log in

rahaiffi

how to create a different login between admin and user in same page of login..

i use this coding to log in a user.....

<? session_start();

if (isset($HTTP_POST_VARS['idpengguna']) && isset($HTTP_POST_VARS['katalaluan']))

	// if the user has just tried to log on
	$idpengguna = $HTTP_POST_VARS['idpengguna'];
	$katalaluan = $HTTP_POST_VARS['katalaluan'];

	include 'dbase.php';

	$query = "SELECT * FROM pengguna
			  WHERE idpengguna = '$idpengguna'
			  AND katalaluan = '$katalaluan'";

	$result = mysql_db_query($dbname,$query);

	if ( mysql_num_rows($result) > 0 )
	{
		// if they are in the database register the user id
		$HTTP_SESSION_VARS['valid_user'] = $idpengguna;
	}



		if ( isset($HTTP_SESSION_VARS['valid_user']))
		{
				echo "<script language='Javascript'>
				alert('Anda Berjaya Login!');
				location.href='index?idpengguna=$idpengguna';
				</script>";
			}



			else
				{ 
					if (isset($idpengguna))
				{
						echo "<script language='Javascript'>
								alert('Id Pengguna atau Katalaluan Tidak Sah!');
								location.href='login.php';
								</script>";
				}  

				}		
?>

But i don't know how to log in a admin in a same page...please help me.

jansky

you must have an access level between the administrator and the user in your table
example for administrator the level should be 5 and the user the level should be 1

// login.php
session_start();
// consider the user click the button LOGIN and we have the field username and passwrod
$q=mysql_query("select * from users where user='".$_POST['user']."' and password='".$_POST['password']."' ");
if (mysql_num_rows($q)!=0)
{
$obj=mysql_fetch_object($q);
$_SESSION['userid']=$obj->id;
$_SESSION['access_level']=$obj->accesslevel; // field accesslevel 
}else
{
eco " Invalid account ";
}

// users.php
session_start();
if ($_SESSION['access_level']==5) echo " i am administrator";else echo " i am just a user ";

rahaiffi

how i create an access level between the administrator and the user..i have a diferent tables between user and administrator...

mrhappiness

That's not good.
Normal users and admins are all users, so I'ld suggest extending using only one table for both users and admins.
Extend that table by one column storing their access level (1 = user, 2 = admin for example)

rahaiffi

i try do this coding....but failed to know the user or admin was log in..the systems detect only user,anyway admin was log in..

<? session_start();

if (isset($HTTP_POST_VARS['idpengguna']) && isset($HTTP_POST_VARS['katalaluan']))

	// if the user has just tried to log on
	$idpengguna = $HTTP_POST_VARS['idpengguna'];
	$katalaluan = $HTTP_POST_VARS['katalaluan'];
	$admin      = $HTTP_POST_VARS['admin'];

	include 'dbase.php';

	$query = "SELECT * FROM pengguna
			  WHERE idpengguna = '$idpengguna'
			  AND katalaluan = '$katalaluan'";

	$result = mysql_db_query($dbname,$query);

	if ( mysql_num_rows($result) > 0 )
	{
		// if they are in the database register the user id
		$HTTP_SESSION_VARS['valid_user'] = $idpengguna;
		$HTTP_SESSION_VARS['admin'] = $admin;
	}



		if ( isset($HTTP_SESSION_VARS['valid_user']))
		{

				if ( isset($HTTP_SESSION_VARS['admin'])==1)


			{
				echo "<script language='Javascript'>
				alert('Anda Berjaya Login!Anda Login Sebagai Admin');
				location.href='indexadmin';
				</script>";
			}

			else

			{
				echo "<script language='Javascript'>
				alert('Anda Berjaya Login!');
				location.href='index';
				</script>";
			}
		}	
	else
				{ 
					if (isset($idpengguna))
				{
						echo "<script language='Javascript'>
								alert('Id Pengguna atau Katalaluan Tidak Sah!');
								location.href='login.php';
								</script>";
				}  

				}		
?>

please help to do the coding...

ranbla

You don't want a POST variable for admin. You're not getting that from the user input, you want to grab it from the $result you got from your query. If the admin column is 1, you know that user is an admin user and you can then set your session variable accordlingly.

xingeh

Hey, you might find this useful, its a script ive made for the site im currently coding. Change what you need, hope it helps! Also, you'll have to make adjustments to your DB or the script, either way you need to change something, sorry 😛

<?
// Set the variables to the posted information
$pusername = $_POST['nick'];
$ppassword = $_POST['password'];
// If form is submitted
if(isset($login)) {
// Change the submitted password into MD5 hash
$md5password = md5($ppassword);
// Check to see if the username and password are correct
$check = "SELECT * FROM users WHERE nickname = '$pusername' AND md5pw = '$md5password'";
// Do the query
$query = safe_query($check) or die("Failed to do query ($check) because: ".mysql_error());
// If the username / password dont match
if(mysql_num_rows($query) == 0) {
// Show the error message
echo("Your username / password are incorrect, please go <a href=\"javascript:history.back()\">back</a> and try again.");
}
else {
// Pull out the user's information
$row = mysql_fetch_array($query);
$userID = $row['userID'];
$username = $row['nickname'];
$averify = $row['averify'];
// Set cookies or sessions
$_SESSION['xdloggedin'] = $username;
$_SESSION['xduserid'] = $userID;
$_SESSION['averify'] = $row['averify'];
echo ("You are now logged in as $username ($userID), thank you. Redirecting you to where you came from.<br>If this message appears for more than 5 seconds, click <a href=\"./index.php?\">here</a>");
?>
<META HTTP-EQUIV="Refresh" CONTENT=";URL=./index.php?">
<?
}} else {
if(isset($_SESSION['xdloggedin'])) {
// Set the admin variable
if($_SESSION['averify'] == 1) {
$admin = "<a href=\"index.php?site=admin\" target=\"_blank\">Admin Center</a>";
} else {
$admin = "";
}
echo("Welcome, <a href=\"./?p=profile\">{$_SESSION['xdloggedin']}</a>;");
echo("<br>");
echo("<br>");
echo("<a href=\"index.php?site=news\">Main News</a>");
echo("<br>");
echo("<a href=\"index.php?site=messenger\">Messenger</a>");
echo("<br>");
echo("<a href=\"index.php?site=buddys\">Buddys</a>");
echo("<br>");
echo("$admin");
echo("<br>");
echo("<a href=\"index.php?logout=true\">Logout</a>");
} else {
// Echo the form
?>
  <form method="post" name="login" action="<? $_SERVER['PHP_SELF']; ?>"> 
    <input name="nick" type="text" class="form_username" onFocus="this.className='form_on'" onBlur="this.className='form_off'" size="10"> 
    <input name="password" type="password" class="form_password" onFocus="this.className='form_on'" onBlur="this.className='form_off'" size="10">

<input type="submit" name="login" value="login">
</form>
&#8226; <a href="index.php?site=register">register now</a><br>
&#8226; <a href="index.php?site=lostpassword">lost password</a><br>
&#8226; <a href="index.php?site=registered_users">registered users</a><br>
<?
}}
?>