admin and regular user access to page

Question

geneh23 0 Junior Poster

12 Years Ago

Hey everyone,

So I have another admin redirect problem. I have a file for user functions and login check/if exists..ect so the other redirect set of PHP paramaters won't work and all I want to do is redirect a user to access a page based on user_level. Whether the user_level is = 1 or = 0. I'm not sure what everyone needs needs to help me figure this out and to understand why it the way it needs to be but here it is:

if(!logged_in()){
    header('Location: index.php');
    exit();
}

if(!isset($_SESSION['user_level'])) {
  echo 'You are not allowed to access this page. Click <a href="index.php">here</a> to go back to the home page';
  exit();
}elseif(1 == (int)$_SESSION['user_level']){
  header('Location: create_album.php');
  exit;
}

I keep getting the message "You are not allowed to access this page..ect." and I get that respose for all users regardless of if the integer is 1 or 0 in the user_level field. Any Ideas? I've tried the var_dump SESSION and this is what I got as a result on the page "array
'user_id' => string '2' (length=1)"

Thanks for any help once again!

-Geneh23

php

4 Contributors
35 Replies
602 Views
1 Week Discussion Span
Latest Post 12 Years Ago Latest Post by geneh23

urtrivedi 276 Nearly a Posting Virtuoso

12 Years Ago

your var_dump means, user_level is not set only user_id is set, so in your login page, you also need to set user_level in sesssion

ckchaudhary 5 Newbie Poster

12 Years Ago

 else {
        $_SESSION['user_id'] = $login;
        header('Location: index.php');
        exit();
    }

so you are setting user_id in session. But where are you setting user_level in session?

urtrivedi 276 Nearly a Posting Virtuoso

12 Years Ago

after line 38 in your code, you have to set $_SESSION['user_level'] from database with query like

select user_level from usertable where useri_id='$login'

urtrivedi 276 Nearly a Posting Virtuoso

12 Years Ago

where is level stored in ur user table, send me login link and your mysql table sql script here

urtrivedi 276 Nearly a Posting Virtuoso

12 Years Ago

I also asked for table structure of user table, how is ur userleve stored?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

geneh23 0 Junior Poster · Answer 1 · 2012-09-18T23:59:31+00:00

how do I do that urtrivedi? Sorry I've been looking at this code for a while and it all seems jumbled now. I'll re-edit and add the login page script.

geneh23 0 Junior Poster · Answer 2 · 2012-09-19T00:01:19+00:00

login.php

<?php
if(logged_in()){
$user_data = user_data('name');
}else{
?>
    <form action="" method="post">
        <p>
            Email: <input type="email" name="login_email" />
            Password: <input type="password" name="login_password" />
            <input type="submit" value="Log in" />
        </p>
    </form>

<?php
}

if(isset($_POST['login_email'], $_POST['login_password'])){
    $login_email = $_POST['login_email'];
    $login_password = $_POST['login_password'];

    $errors = array();

    if(empty($login_email) || empty($login_password)){
        $errors[] = 'Email and Password required';
    }else{
        $login = login_check($login_email, $login_password);

        if($login === false){
            $errors[] = 'Unable to log you in';
        }
    }

    if(!empty($errors)){
        foreach($errors as $error){
            echo $error, '<br />';
        }
    } else {
        $_SESSION['user_id'] = $login;
        header('Location: index.php');
        exit();
    }
}

?>

geneh23 0 Junior Poster · Answer 3 · 2012-09-19T03:07:38+00:00

so I set my user_level..I think and now when I do the var_dump(); ..it outputs
"array
'user_id' => string '1' (length=1)
'user_level' => null"
what does this mean? that it doesn't exist?

geneh23 0 Junior Poster · Answer 4 · 2012-09-19T04:19:30+00:00

I don't think I did it right..how would I set user_level within that session user_id?

