nielcleo Posted July 28, 2011 Share Posted July 28, 2011 Hi there,I need some help about the login system i made a usual login system which the user and pass will store to database and get the information in the databaseand my problem is the permission or access to the likei have my post for example and i will put the link the edit post. i want to hide that to the guest/viewers.anyone here can share the codes thanks so much. Link to comment Share on other sites More sharing options...
Obi1-Cannabis Posted July 28, 2011 Share Posted July 28, 2011 if i get you alright you wan't to hide the 'edit post' from non logged users.all you should do is check if loggedin is true add it to the page, otherwise don't. Link to comment Share on other sites More sharing options...
nielcleo Posted July 28, 2011 Author Share Posted July 28, 2011 if i get you alright you wan't to hide the 'edit post' from non logged users.all you should do is check if loggedin is true add it to the page, otherwise don't.how can i check it? can you give me some code. Link to comment Share on other sites More sharing options...
Obi1-Cannabis Posted July 28, 2011 Share Posted July 28, 2011 having $_SESSION["user"]["login"] whith default value being false when not logged-in then when a user logs-in you give this session var the value of true <?php...your code...if(isset($_SESSION["user"]["login"]) && $_SESSION["user"]["login"] == true){?> <a href="your_link">Edit</a><?php}...continue code...?> Link to comment Share on other sites More sharing options...
nielcleo Posted July 28, 2011 Author Share Posted July 28, 2011 having $_SESSION["user"]["login"] whith default value being false when not logged-in then when a user logs-in you give this session var the value of true<?php...your code...if(isset($_SESSION["user"]["login"]) && $_SESSION["user"]["login"] == true){?> <a href="your_link">Edit</a><?php}...continue code...?> thanks for the code sir.if im not mistaken in session will store the user and pass of the admin and i need to change the user and login in your given source code?just a clarification sir thanks a lot Link to comment Share on other sites More sharing options...
Obi1-Cannabis Posted July 28, 2011 Share Posted July 28, 2011 no, you should not store any password on the session and if you want it only for admin you shoud have something to differentiate the admin from other users - a column isadmin(bit) set to 1 if the user is an administrator and to 0 if it's not.then when your user logs in you have to had that info to the session to.your $_SESSION["user"] would be something like $_SESSION["user"] = array("login"=>true,"username"=>"loged_user_name", "isadmin"=>true); when the user is an administrator, and then your code to show the edit link will be <?php...your code...if(isset($_SESSION["user"]["login"]) && $_SESSION["user"]["login"] == true && isset($_SESSION["user"]["isadmin"]) && $_SESSION["user"]["isadmin"] == true ){?> <a href="your_link">Edit</a><?php}...continue code...?> Link to comment Share on other sites More sharing options...
nielcleo Posted July 29, 2011 Author Share Posted July 29, 2011 Here's the codemy check login php login <?php$host="localhost";$username="";$password="";$db_name="test";$tbl_name="members";mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);$myusername = mysql_real_escape_string($myusername);$mypassword = mysql_real_escape_string($mypassword);$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);$count=mysql_num_rows($result);if($count==1){session_register("myusername");session_register("mypassword");header("location:login_success.php");}else {echo "Wrong Username or Password";}?> and this is the success login <?session_start();if(!session_is_registered(myusername)){header("location:main_login.php");}?><html><body>Login Successful</body></html> where should i insert the code you posted sir? sorry i got really confused about this thanks a lot for the effort sir Link to comment Share on other sites More sharing options...
thescientist Posted July 29, 2011 Share Posted July 29, 2011 well, as was mentioned, instead of using session register, just assign some meaningful properties to the SESSION array instead, and then check for them in the array.this if($count==1){ session_register("myusername"); session_register("mypassword"); header("location:login_success.php");} becomes if($count==1){ $_SESSION["user"] = array("login"=>true, "username"=> $myusername, "is_admin"=>true); //you will need to determine the admin part by checking the result of your query header("location:login_success.php");} and this session_start();if(!session_is_registered(myusername)){ header("location:main_login.php");}?> becomes this if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){ //user has logged in authenticated, etc //do admin check to show admin stuff if you need if($_SESSION['user']['logged_in']['is_admin']){ //admin code here };}; Link to comment Share on other sites More sharing options...
Obi1-Cannabis Posted July 29, 2011 Share Posted July 29, 2011 what thescientist said Link to comment Share on other sites More sharing options...
nielcleo Posted July 29, 2011 Author Share Posted July 29, 2011 thanks sir for the code but i encounter this errorWarning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\1\checklogin.php:5) in C:\xampp\htdocs\1\checklogin.php on line 35here's the code sir i uploaded it can u take a look about thishttp://www.qfpost.com/download.do?get=96ab...3b21a09978e7d8f Link to comment Share on other sites More sharing options...
thescientist Posted July 29, 2011 Share Posted July 29, 2011 that's simple. have you read about headers? They have called before any other on the page. no white space, no html tags, no nothing. simply enough, what is line 35?edit: http://www.w3schools.com/php/func_http_header.asp Link to comment Share on other sites More sharing options...
