Protected Pages

stuartygr

Hi all,

Firstly i would like to say hi to everyone as i am a newbee to this forum and going by the discussions i know i have come to the right place to resolve my problem.

I have just started using PHP, MYSQL, Databases etc and through someone elses hard work using their PHP script for a login with Admin features. Sadly the author last helped back in 2004 so i am looking for some help to update some of the code to get the function i require. Everything works fine but i would like to amend the code so that Users with Level 2 access can only access pages with Level 2 etc and Level 9 (admin) can access all levels from 0 to 9. Below is my code in my page........

<?
include("include/session.php");
?>

<html>
<title>Protected Page</title>

<?
/* User is not logged in */
if(!$session->logged_in){
?>

<body>
Insert HTML code here that says "You are not allowed to view this page"
</body>

<?
}
/* User is logged in */
else{
?>

<body>
Insert HTML code here that says "This is the protected page"
</body>

<?
}
?>

</html>

This works fine but will allow anyone who is logged in to access protected pages. I came accross this script....

if(!$session->userlevel == 2){<br>
&nbsp;&nbsp;echo "You are not allowed to view this page";<br>

I am unable to include this script as i keep getting errors.

Any help would be appreciated

Stuarty:queasy:

__berfuzz

First of all, how do you store user_data? In an sql-table? Check the file session.php You need to add some info about access level. Then you'll be able to check users access level and hide parts of a file or whole files to dfferent users.

halojoy

überfuzz wrote:
First of all, how do you store user_data? In an sql-table? Check the file session.php You need to add some info about access level. Then you'll be able to check users access level and hide parts of a file or whole files to dfferent users.

Yes, one way you would do
is to create a new table in database with 2-3 fields
it would take UserID number from Users table
and add a user LEVEL for each user.

Banned IP-numbersshould have Level=0 ... you do not want them at your pages, at all
Guests could have a default level of 1
Normal User = Level 2
Special users Groups, level = 3-8
Admin level= 9
and so on

CREATE TABLE user_level {
ItemID integer AUTO_INCREMENT,
UserID integer UNIQUE, (this is the UserID, taken from UserTable)
ULevel  integer ( range from 0-9 )
----------
BannedIP string ( this is probably only makingcomplications, but an Idea )
.. it is much better to make a new special 'TABLE banned_ips' ... for this!
}

===========================

I want to know if you have access to a web interface called phpMyAdmin.
With this you should be able to login and CREATE new table, very easy 🙂

This is the start.
Then, like told, have a look where user BECOMES 'logged_in',
most probably in file: includes/session.php

If we are very lucky 🙂 it could be enough if you add a new function, method in this file. this class.
A function to get level from user_level TABLE, each time somebody Login.

The default visitor would get the default Level = 1, ( or 0 ), without Logging in.
This could also be set in same file: session.php

Inside session.php you would probably see this or something like it:

<?php

class session {

function check_login (){
    //code
}

// this one function we need to add
function set_user_level(){

// code for this operation
// get 'level' from TABLE user_level
// for UserID #nn
return $level
}

?>

regars 🙂
halojoy

stuartygr

Hi, thanks for your reply but i am getting more confused now. I think what you are trying to say but i have already have thoes scripts in place. The users are defined, userlevels are defined, have the option for banlists of users & ip addresses as my pic shows attached.

I have everything working as the database tables for temp users, guest, active etc are all in place, please try out...http://www.sam-grahame.co.uk/newlogin/main.php. if you click on the level2 page link then i want script so that only level 2 users can access it but level 9 can access all levels as this is defined as admin.

You can see the code for this login at http://www.evolt.org/PHP-Login-System-with-Admin-Features

Sorry for all the confusion.

Stuarty

stuartygr

My apologies, please read later post first.....

enter to access

username :- username
password:- password

userlevel = 4

when you login and access level2 page you are given access as you are logged in due to the

<?
/* User is not logged in */
if(!$session->logged_in){
?>

cheers, stuarty

stuartygr

You can see the code for this login at http://www.evolt.org/PHP-Login-System-with-Admin-Features

Sorry for all the confusion.

Stuarty

halojoy

This works fine but will allow anyone who is logged in to access protected pages. I came accross this script....

PHP Code:
if(!$session->userlevel == 2){<br>
  echo "You are not allowed to view this page";<br>

I am unable to include this script as i keep getting errors.

It is not enough to say: I am getting ERROR.
You should post the Error Message.
Without a more specific description of youjr error AND the code that causes this error
we can only make guesses into the blue sky.

Like going to doctor and say:
Can you help me, I am not well.

No, you really should to say:
I have this terrible pain in my stomach.
Especially after dinner. It is a pain in this side (left or right) of my stomach.
Please help me, doctor please

Welcome with some good info 🙂
Will keep me from speculate and post scripts and suggestion ... out into the blue.

By the way, the Login Script, you mention
I know very well. It is one of the most used Free PHP login applications.
Even if it is a bit 'old code', by now.
http://www.evolt.org/PHP-Login-System-with-Admin-Features
From the PHP 4 period.

regars 🙂
halojoy

stuartygr

Ok.... firstly i applogise for not explaining myself clearly and to stop speculation. Having sat down and going through the script i have managed to get half way there as i have managed to restrict users to certain pages by using the following script....

<?
include("include/session.php");


if($session->userlevel == 2){
   echo "You are allowed to view this page";
}
else{
   echo "You are NOT allowed to view this page";
}

?>

The errors were unexpected "{" or "Else" errors but when sorted correctlt it worked. My only other problem is how do you input additional $session that will allow userlevel 9 to view all pages as this is my admin level. I can now give userlevel to members so that they are only able to view pages on what level they are allocated. I myself however require access to all pages and with my userlevel at 9 it won't allow me to access say a level 2 restricted page.

Stuarty

laserlight

My only other problem is how do you input additional $session that will allow userlevel 9 to view all pages as this is my admin level. I can now give userlevel to members so that they are only able to view pages on what level they are allocated. I myself however require access to all pages and with my userlevel at 9 it won't allow me to access say a level 2 restricted page.

You could write:

if($session->userlevel == 2 || $session->userlevel == 9){

However, for better readability and maintenance you could declare a class constant and then write:

if($session->userlevel == 2 || $session->userlevel == session::ADMIN_LEVEL){