Bukhari1986 -4 Newbie Poster · Answer 5 · 2012-09-19T06:17:25+00:00

the same as you set the user_id.
$_SESSION['user_level']= $userlevel;
where in $userlevel, you already have to have the value of user level from the Database or set during the code.

geneh23 0 Junior Poster · Answer 6 · 2012-09-19T11:37:15+00:00

@ Bukhari1986, I still get the same result when I do a var_dump.. "array
'user_id' => string '1' (length=1)
'user_level' => null" :/

geneh23 0 Junior Poster · Answer 7 · 2012-09-20T15:41:24+00:00

but isn't there something I have to do with the query line, like make it into a variable and then store it as something else before I can use it?

geneh23 0 Junior Poster · Answer 8 · 2012-09-20T20:26:08+00:00

here is my user.func.php file with all my functions for users..

<?php

function logged_in(){
    return isset($_SESSION['user_id']);
}

function login_check($email, $password){
    $email = mysql_real_escape_string($email);
    $login_query = mysql_query("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `email`='$email' AND `password`='".md5($password)."'");
    return (mysql_result($login_query, 0) == 1) ? mysql_result($login_query, 0, 'user_id') : false;

}

function user_data(){

    $args = func_get_args();
    $fields = '`'.implode('`, `', $args).'`';

    $query = mysql_query("SELECT $fields FROM `users` WHERE user_id =".$_SESSION['user_id']) or die(mysql_error());
    $query_result = mysql_fetch_assoc($query);
    foreach($args as $field){
        $args[$field] = $query_result[$field];
    }
    return $args;
}

function user_register($email, $name, $password){
    $email = mysql_real_escape_string($email);
    $name = mysql_real_escape_string($name);
    mysql_query("INSERT INTO `users` VALUES ('', '$email', '$name', '".md5($password)."')");
    return mysql_insert_id();
}

function user_exists($email){
    $email = mysql_real_escape_string($email);
    $query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'");
    return (mysql_result($query, 0) == 1) ? true : false;
}
?>

urtrivedi 276 Nearly a Posting Virtuoso · Answer 9 · 2012-09-21T04:50:52+00:00

I am adding 2 new lines after 38 in your login.php

 $_SESSION['user_id'] = $login;
 $retarr=user_data("user_level");
 $_SESSION['user_level']=$retarr['user_level'];

geneh23 0 Junior Poster · Answer 10 · 2012-09-21T16:58:31+00:00

here is my table structure. Sorry I missed the part where you were asking that.

Table structure for table `users`
--

CREATE TABLE IF NOT EXISTS `users` (
  `user_id` int(11) NOT NULL AUTO_INCREMENT,
  `email` varchar(255) NOT NULL,
  `name` varchar(35) NOT NULL,
  `password` varchar(32) NOT NULL,
  `user_level` enum('0','1','2','3') NOT NULL DEFAULT '0',
  PRIMARY KEY (`user_id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

urtrivedi 276 Nearly a Posting Virtuoso · Answer 11 · 2012-09-24T02:33:15+00:00

I am adding 2 new lines after 38 in your login.php

$_SESSION['user_id'] = $login;
 $retarr=user_data("user_level");
 $_SESSION['user_level']=$retarr['user_level'];

I am posting it again, Have you tried this.

geneh23 0 Junior Poster · Answer 12 · 2012-09-24T07:26:53+00:00

@urtrivedi, yes, sorry I thought I had posted that I had put your two lines of code after line 38 and this is what it outputs:

Unknown column 'user_level' in 'field list'

geneh23 0 Junior Poster · Answer 13 · 2012-09-29T05:23:30+00:00

geneh23 0 Junior Poster

12 Years Ago

nobody else can help?..

urtrivedi 276 Nearly a Posting Virtuoso · Answer 14 · 2012-09-29T05:35:47+00:00

I am again adding 2 new lines after 38 in your login.php

$_SESSION['user_id'] = $login;


$query = mysql_query("SELECT user_level FROM `users` WHERE user_id =".$_SESSION['user_id']) or die(mysql_error());
    $query_result = mysql_fetch_assoc($query);


