- Joined
- May 5, 2023
- Messages
- 1
- Reaction score
- 0
I have a login page that is not working properly. I will try to explain the problem as best I can. and paste the scripts at the end.
I enter index.php or other pages that do not require logging in to view the content. If I go to a page that requires logging in, I return to index.php. I know the reason for that. It is because I have set a redirect to index.php if you are not logged in. If I log in from one of the pages that do not require logging in first, the page is displayed as it should without admin rights. I have another page that should not show any content except that you are logged in. I will explain this in more detail.
This used to work as it should, but it's been a while and I've tried to change it, without taking a backup, and now I can't find it back because I don't remember how I actually did it, and the more I try, the more I mess up.
So.... one of the pages that requires login should only show partial info if you are not logged in, and show a complete overview of the information on the page, but not be able to edit or delete that information. To do that, you need admin rights. All this is clearly in the DB.
As explained, there are different rights on the pages. There are also member pages that are reserved for members only. That is, there are pages that are only accessible by logging in. So there are 2 levels (actualy 3, read on and I hope you will understand the last level) of what is available to the logged in users, as well as that there is an admin user right that gives full access. This is controlled by session at the top of each page which defines the security level.
I'm hoping to get help with this here on their forum as I can't figure it out myself. I simply don't remember, and a "internet friend" from great britain has helped med put this together. It's imposible to come in contact with him. He is starting to get old. So I dont know he is alive anymore or not. At least he has been away from the internet as I know him for a very long time, and others who know or knew who he is don't know anything either. I am pasting what I find of code that can/could be useful to you below. If there is something you are missing, please ask.
Just remember that there may be small mistakes and misunderstandings since this has been a project over a long time, and I don't remember everything 100%, but I try and collect the pieces and put them together as completely as possible. I think thats it. If you wonder about some more, just ask. I hope somebody understand how this was ment to be and can put it together for me, please?
I post a part of the MySQL DB/table below as well.
There are 3 levels of user rights
- 0 These sites is for everyone. Visitors have rights to view and read chosen pages, but not have access to restricted member areas with a requirement to be logged in.
- 1 Admin who can do everything. When loggin in i want the person who is loggin in to be sent to members.php .
- 2 Supporting member that is registered for selected pages ment for registered members only. Logging in will me sent to members.php As a supporting member the user will be able to edit and change his/her saved data on selected pages in addition to gaining access to the member pages.
This is from the login page. As far I can see this is working as it should.
This is from index.php
I enter index.php or other pages that do not require logging in to view the content. If I go to a page that requires logging in, I return to index.php. I know the reason for that. It is because I have set a redirect to index.php if you are not logged in. If I log in from one of the pages that do not require logging in first, the page is displayed as it should without admin rights. I have another page that should not show any content except that you are logged in. I will explain this in more detail.
This used to work as it should, but it's been a while and I've tried to change it, without taking a backup, and now I can't find it back because I don't remember how I actually did it, and the more I try, the more I mess up.
So.... one of the pages that requires login should only show partial info if you are not logged in, and show a complete overview of the information on the page, but not be able to edit or delete that information. To do that, you need admin rights. All this is clearly in the DB.
As explained, there are different rights on the pages. There are also member pages that are reserved for members only. That is, there are pages that are only accessible by logging in. So there are 2 levels (actualy 3, read on and I hope you will understand the last level) of what is available to the logged in users, as well as that there is an admin user right that gives full access. This is controlled by session at the top of each page which defines the security level.
I'm hoping to get help with this here on their forum as I can't figure it out myself. I simply don't remember, and a "internet friend" from great britain has helped med put this together. It's imposible to come in contact with him. He is starting to get old. So I dont know he is alive anymore or not. At least he has been away from the internet as I know him for a very long time, and others who know or knew who he is don't know anything either. I am pasting what I find of code that can/could be useful to you below. If there is something you are missing, please ask.
Just remember that there may be small mistakes and misunderstandings since this has been a project over a long time, and I don't remember everything 100%, but I try and collect the pieces and put them together as completely as possible. I think thats it. If you wonder about some more, just ask. I hope somebody understand how this was ment to be and can put it together for me, please?
I post a part of the MySQL DB/table below as well.
There are 3 levels of user rights
- 0 These sites is for everyone. Visitors have rights to view and read chosen pages, but not have access to restricted member areas with a requirement to be logged in.