Ingolme Posted July 29, 2011 Share Posted July 29, 2011 Remember that session_start() sends headers as well. Link to comment Share on other sites More sharing options...
nielcleo Posted July 30, 2011 Author Share Posted July 30, 2011 that's simple. have you read about headers? They have called before any other on the page. no white space, no html tags, no nothing. simply enough, what is line 35?edit: http://www.w3schools.com/php/func_http_header.asp the line 35 is this sir header("location:success.php"); Link to comment Share on other sites More sharing options...
Ingolme Posted July 30, 2011 Share Posted July 30, 2011 This part points to the problem: output started at C:\xampp\htdocs\1\checklogin.php:5On line 5 something was printed onto the page. Nothing should be printed before a header is send. Link to comment Share on other sites More sharing options...
nielcleo Posted July 30, 2011 Author Share Posted July 30, 2011 This part points to the problem: output started at C:\xampp\htdocs\1\checklogin.php:5On line 5 something was printed onto the page. Nothing should be printed before a header is send.line 5 on checklogin.php or in the success.php?in checklogin the line 5 is <?php only and in success.php here's the code<?session_start();if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){ //user has logged in authenticated, etc //do admin check to show admin stuff if you need if($_SESSION['user']['logged_in']['is_admin']){ };};?><html><body>Must Redirect to index.php and show the admin link..</body></html> Link to comment Share on other sites More sharing options...
thescientist Posted July 30, 2011 Share Posted July 30, 2011 post all of checklogin. You say checklogin's line 5 is opening php tags. That means there's 4 line before it. Like we said, there can be no output before a header can be sent. no whitespace, html, nothing. Link to comment Share on other sites More sharing options...
nielcleo Posted July 30, 2011 Author Share Posted July 30, 2011 here's the checklogin <?php$host="localhost";$username="testdb";$password="123";$db_name="db_table";$tbl_name="members";mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);$myusername = mysql_real_escape_string($myusername);$mypassword = mysql_real_escape_string($mypassword);$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);$count=mysql_num_rows($result);if($count==1){ $_SESSION["user"] = array("login"=>true, "username"=> $myusername, "is_admin"=>true); //you will need to determine the admin part by checking the result of your query header("location:success.php");}else {echo "Wrong Username or Password";}?> and here's the new error when i remove the html tagWarning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\1\checklogin.php:3) in C:\xampp\htdocs\1\checklogin.php on line 33 Link to comment Share on other sites More sharing options...
thescientist Posted July 30, 2011 Share Posted July 30, 2011 it could be an issue of BOM. You should try re-saving your file and depending on the editor you use, try and very that you are saving your files without BOM, and UTF-8.edit: and just to verify, the php tag is the absolute first thing in the file? no empty lines or whitespace before it? Link to comment Share on other sites More sharing options...
nielcleo Posted July 30, 2011 Author Share Posted July 30, 2011 it could be an issue of BOM. You should try re-saving your file and depending on the editor you use, try and very that you are saving your files without BOM, and UTF-8.edit: and just to verify, the php tag is the absolute first thing in the file? no empty lines or whitespace before it?i use only notepad for this sir, ill check it it again..if you have editor to suggest thanks sir i have here frontpage only Link to comment Share on other sites More sharing options...
thescientist Posted July 30, 2011 Share Posted July 30, 2011 is the php tag the very thing in the document? the absolute first thing? Link to comment Share on other sites More sharing options...
nielcleo Posted July 30, 2011 Author Share Posted July 30, 2011 It's working sir.. thanks a lot sir Link to comment Share on other sites More sharing options...
nielcleo Posted July 31, 2011 Author Share Posted July 31, 2011 Its working sir. thanks a lot :)opss sorry for the double post... my net is not functioning correctly Link to comment Share on other sites More sharing options...
nielcleo Posted August 1, 2011 Author Share Posted August 1, 2011 Hi again i want to add in the login system how can i make a permission on other account..i mean level of the accountfor example admin and member the admin can post and edit the post and the member only post but cant edit the post.. hmmm.. i got confused of this.. Link to comment Share on other sites More sharing options...
nielcleo Posted August 9, 2011 Author Share Posted August 9, 2011 question sirabout system login here's the code for checklogin.php <?php$host="localhost";$username="testdb";$password="123";$db_name="db_table";$tbl_name="members";mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);$myusername = mysql_real_escape_string($myusername);$mypassword = mysql_real_escape_string($mypassword);$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);$count=mysql_num_rows($result);if($count==1){ $_SESSION["user"] = array("login"=>true, "username"=> $myusername, "is_admin"=>true); //you will need to determine the admin part by checking the result of your query header("location:success.php");}else {echo "Wrong Username or Password";}?> and the success.php <?session_start();if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){ //user has logged in authenticated, etc //do admin check to show admin stuff if you need if($_SESSION['user']['logged_in']['is_admin']){ admin page };};?> i encounter problem when i log its successfully logged but the admin code's are not showed... Link to comment Share on other sites More sharing options...
justsomeguy Posted August 9, 2011 Share Posted August 9, 2011 You need to use session_start on the login page also, it doesn't look like you are. Also, check your names:$_SESSION["user"] = array("login"=>true, "username"=> $myusername, "is_admin"=>true);if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){This isn't correct either:if($_SESSION['user']['logged_in']['is_admin'])It's just $_SESSION['user']['is_admin']. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.