 $_SESSION['user_level']=$query_result['user_level'];

geneh23 0 Junior Poster · Answer 15 · 2012-09-29T06:02:13+00:00

I'm still getting the message "Unknown column 'user_level' in 'field list'" after I add that bit of code. :/

urtrivedi 276 Nearly a Posting Virtuoso · Answer 16 · 2012-09-29T06:04:37+00:00

you expecting us to solve everything for you. You can check that query syntax, see where is the problem, what is spelling of your user_level column

geneh23 0 Junior Poster · Answer 17 · 2012-09-29T16:28:23+00:00

The point of posting in this forum is because one simply doesn't understand what is going on with what ever the issue may be. It doesn't mean that I'm just simply asking because I'm too lazy to find the anser myself..I wouldn't post these kinds of questions if I didn't at least try to search for a solution or try to figure it out myself for days. Therefore I'm asking for professional help. I ask questions because I don't understand and I'm trying to learn. I don't expect everyone to just "solve" everything for me. I'm learning but some of the questions may seem basic for the rest of you guys out there.

urtrivedi 276 Nearly a Posting Virtuoso · Answer 18 · 2012-09-29T18:13:24+00:00

that is the spelling in the table script you posted. have you try to run that query in phpmyadmin?

geneh23 0 Junior Poster · Answer 19 · 2012-09-29T21:19:22+00:00

yep, and it doesn't work for some reason, now correct me if I'm wrong, and sorry for the stupid question but do I add the session variable in the query? it would seem as though the database wouldn't recognize the session at the end of the query.

geneh23 0 Junior Poster · Answer 20 · 2012-09-29T21:57:54+00:00

yes, I ran the query in phpmyadmin but of coarse I replaced the session with the actual value in the database and it ran fine.

urtrivedi 276 Nearly a Posting Virtuoso · Answer 21 · 2012-09-30T03:42:21+00:00

send full script of pages you used to login and next page wher you wnat user_levle and also again send ddatbase script. and some sample data sql

geneh23 0 Junior Poster · Answer 22 · 2012-09-30T05:17:33+00:00

Here is the login.php script

<?php
if(logged_in()){
$user_data = user_data('name');
}else{
?>
    <form action="" method="post">
        <p>
            Email: <input type="email" name="login_email" />
            Password: <input type="password" name="login_password" />
            <input type="submit" value="Log in" />
        </p>
    </form>

<?php
}

if(isset($_POST['login_email'], $_POST['login_password'])){
    $login_email = $_POST['login_email'];
    $login_password = $_POST['login_password'];

    $errors = array();

    if(empty($login_email) || empty($login_password)){
        $errors[] = 'Email and Password required';
    }else{
        $login = login_check($login_email, $login_password);

        if($login === false){
            $errors[] = 'Unable to log you in';
        }
    }

    if(!empty($errors)){
        foreach($errors as $error){
            echo $error, '<br />';
        }
    } else {
        $_SESSION['user_id'] = $login;
        $query = mysql_query("SELECT `user_level` FROM `users` WHERE `user_id` =".$_SESSION['user_id']) or die(mysql_error());
        $query_result = mysql_fetch_assoc($query);
        $_SESSION['user_level'] = $query_result['user_level'];
        header('Location: index.php');
        exit();
    }
}

?>

Here is the index.php (where I want the regular user to be redirected to)

<?php
include 'init.php';
include 'template/header.php';
?>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="Downloads/jquery.cycle.lite.1.0.min.js"></script>
<script type="text/javascript" src="Downloads/jquery.loadImages.1.0.1.min.js"></script>
<script type="text/javascript">
$(document).ready (funtion () (
  $.loadImages({'images/landing.png,
   'images/img4.png',
   'images/img3.png',
   'images/img2.png',
   'images/img1.png'}, function() {
  $('#img').show().cycle();
  });
});
</script>
<!-- include jQuery library -->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>

