the users field and if its of type college it will bring him to a secure page titled coll_page.php and if he is highschool it will go to high_page.php Right now I am not sure how to handle this with the functions that I have and how to get the field from the dba to use in a session. Does anyone have any ideas or know of some resources other than refering me to the php manual. I have read the sessions portion in the php manual already. bellow i have my php code if anyone wants to take a look.

 

//--------- access_user_class.php --------

<?php
session_start();
require("./db_config.php");

class Access_user {

var $table_name =  USER_TABLE; 

var $user;
var $user_pw;
var $user_full_name;
var $user_info;
var $user_email;
var $save_login = "no";
var $cookie_name = COOKIE_NAME;
var $cookie_path = COOKIE_PATH; 
var $is_cookie;

var $count_visit;

var $id;
var $language = "en"; 
var $the_msg;
var $login_page;
var $main_page;
var $high_page;
var $coll_page;
var $password_page;

var $webmaster_mail = WEBMASTER_MAIL;
var $webmaster_name = WEBMASTER_NAME;

function Access_user() {
	// connects to dba
	$this->connect_db();
	// login reader number of times
	$this->login_reader();
	// login page is set to login.php
	$this->login_page = LOGIN_PAGE;
	// main page is set to example.php
	$this->main_page = START_PAGE;
	// main page is set to user_high.php
	$this->high_page = HIGH_PAGE;
	// main page is set to user_coll.php
	$this->coll_page = COLL_PAGE;
	// password page resets password by using activate_password.php
	$this->password_page = ACTIVE_PASS_PAGE; 
}	

// connects to dba
function connect_db() {
	$conn_str = mysql_connect(DB_SERVER, DB_USER, DB_PASSWORD);
	mysql_select_db(DB_NAME, $conn_str);
}

// login_reader checks number of login
function login_reader() {
	if (isset($_COOKIE[$this->cookie_name])) {
		$cookie_parts = explode(chr(31), $_COOKIE[$this->cookie_name]);
		$this->user = $cookie_parts[0];
		$this->user_pw = base64_decode($cookie_parts[1]);
		$this->is_cookie = true;
	}			 
}

// Checks for relative information that is passed in to preform function
function check_user($pass) {
	switch ($pass) {
		case "new": 
		$sql = sprintf("SELECT COUNT(*) AS test FROM %s WHERE email = '%s' || login = '%s'", $this->table_name, $this->user_email, $this->user);
		break;
		case "lost":
		$sql = sprintf("SELECT COUNT(*) AS test FROM %s WHERE email = '%s' AND active = 'y'", $this->table_name, $this->user_email);
		break;
		case "new_pass":
		$sql = sprintf("SELECT COUNT(*) AS test FROM %s WHERE pw = '%s' AND id = %s", $this->table_name, $this->user_pw, $this->id);
		break;
		case "active":
		$sql = sprintf("SELECT COUNT(*) AS test FROM %s WHERE id = %s AND active = 'n'", $this->table_name, $this->id);
		break;
		case "validate":
		$sql = sprintf("SELECT COUNT(*) AS test FROM %s WHERE id = %s AND tmp_mail <> ''", $this->table_name, $this->id);
		break;
		default:
		$pass = (strlen($pass) < 32) ? md5($pass) : $pass;
		$sql = sprintf("SELECT COUNT(*) AS test FROM %s WHERE BINARY login = '%s' AND pw = '%s' AND active = 'y'", $this->table_name, $this->user, $pass);
	}
	$result = mysql_query($sql);
	if (mysql_result($result, 0, "test") == 1) {
		return true;
	} else {
		return false;
	}
}

function set_user() {
	$_SESSION['user'] = $this->user;
	$_SESSION['pw'] = $this->user_pw;
	if (isset($_SESSION['referer']) && $_SESSION['referer'] != "") {
		$next_page = $_SESSION['referer'];
		unset($_SESSION['referer']);
	}
	else if (isset($_SESSION[''])) {
		$next_page = $this->high_page;
	}
	 else {
		$next_page = $this->main_page;
	}
	header("Location: ".$next_page);
}

// login_user is for the login.php page checks user and pw
function login_user($user, $password) {
	if ($user != "" && $password != "") {
		$this->user = $user;
		$this->user_pw = $password;
		// checks to see if user's pw is in the dba
		if ($this->check_user($this->user_pw)) {
			$this->login_saver();
			if ($this->count_visit) {
				$this->reg_visit($user, $password);
			}
			$this->set_user();
		} else {
			// Login and/or password did not match to the database
			$this->the_msg = $this->messages(10);
		}
	} else {
		// Login and/or password is empty!
		$this->the_msg = $this->messages(11);
	}
}

