how to add super user that can veiw and edit all user

Question

sultankhan 0 Junior Poster in Training

12 Years Ago

hiii!
Can any one help me to add super user to my login script that can veiw and edit all user,
and evry user can veiw his/her profile like facebook.
hope you people will help me.

php

2 Contributors
21 Replies
151 Views
4 Days Discussion Span
Latest Post 11 Years Ago Latest Post by diafol

diafol

12 Years Ago

With what bit do you need help? 100 odd lines of code - can you whittle it down a bit?

diafol

12 Years Ago

For me a simple solution works off the session variable ($_SESSION['user_level']).
If an user is logged in, they should see their own profile page (including the admin user) - this works off $_SESSION['user_id']. This is only set when an user/admin has logged in.

The $_SESSION['user_level'] could hold an integer like 1 = regular user, 2 = admin, 3 = superadmin etc.

You may find that a separate page would serve as a place to edit all users. This could be placed in an admin nav item, which is only visible if the $_SESSION['user_level'] > 1. Also that page would be protected from direct access, like:

if(!isset($_SESSION['user_level']) || $_SESSION['user_level'] < 2){
    header('index.php');
    exit;
}

The table code you posted looks ok to me.

diafol

12 Years Ago

sorry:

 header('Location: index.php');
 exit;

diafol

12 Years Ago

If this in in the index.php, then you don't want to redirect to the index.php as you may get an infinite redirect loop.

diafol

12 Years Ago

Ok, mark thread as solved.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

sultankhan 0 Junior Poster in Training · Answer 1 · 2012-11-10T13:31:59+00:00

<html>
<head>
<title>login page</title>
<link rel="stylesheet" type="text/css" media="all" href="style.css" />
</head>

<form action="index.php" method=get>

<?php
 $user;

session_start(); 

if( $_SESSION["logging"]&& $_SESSION["logged"])
{ 

     print_secure_contentt();
     print_secure_content();

}

else {
    if(!$_SESSION["logging"])
    {  
    $_SESSION["logging"]=true;
    loginform();
    }
       else if($_SESSION["logging"])
       {  

         $number_of_rows=checkpass();

         if($number_of_rows==1)
         {
                $_SESSION["admin"];
                 $_SESSION[admin]=$_GET[userlogin];
              $_SESSION[logged]=true;
              //header('Location:newAdmin.php');
               print_secure_contentt();
               }
         if($number_of_rows==1)
            {   
             $_SESSION["user"];
             $_SESSION[user]=$_GET[userlogin];
             $_SESSION[logged]=true;

             header('Location:welcome.php');


             print_secure_content();
            }

            else{
                print "wrong pawssword or username, please try again";  
                loginform();
            }
        }
     }


function loginform()
{
print "please enter your login information to proceed with our site";
//print ("<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>");
//print "<input type='submit' >";    
//print "<h3><a href='registerform.php'>register now!</a></h3>";    
}

function checkpass()
{
$servername="localhost";
$username="root";
$conn=  mysql_connect($servername,$username)or die(mysql_error());
mysql_select_db("test",$conn);
$sql="select * from users where name='$_GET[userlogin]' and password='$_GET[password]'";
$result=mysql_query($sql,$conn) or die(mysql_error());
return  mysql_num_rows($result);
}

function print_secure_content()

{    
    header ("Location: welcome.php");


}

function print_secure_contentt()
{   
    //header('Location:newAdmin.php');


}

?>


<form action="welcome.php" method="get">

<div class= "nine"><table border="0" cellpadding="1" cellspacing="0" id="tblsubmit" align="center" class="pos4">
<tr>
<td>  username:  </td>
<td><input type='text' name='userlogin' size'20'></td>
</tr>
<tr>
<td>password</td><td><input type='password' name='password' size'20'></td></tr></table></form>
<p class="submit">
<input type="submit" value="Log In" tabindex="100" ></p>
<p class="forgetmenot"><label for="rememberme"><input name="rememberme" id="rememberme" value="forever" tabindex="90" type="checkbox"> Remember Me</label></p></div>
<div class="pos2"><img border="0" src="login.jpg"  width="80" height="50"></div>       
<div id ="menu">If New User click here to:<a href='registerform.php'>register now!</a></div>
<p class="pos3">Login here</p>


</form>




</body>
</html>

sultankhan 0 Junior Poster in Training · Answer 2 · 2012-11-10T13:32:48+00:00

sultankhan 0 Junior Poster in Training

12 Years Ago

this my login page code

sultankhan 0 Junior Poster in Training · Answer 3 · 2012-11-10T17:06:54+00:00

<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("test", $con);

$result = mysql_query("SELECT * FROM users");
?>
<div class= "nine"><table border="0" cellpadding="1" cellspacing="0" id="tblsubmit" align="center" class="pos6"> 
</div>
<?php
while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['name'] . "</td>";
  echo "<td>" . $row['email'] . "</td>";
   echo "<td>" . $row['password'] . "</td>";
  echo "</tr>";
  }
echo "</table>";

mysql_close($con);
?>

thank you very much diafol!
i need help here it show all user while i want only that user which is login mean a user can see only his/her profile
hope now u will undertand my question.
$result = mysql_query("SELECT * FROM users");

sultankhan 0 Junior Poster in Training · Answer 4 · 2012-11-11T08:35:39+00:00

sultankhan 0 Junior Poster in Training

12 Years Ago

please some one help me

sultankhan 0 Junior Poster in Training · Answer 5 · 2012-11-11T14:30:21+00:00

sultankhan 0 Junior Poster in Training

12 Years Ago

Dear diafol!
Where should paste this code?

