Member Avatar for sultankhan

hiii!
Can any one help me to add super user to my login script that can veiw and edit all user,
and evry user can veiw his/her profile like facebook.
hope you people will help me.

  • 2 Contributors
  • 21 Replies
  • 151 Views
  • 4 Days Discussion Span
  • Latest Post Latest Post by diafol
Member Avatar for sultankhan 
<html>
<head>
<title>login page</title>
<link rel="stylesheet" type="text/css" media="all" href="style.css" />
</head>

<form action="index.php" method=get>

<?php
 $user;

session_start(); 

if( $_SESSION["logging"]&& $_SESSION["logged"])
{ 

     print_secure_contentt();
     print_secure_content();

}

else {
    if(!$_SESSION["logging"])
    {  
    $_SESSION["logging"]=true;
    loginform();
    }
       else if($_SESSION["logging"])
       {  

         $number_of_rows=checkpass();

         if($number_of_rows==1)
         {
                $_SESSION["admin"];
                 $_SESSION[admin]=$_GET[userlogin];
              $_SESSION[logged]=true;
              //header('Location:newAdmin.php');
               print_secure_contentt();
               }
         if($number_of_rows==1)
            {   
             $_SESSION["user"];
             $_SESSION[user]=$_GET[userlogin];
             $_SESSION[logged]=true;

             header('Location:welcome.php');


             print_secure_content();
            }

            else{
                print "wrong pawssword or username, please try again";  
                loginform();
            }
        }
     }


function loginform()
{
print "please enter your login information to proceed with our site";
//print ("<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
//print "<input type='submit' >";    
//print "<h3><a href='registerform.php'>register now!</a></h3>";    
}

function checkpass()
{
$servername="localhost";
$username="root";
$conn=  mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("test",$conn);
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[password]'";
$result=mysql_query($sql,$conn) or die(mysql_error());
return  mysql_num_rows($result);
}

function print_secure_content()

{    
    header ("Location: welcome.php");


}

function print_secure_contentt()
{   
    //header('Location:newAdmin.php');


}

?>


<form action="welcome.php" method="get">

<div class= "nine"><table border="0" cellpadding="1" cellspacing="0" id="tblsubmit" align="center" class="pos4">
<tr>
<td>  username:  </td>
<td><input type='text' name='userlogin' size'20'></td>
</tr>
<tr>
<td>password</td><td><input type='password' name='password' size'20'></td></tr></table></form>
<p class="submit">
<input type="submit" value="Log In" tabindex="100" ></p>
<p class="forgetmenot"><label for="rememberme"><input name="rememberme" id="rememberme" value="forever" tabindex="90" type="checkbox"> Remember Me</label></p></div>
<div class="pos2"><img border="0" src="login.jpg"  width="80" height="50"></div>       
<div id ="menu">If New User click here to:<a href='registerform.php'>register now!</a></div>
<p class="pos3">Login here</p>


</form>




</body>
</html>
Member Avatar for sultankhan

this my login page code

Member Avatar for diafol

With what bit do you need help? 100 odd lines of code - can you whittle it down a bit?

Member Avatar for sultankhan 
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("test", $con);

$result = mysql_query("SELECT * FROM users");
?>
<div class= "nine"><table border="0" cellpadding="1" cellspacing="0" id="tblsubmit" align="center" class="pos6"> 
</div>
<?php
while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['name'] . "</td>";
  echo "<td>" . $row['email'] . "</td>";
   echo "<td>" . $row['password'] . "</td>";
  echo "</tr>";
  }
echo "</table>";

mysql_close($con);
?>

thank you very much diafol!
i need help here it show all user while i want only that user which is login mean a user can see only his/her profile
hope now u will undertand my question.
$result = mysql_query("SELECT * FROM users");

Member Avatar for sultankhan

please some one help me

Member Avatar for diafol

For me a simple solution works off the session variable ($_SESSION['user_level']).
If an user is logged in, they should see their own profile page (including the admin user) - this works off $_SESSION['user_id']. This is only set when an user/admin has logged in.

The $_SESSION['user_level'] could hold an integer like 1 = regular user, 2 = admin, 3 = superadmin etc.

You may find that a separate page would serve as a place to edit all users. This could be placed in an admin nav item, which is only visible if the $_SESSION['user_level'] > 1. Also that page would be protected from direct access, like:

if(!isset($_SESSION['user_level']) || $_SESSION['user_level'] < 2){
    header('index.php');
    exit;
}

The table code you posted looks ok to me.