// use a cookie to remember the login
function login_saver() {
	if ($this->save_login == "no") {
		if (isset($_COOKIE[$this->cookie_name])) {
			$expire = time()-3600;
		} else {
			return;
		}
	} else {
		$expire = time()+2592000;
	}		
	$cookie_str = $this->user.chr(31).base64_encode($this->user_pw);
	setcookie($this->cookie_name, $cookie_str, $expire, $this->cookie_path);
}

// I think this sets the datetime of when user entered site
function reg_visit($login, $pass) {
	$visit_sql = sprintf("UPDATE reg_users SET extra_info = '%s' WHERE login = '%s' AND pw = '%s'", date("Y-m-d H:i:s"), $login, md5($pass));
	mysql_query($visit_sql);
}

// Logs user out of site
function log_out() {
	unset($_SESSION['user']);
	unset($_SESSION['pw']);
	header("Location: ".$this->login_page);
}

// ---------- Gives login user access if he has username and password ------------

function access_page($refer = "", $qs = "") {
	$refer_qs = $refer;
	$refer_qs .= ($qs != "") ? "?".$qs : "";
	if (isset($_SESSION['user']) && isset($_SESSION['pw'])) {
		$this->user = $_SESSION['user'];
		$this->user_pw = $_SESSION['pw'];
		if (!$this->check_user($this->user_pw)) {
			$_SESSION['referer'] = $refer_qs;
			header("Location: ".$this->login_page);
		}
	} else { 
		$_SESSION['referer'] = $refer_qs;
		header("Location: ".$this->login_page);
	}
}

//---------- the page that user goes to when logged in user_main.php


<?php 
include($_SERVER['DOCUMENT_ROOT']."/user/access_user_class.php"); 

$page_protect = new Access_user;
// $page_protect->login_page = "login.php"; // change this only if your login is on another page
$page_protect->access_page(); // only set this this method to protect your page

if (isset($_GET['action']) && $_GET['action'] == "log_out") {
	$page_protect->log_out(); // the method to log off
}
?>

//---------- login.php ----------

<?php 
include($_SERVER['DOCUMENT_ROOT']."/user/access_user_class.php"); 

$my_access = new Access_user;
// $my_access->language = "de"; // use this selector to get messages in other languages
if (isset($_GET['activate']) && isset($_GET['ident'])) { // this two variables are required for activating/updating the account/password
	$my_access->activate_account($_GET['activate'], $_GET['ident']); // the activation method 
}
if (isset($_GET['validate']) && isset($_GET['id'])) { // this two variables are required for activating/updating the new e-mail address
	$my_access->validate_email($_GET['validate'], $_GET['id']); // the validation method 
}
if (isset($_POST['Submit'])) {
	$my_access->save_login = (isset($_POST['remember'])) ? $_POST['remember'] : "no"; // use a cookie to remember the login
	$my_access->count_visit = true; // if this is true then the last visitdate is saved in the database
	$my_access->login_user($_POST['login'], $_POST['password']); // call the login method
}



$error = $my_access->the_msg; 
?> 

// ------ db_config.php

<?php 
// use this pathes and/or define the pathes for the "standard" pages
define("CLASS_PATH", dirname($_SERVER['PHP_SELF'])."/"); // the location where the class is executed
$sec_path = "/user/"; // a second location where the scripts should be 
define("APPLICATION_PATH", $sec_path);

// modify these constants to fit your environment
define("DB_SERVER", "localhost");
define("DB_NAME", "Chilepepper");
define ("DB_USER", "root");
define ("DB_PASSWORD", "*****");

// these are the names for the standard table names
define("USER_TABLE", "users"); 
define("PROFILE_TABLE", "users_profile");

// variables (locations) standard pages (combine the pathes from the top or use your own)
define("LOGIN_PAGE", CLASS_PATH."login.php");
define("START_PAGE", "/user/user_main.php");
define("COLL_PAGE", "/user/user_coll.php");
define("HIGH_PAGE", "/user/user_high.php");
define("ACTIVE_PASS_PAGE", APPLICATION_PATH."activate_password.php");
// your path must be related to the site root.

// change this constants to the right mail settings
define("WEBMASTER_MAIL", "millern@jbu.edu"); 
define("WEBMASTER_NAME", "Nathanael Miller"); 

// change this two vars if you need...
define("COOKIE_NAME", "user"); 
define("COOKIE_PATH", APPLICATION_PATH); 
?>

gufmn

Please enclose your code in [ p h p ] [ / p h p ] (no spaces) tags. It makes it much easier to read and you're more likely to get help.

natman3

thanks i did not know you could have that option thanks