[RESOLVED] produce differnent pages based on login?

DP23

having trouble finding the best way to script this scenario:

when a member logs in he/she accesses the site. (this is no problem and scripted in the code below.)

however i want to add in one condition where if a user name and password is equal to "asd" and "asd" (being administrative u+p) would access the same page but with extra functionality. i.e. so that this condition would give administration access to the user that provides U+P of "asd" and "asd"

i was thinkin of somthing along the lines of adding in an IF statement like

if '$_POST[username]' AND  '$_POST[password]' = "asd" AND "asd"

into my code.

here is my code so far. please advise:

<?php


if(!isset($_COOKIE['login']) || $_COOKIE['login']!=1)
{

if (!isset($_POST[username]) || !isset($_POST[password])) {
    header("Location: wrong.php?notlogged=1");
    exit;
}

//connect to server and select database
$conn = mysql_connect ('localhost', '','') or die ('could not connect to MYSQL because: ' . mysql_error());

mysql_select_db (blueprintdb) or die ('could not select the DB because: ' . mysql_error());

//create and issue the query



$sql = "select first_name, last_name from users where username = '$_POST[username]' AND password = '$_POST[password]'";
$result = mysql_query($sql,$conn) or die("User Query Error ".mysql_error());

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
   //if authorized, get the values of f_name l_name
   $first_name = mysql_result($result, 0, 'first_name');
   $last_name = mysql_result($result, 0, 'last_name');

   //set authorization cookie
   setcookie("login", "1", false, "/", false, 0);
   setcookie("firstname",  "$first_name", false, "/", false, 0);
  //print "Cookie status: authorised-".$_COOKIE[auth];

   //prepare message for printing, and user menu
   $msg = "<h2><font color = #6DA6E2>$first_name $last_name you are now a member of Dynamic Homes...</h2></p>";

} else 
  {
   //redirect back to login form if not authorised
   header("Location: wrong.php");
 //print "Wrong user name or password. Please try login again</a>";
   exit;
}

}
if($_COOKIE['login']==1)
print "Hello ".$_COOKIE[firstname];
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Dynamic Homes</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>

<body>

<div id="container">

<div id="header">
<form name="form1" id="form1" method="post" action="">

  <div align="left">
    <input type="text" name="textfield" value="Search For..." />
    <input class=" button" type="submit" name="Submit" value="GO" />
  </div>
</form>
<h1 align="left">Dynamic Homes</h1>
<p align="left">Making dream homes possible</p>
</div>

<div id="tabs10">

  <div align="left">
      <ul>
        <li><a href="index.html" title="Link 1"><span>Home</span></a></li>
    <li><a href="bungalow.php" title="Link 2"><span>Bungalow</span></a></li>
    <li><a href="split_level.php" title="Link 3"><span>Split Level</span></a></li>
   <li><a href="tudor.php" title="Link 4"><span>Tudor</span></a></li>
    <li><a href="star_house.php" title="Link 5"><span>*Star Home*</span></a></li>
	<li><a href="Garage_plans.php" title="Link 7"><span>Garage Plans</span></a></li>
    <li><a href="index_register2.html" title="Link 6"><span>Register</span></a></li>
	<li><a href="Contact_us.php" title="Link 8"><span>Contact Us</span></a></li>
      </ul>
  </div>
</div>
<div id="container2">

<div id="content">
<h2></h2>
<img src="left.gif" alt="Right Align" width="150" height="112" class="right" />
<p></p>
&nbsp;
&nbsp;
&nbsp;
<h2></h2>
<? print "$msg"; ?>
<h2 align="left">Pick the criteria you would like in your dream home..</h2>

   &nbsp;
  &nbsp;
  &nbsp; 

  <p>
<FORM ACTION="frontpage5_response.php" METHOD=POST>

<div align="left">House type?:&nbsp;
  &nbsp;&nbsp;
  &nbsp; &nbsp;
  &nbsp;&nbsp;
  &nbsp;&nbsp;
  &nbsp;
  <select name="type1"> 
    <option value="detached"> detached </option>
    <option value="split"> split</option>
    <option value="semi"> semi</option>
  </select>
  <br>
  <br>
  Number of floors?:&nbsp;
  &nbsp;&nbsp;
  &nbsp;
  &nbsp;
  <select name="story"> 
    <option value="one" selected> One Storey 
    </opion>
    <option value="two"> Two Storey 
    </opion>
    <option value="split"> Three Storey 
    </opion>

</select>
  <br>
  <br>
  How many bedrooms?: &nbsp;
  <select name="bedrooms"> 
    <option value="1"> 1
    </opion>
    <option value="2"> 2
    </opion>
    <option value="3">3
    </opion>
    <option value="4"> 4 
    </opion>

</select>
  <br>
  <br>
  How many bathrooms?: 
  <select name="bathrooms"> 
    <option value="1"> 1  

    </opion>
    <option value="2"> 2 
    </opion>
    <option value="3"> 3 
    </opion>
    <option value="4"> 4 
    </opion>
    </select>
  <br>

  <br>
  <br>
  <input type ="submit" value="send">

  <br>
  <br>

</div>
<p align="left"></p>
<div align="left"><img src="Deliciously_Blue/left.gif" alt="Left Align" width="150" height="112" class="left" /><br />

</div>
<h2 align="left">Ive changed my mind.</h2>
<p align="left">
Take me back to <a href="index.html">homepage</a></p>

<div id="footer">
<p align="left">
<a href="http://www.dynamichomes.com">Dynamic Homes</a> | Copyright &copy; Phillipa Flynn | Design by <a href="#">DrunkinP</a></p>
</div>

</div>

</div>

</body>
</html>

Blulagoon

This won't work:

if '$_POST[username]' AND  '$_POST[password]' = "asd" AND "asd"

this should create the condition you require

if (($_POST['username'] == "asd") AND ($_POST['password'] == "asd"))

HTH - Blu

DP23

but when i integrate that with the rest of the code it throws the form out ... any ideas on how i can integrate that into the html code?

Weedpacket

What would be better if this sort of information was stored in the database as an additional field, along with the other user details. Then this information can be retrieved at the same time as the username and password are being checked. "Yes, that person's registered - and as an admin, too!"

DP23

i just want to have one u+p that is an administrator so .. surely that wud be just one IF statement right?

Blulagoon

Presumably the admin page will be different to the user page, additional html to provide the administrative functions you require.

if (($_POST['username'] == "asd") AND ($_POST['password'] == "asd")) {
header("Location: admin.php"); 
    exit;
}
else  {
header("Location: user.php"); 
    exit;
}

Does this help ?
Blu

Having said the above, I agree 100% with Weedpacket putting some kind of status field in the db now would be the best solution.

DP23

yes blu that seems up the right alley... im just after working on this code so much now im boggled eyed looking at it. One more Q.. im just not sure how to integrate that with my own code as there is already many nested IF statements in it....

any suggestions? :bemused:

DP23

sorry i have just got it workin a treat ! thanx a mil 😃

Weedpacket

Just remember that you've now got the administrator's username and password in the PHP source code, so that if an attacker manages to gain access to your web server's document tree, they now have the administrator's username and password.

And just remember how much work you'll be needing to do if you ever think of having two administrators.

DP23

i know, and thats good advice but its just a detail that i want in my 1st prototype. in later versions i will create a DB and such L🙂 thanx again