- 1 Admin who can do everything. When loggin in i want the person who is loggin in to be sent to members.php .
- 2 Supporting member that is registered for selected pages ment for registered members only. Logging in will me sent to members.php As a supporting member the user will be able to edit and change his/her saved data on selected pages in addition to gaining access to the member pages.
PHP:
session_start();
include $ROOT.'db_inc.php';
$pdo = pdoConnect();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$loggedin = $_SESSION['member_id'] ?? 0;
unset( $_SESSION['member_id'], $_SESSION['isadmin']);
if ($loggedin) {
header("Location: {$HOST}members.php");
exit;
}
?>
PHP:
<?php
session_start();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled';
$disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled';
$log_btn = isset($_SESSION['member_id']) ? 'Log out' : 'Log in';
const SYSNAME = 'Management System';
const PAGETITLE = 'Welcome';
const HELPBUTTON = "";
?>This is from the login page. As far I can see this is working as it should.
PHP:
<?php
session_start();
include $ROOT.'db_inc.php';
$pdo = pdoConnect();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$loggedin = $_SESSION['member_id'] ?? 0;
unset( $_SESSION['member_id'], $_SESSION['isadmin']);
if ($loggedin) {
header("Location: {$HOST}members.php");
exit;
}
?>
PHP:
<?php
session_start();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled';
$disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled';
$log_btn = isset($_SESSION['member_id']) ? 'Logg ut' : 'Logg inn';
const SYSNAME = 'Management System';
const PAGETITLE = 'Welcome';
const HELPBUTTON = "";
?>This is from index.php
PHP:
<?php
session_start();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled';
$disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled';
$log_btn = isset($_SESSION['member_id']) ? 'Logg ut' : 'Logg inn';
const SYSNAME = 'Management System';
const PAGETITLE = 'Welcome';
const HELPBUTTON = "<span id='info_btn' class='w3-badge w3-small w3-white w3-border w3-border-white w3-right' title='Hjelp'>?</span>";
?>
SQL:
-- ----------------------------
-- Table structure for member
-- ----------------------------
CREATE TABLE `member` (
`member_id` int(11) NOT NULL AUTO_INCREMENT,
`fname` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`lname` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`member_class` int(11) NULL DEFAULT NULL COMMENT '1 boating , 2- supporting',
`address` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`town` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`county` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`postcode` varchar(10) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`email` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`mobile` varchar(15) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`extra` tinyint(4) NULL DEFAULT NULL,
`comments` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`date_join` date NULL DEFAULT NULL,
`date_leave` date NULL DEFAULT NULL,
`password` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`admin` tinyint(4) NULL DEFAULT NULL COMMENT '1 = admin\n0 = ordinary member',
PRIMARY KEY (`member_id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 50 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of member
-- ----------------------------
INSERT INTO `member` VALUES (12, 'Scott', 'Chegg', 1, NULL, NULL, NULL, NULL, '[email protected]', '07259049068', NULL, NULL, '2019-01-01', NULL, '$2y$10$KBlMC5wCL.K6EHvxSTIejOBBSRFesGhDfK.iNb7v.uexVwmQOhCPG', 1);
INSERT INTO `member` VALUES (13, 'Laura', 'Norder', 0, NULL, NULL, NULL, NULL, '[email protected]', '07403996096', NULL, NULL, '2020-06-01', NULL, '$2y$10$KBlMC5wCL.K6EHvxSTIejOBBSRFesGhDfK.iNb7v.uexVwmQOhCPG', 0);
INSERT INTO `member` VALUES (14, 'Peter', 'Dowt', 2, '', '', '', '', '[email protected]', '07242833304', NULL, NULL, '2020-01-01', NULL, '$2y$10$KBlMC5wCL.K6EHvxSTIejOBBSRFesGhDfK.iNb7v.uexVwmQOhCPG', 0);
SQL:
-- ----------------------------
-- Table structure for member_number
-- ----------------------------
DROP TABLE IF EXISTS `member_number`;
CREATE TABLE `member_number` (
`member_no` int(11) NOT NULL,
`member_id` int(11) NULL DEFAULT NULL,
PRIMARY KEY (`member_no`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = latin1 COLLATE = latin1_swedish_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of member_number
-- ----------------------------
SET FOREIGN_KEY_CHECKS = 1;
Last edited:
