/    Sign up×
Community /Pin to ProfileBookmark

Multiple Access Roles Login

Copy linkTweet thisAlerts:
Oct 28.2014

Morning All,

I am new to PHP and need alter the below auth page to allow for multiple user roles.

Different roles:
‘user role : admin’ log in and be redirected to admin page
‘user role : contributor’ log in and be redirected to contributor page
‘user role : viewer’ log in and be redirected to viewer page

Could any1 assist here?

My current code:

<?
session_start();

$_SESSION[‘authuser’] = 0;

include(‘db_auth.php’);
//Check username and password information
$sql = “SELECT * FROM auth”;
$result = mysql_query($sql)
or die(“Invalid query: ” . mysql_error());
while ($row = mysql_fetch_array($result)) {
$user = $row[‘user’];
$pass = $row[‘pass’];
$role = $row[‘role’];

if (((strtolower($_POST[‘user’])) == $user) and ((strtolower($_POST[‘pass’])) == $pass))
{
$_SESSION[‘authuser’] = 1;
if ($role == “administrator”) { $_SESSION[‘authuser’] = 2; }
}

//echo $user . “<br />”;
//echo $pass . “<br />”;
//echo $level . “<br />”;
//echo $_SESSION[‘authuser’] . “<br /><br />”;
}

//print_r($_POST);
//echo “<br /><br />”;
//print_r($_SESSION);
//echo “<br /><br />”;

//send user to ADMIN.php if auth or back to INDEX.php
if ($_SESSION[‘authuser’] == 2) {
$_SESSION[‘username’] = $_POST[‘user’];
header(“location:../db/administrator/admin.php”);
//echo “Auth user: ” . $_SESSION[‘authuser’];
} else {
$_SESSION[‘login_error’] = “error”;
header(“location:../administrator.php”);
//echo $_SESSION[‘login_error’];
}

?>

to post a comment
PHP

1 Comments(s)

Copy linkTweet thisAlerts:
@ginerjmOct 28.2014 — Not the way to do it.

1 - Stop using MySQL functions. Switch to mysqli or pdo and learn how they work.

2 - You don't query the whole table. You first get your inputs (user / pswd) and sanitize them for security sake and then query only for a record that matches that user / pswd value. If you don't get a result record (count = 0) then it is invalid. If you get one you have a valid user.

For handling different roles, you simply put an auth code into the table so that when your query gets a hit, you set your session auth code var to the auth cd value from the table.

You should also use a hash to encrypt your password value. Get the input value, hash it and then use it in your query looking for an already-hashed pswd value stored in the table instead of a plain text value.
×

Success!

Help @HoodedHoodlum spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...