sultankhan 0 Junior Poster in Training · Answer 6 · 2012-11-11T14:44:14+00:00

please give me all code because when i past it in my admin page it do nothing
when i remove the exit then my page not change

sultankhan 0 Junior Poster in Training · Answer 7 · 2012-11-11T17:03:07+00:00

when i keep this code in my index.php it gives the following error

The page isn't redirecting properly

my index.php code is here

<form action="index.php" method=get>

<?php
 $user;

session_start(); 


if( $_SESSION["logging"]&& $_SESSION["logged"])
{ 

     print_secure_contentt();
     print_secure_content();

}

else {
    if(!$_SESSION["logging"])
    {  
    $_SESSION["logging"]=true;
    loginform();
    }
       else if($_SESSION["logging"])
       {  

         $number_of_rows=checkpass();

         if($number_of_rows==1)
         {
                $_SESSION["admin"];
                 $_SESSION[admin]=$_GET[userlogin];
              $_SESSION[logged]=true;
              //header('Location:newAdmin.php');
               print_secure_contentt();
               }
         if($number_of_rows==1)
            {   
             $_SESSION["user"];
             $_SESSION[user]=$_GET[userlogin];
             $_SESSION[logged]=true;

             header('Location:welcome.php');


             print_secure_content();
            }

            else{
                echo "wrong pawssword or username, please try again";   
                loginform();
            }
        }
     }

sultankhan 0 Junior Poster in Training · Answer 8 · 2012-11-12T06:16:27+00:00

sultankhan 0 Junior Poster in Training

12 Years Ago

so i only past the if loop?

sultankhan 0 Junior Poster in Training · Answer 9 · 2012-11-12T06:19:29+00:00

my index is ok except when i login as admin it does not go to admin page

 if($number_of_rows==1)
{
$_SESSION["admin"];
$_SESSION[admin]=$_GET[userlogin];
$_SESSION[logged]=true;
//header('Location:newAdmin.php');
print_secure_contentt();
}
if($number_of_rows==1)
{
$_SESSION["user"];
$_SESSION[user]=$_GET[userlogin];
$_SESSION[logged]=true;
header('Location:welcome.php');
print_secure_content();
}
else{
echo "wrong pawssword or username, please try again";
loginform();

this what i have do for user page and admin page please help me

sultankhan 0 Junior Poster in Training · Answer 10 · 2012-11-12T06:42:07+00:00

sultankhan 0 Junior Poster in Training

12 Years Ago

hope now u will help me thanks in advance........

Edited 12 Years Ago by sultankhan

sultankhan 0 Junior Poster in Training · Answer 11 · 2012-11-13T08:33:58+00:00

ok diafol i have solved this problem by anthor method thinks for your help....

sultankhan 0 Junior Poster in Training · Answer 12 · 2012-11-14T12:43:36+00:00

but now i want that how can a user see and edit his profile?

diafol · Answer 13 · 2012-11-14T13:45:23+00:00

Again, down to session variable.

You could set up a profiles page where the profile showed is the one in the url querystring (similar to Daniweb). Only when the user id in the querystring is equal to the session user id (or if the user is an admin), do you make it editable.

sultankhan 0 Junior Poster in Training · Answer 14 · 2012-11-14T15:03:53+00:00

sultankhan 0 Junior Poster in Training

12 Years Ago

please give me a code because i am new in php

diafol · Answer 15 · 2012-11-14T19:36:29+00:00

I can give an example.

url: www.example.com/profiles.php?id=328

This could be prettified to www.example.com/profiles/328/ with some Apache mod rewriting b ut anyway that's another story.

That would give you the id of the user to show. You could pick it up in the profiles.php page like this:

session_start();
if(!isset($_SESSION['user_id'])){
    header("Location: index.php");
    exit;
}
//the above prevents non-logged-in users from accessing the profiles page

//this sets the profile ($id) to show 
if(isset($_GET['id'])){
    $id = intval($_GET['id']);
}else{
    header("Location: profiles.php?id={$_SESSION['user_id']}");
    exit;   //sorry can't type any more - I seem to have a bug!!

diafol · Answer 16 · 2012-11-14T23:15:01+00:00

OK now - this ain't great - 5 minute job off top of my head. COuld be a lot neater, anyway:

session_start();
if(!isset($_SESSION['user_id'])){
    header("Location: index.php");
    exit;
}
//the above prevents non-logged-in users from accessing the profiles page

$user_found = false;

//this sets the profile ($id) to show - defaults to own profile if id in querystring not set

if(isset($_GET['id'])){
    $id = intval($_GET['id']);
    //check if user exists in DB
    //if so $user_found = true;
    //and all data into variables
}
if(!$user_found){ 
    header("Location: profiles.php?id={$_SESSION['user_id']}");
    exit;
}

if($id == $_SESSION['user_id']){
    //make a form that allows user to update their own profile
}else{
    //show a non-editable view for a different user
}