Member Avatar for sultankhan

Dear diafol!
Where should paste this code?

Member Avatar for sultankhan

please give me all code because when i past it in my admin page it do nothing
when i remove the exit then my page not change

Member Avatar for diafol

sorry:

 header('Location: index.php');
 exit;
Member Avatar for sultankhan

when i keep this code in my index.php it gives the following error

The page isn't redirecting properly

my index.php code is here

<form action="index.php" method=get>

<?php
 $user;

session_start(); 


if( $_SESSION["logging"]&& $_SESSION["logged"])
{ 

     print_secure_contentt();
     print_secure_content();

}

else {
    if(!$_SESSION["logging"])
    {  
    $_SESSION["logging"]=true;
    loginform();
    }
       else if($_SESSION["logging"])
       {  

         $number_of_rows=checkpass();

         if($number_of_rows==1)
         {
                $_SESSION["admin"];
                 $_SESSION[admin]=$_GET[userlogin];
              $_SESSION[logged]=true;
              //header('Location:newAdmin.php');
               print_secure_contentt();
               }
         if($number_of_rows==1)
            {   
             $_SESSION["user"];
             $_SESSION[user]=$_GET[userlogin];
             $_SESSION[logged]=true;

             header('Location:welcome.php');


             print_secure_content();
            }

            else{
                echo "wrong pawssword or username, please try again";   
                loginform();
            }
        }
     }
Member Avatar for diafol

If this in in the index.php, then you don't want to redirect to the index.php as you may get an infinite redirect loop.

Member Avatar for sultankhan

so i only past the if loop?

Member Avatar for sultankhan

my index is ok except when i login as admin it does not go to admin page

 if($number_of_rows==1)
{
$_SESSION["admin"];
$_SESSION[admin]=$_GET[userlogin];
$_SESSION[logged]=true;
//header('Location:newAdmin.php');
print_secure_contentt();
}
if($number_of_rows==1)
{
$_SESSION["user"];
$_SESSION[user]=$_GET[userlogin];
$_SESSION[logged]=true;
header('Location:welcome.php');
print_secure_content();
}
else{
echo "wrong pawssword or username, please try again";
loginform();

this what i have do for user page and admin page please help me

Member Avatar for sultankhan

hope now u will help me thanks in advance........

Edited by sultankhan
Member Avatar for sultankhan

ok diafol i have solved this problem by anthor method thinks for your help....

Member Avatar for diafol

Ok, mark thread as solved.

Member Avatar for sultankhan

but now i want that how can a user see and edit his profile?

Member Avatar for diafol

Again, down to session variable.

You could set up a profiles page where the profile showed is the one in the url querystring (similar to Daniweb). Only when the user id in the querystring is equal to the session user id (or if the user is an admin), do you make it editable.

Member Avatar for sultankhan

please give me a code because i am new in php

Member Avatar for diafol

I can give an example.

url: www.example.com/profiles.php?id=328

This could be prettified to www.example.com/profiles/328/ with some Apache mod rewriting b ut anyway that's another story.

That would give you the id of the user to show. You could pick it up in the profiles.php page like this:

session_start();
if(!isset($_SESSION['user_id'])){
    header("Location: index.php");
    exit;
}
//the above prevents non-logged-in users from accessing the profiles page

//this sets the profile ($id) to show 
if(isset($_GET['id'])){
    $id = intval($_GET['id']);
}else{
    header("Location: profiles.php?id={$_SESSION['user_id']}");
    exit;   //sorry can't type any more - I seem to have a bug!!
Member Avatar for diafol

OK now - this ain't great - 5 minute job off top of my head. COuld be a lot neater, anyway:

session_start();
if(!isset($_SESSION['user_id'])){
    header("Location: index.php");
    exit;
}
//the above prevents non-logged-in users from accessing the profiles page

$user_found = false;

//this sets the profile ($id) to show - defaults to own profile if id in querystring not set

if(isset($_GET['id'])){
    $id = intval($_GET['id']);
    //check if user exists in DB
    //if so $user_found = true;
    //and all data into variables
}
if(!$user_found){ 
    header("Location: profiles.php?id={$_SESSION['user_id']}");
    exit;
}

if($id == $_SESSION['user_id']){
    //make a form that allows user to update their own profile
}else{
    //show a non-editable view for a different user
}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.