acessing usertype present in database and setting privileges based on usertype

Vishwas_j

I have four modules or 4 action buttons ,depending the type of usertype i need enable or disable. plz help me with the code

checklogin.php

<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="members"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("members")or die("cannot select DB");
// username and password sent from form
$username=$POST['username'];
$password=$POST['password'];
$usertype=$_POST['dropmenu'];
// To protect MySQL injection (more detail about MySQL injection )
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM members WHERE username='$username' and
password='$password'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:fs.html");
}
else
{
echo "Wrong Username or Password";
echo"<br>";
echo"<a href='new main.php'>Back to main page</a>";
}
?>

main.php

</script>
</head>

</body>
</html>

Weedpacket

When posting code, please use the form markup tags described in the FAQs for marking up your code so that it is readable.

And don't forget to give an accurate description of your problem.

vivek151189

what you are trying to ask from the post Vishwas

you have given the code but does not specified what problem you are facing

Bunkermaster

You might want to brush up on CSS class usage while you're at it.

Vishwas_j

my problem is from the user login , i want to enable and disable the buttons

(document.getElementByid("cp")=true
document.getElementByid("up")=true
document.getElementByid("pr")=true
document.getElementByid("gp")=true
)

depending on the usertype(members,HOD,project leader).
for instance if usertype is hod i want to enable all and if usertype is member i want to disable gp and pr and so on.

Once the user login it is redirect to checklogin.php and if username and password matches it goes to main.php(where these 4 buttons are present) .Now i am not understanding using sessions or any mechanism how to enable and disable the buttons depending on usertype.

I have created a database with fields (id,username,password, and usertype)

so plz help me........

database.jpg version.jpg

Vishwas_j

<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="members"; // Database name
$tbl_name="members"; // Table name

$d=date("D");
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("members")or die("cannot select DB");
// username and password sent from form
$username=$POST['username'];
$password=$POST['password'];
// To protect MySQL injection (more detail about MySQL injection )
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM members WHERE username='$username' and
password='$password'and usertype='$usertype'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("usertype");
header("location:fs.html");
}

else if(isset($_SESSION['usertype'] == 'member')
{
document.getElementById("cp")=true;

document.getElementById("up")=true;

document.getElementById("pr")=true;

document.getElementById("gp")=true;
}
elseif (isset($_SESSION['usertype'] == 'pl')
{

document.getElementById("cp")=true;

document.getElementById("up")=true;

document.getElementById("pr")=true;

document.getElementById("gp")=true;
}
else
{

echo"<br>";
echo"<a href='new main.php'><center>Back to main page</center></a>";
}
?>

Bunkermaster

Little warning here:

http://us.php.net/manual/en/function.session-register.php
Warning
This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.

About your code
- you can probably get away with connecting to your db only once
- you need to protect your database against injection (http://en.wikipedia.org/wiki/SQL_injection)
- create a user role table with the cp , up , pr , gp fields and link your users to a user role then simply load the buttons.
- you mix javascript and PHP without separating them with proper tags
- you handle features limitation client side (anyone with knowledge of DOM modification can and will just skip your security measures)

I'm sure I could go on but that's at least what I see for now.

Vishwas_j

can get any example or some links. I m totally confused

Weedpacket

When posting code, please use the form markup tags described in the FAQs for marking up your code so that it is readable.

can get any example or some links. I m totally confused

See the [man]session_register[/man] manual page (which Bunkermaster already linked for you) for pointers on what to use instead.

Vishwas_j

can u help with the syntax......