<!-- include Cycle plugin -->
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.74.js"></script>

<!--  initialize the slideshow when the DOM is ready -->
<script type="text/javascript">
$(document).ready(function() {
    $('.slideshow').cycle({
        fx: 'fade' // choose your transition type, ex: fade, scrollUp, shuffle, etc...
    });
});
</script>
</head>
<body>
<?php 
if(logged_in()){
    echo 'Welcome ' , $user_data['name'];
    echo '<br /><br />You may now start to <a style="text-decoration: underline;" href="create_album.php">create albums</a> and <a style="text-decoration: underline;" href="upload_image.php">upload images</a> or <a href="albums.php">view albums</a> ';
}else{
echo '<div class="slideshow">
<img src="images/landing.png" alt="slideshow"  width="750" height="267"/>
<img src="images/img1.png" alt="slideshow"  width="750" height="267"/>
<img src="images/img2.png" alt="slideshow"  width="750" height="267"/>
<img src="images/img3.png" alt="slideshow"  width="750" height="267"/>
<img src="images/img4.png" alt="slideshow"  width="750" height="267"/>
</div>
<noscript>
<div id="img">
<img src="images/landing.png" alt="slideshow" width="750" height="267"/>
</noscript>
</div>';
}

include 'template/footer.php';
?>

Here is the albums.php (where I want the admin with the user level of "1" to be redirected to)

<?php
include 'init.php';

if(!logged_in()){
    header('Location: index.php');
    exit();
}
include 'template/header.php';
?>

<h3>Albums</h3>

<?php

$albums = get_albums();

if(empty($albums)){
    echo '<p>You don\'t have any albums</p>';
} else{
    foreach($albums as $album){
        echo '<p style="padding: 5px; float: left;"><a href="view_album.php?album_id=', $album['id'], '">', $album['name'], '</a> (', $album['count'], ' images)<br />
        ', $album['description'], '...  <br />
        <a href="edit_album.php?album_id=', $album['id'], '">Edit</a> / <a href="delete_album.php?album_id=', $album['id'], '">Delete</a>
        </p>';
    }
}

include 'template/footer.php';
?>

Her is the table structure of the users table

CREATE TABLE IF NOT EXISTS `users` (
  `user_id` int(11) NOT NULL AUTO_INCREMENT,
  `email` varchar(255) NOT NULL,
  `name` varchar(35) NOT NULL,
  `password` varchar(32) NOT NULL,
  `user_level` enum('0','1','2','3') NOT NULL DEFAULT '0',
  PRIMARY KEY (`user_id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

the sql query that I put into the database

SELECT `user_level` FROM `users` WHERE `user_id` = '1'

urtrivedi 276 Nearly a Posting Virtuoso · Answer 23 · 2012-09-30T18:15:38+00:00

also send code for init.php, header.php and footer.php

geneh23 0 Junior Poster · Answer 24 · 2012-09-30T19:11:21+00:00

Here is my init.php file

<?php
ob_start();
session_start();

mysql_connect('127.0.0.1', 'root', '');
mysql_select_db('upload');
include 'func/user.func.php';
include 'func/album.func.php';
include 'func/image.func.php';
include 'func/thumb.func.php';

?>

header.php

 <!DOCTYPE HTML>
 <head>
 <title>Test</title>
 <link href="css/style.css" rel="stylesheet" type="text/css">
 </head>
 <body>

 <div id="menu">
      <?php include 'widgets/menu.php' ?>
 </div>
 <div id="container">
       <a href="index.php"><img src="images/logo.png" /></a>
       <span class="right">
             <?php include 'widgets/login.php' ?>
       </span>

       <div id="main">

Footer.php

           </div>

      </div>
      <div id="footer">
           &copy; <a href="#">YourWebsite.com</a> 2011. All rights reserved.
           <span class="right">Designed by <a href="#">Gene Howell</a></span>
      </div>

</body>
</html>