Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples.

Joined
May 5, 2023
Messages
1
Reaction score
0
I have a login page that is not working properly. I will try to explain the problem as best I can. and paste the scripts at the end.
I enter index.php or other pages that do not require logging in to view the content. If I go to a page that requires logging in, I return to index.php. I know the reason for that. It is because I have set a redirect to index.php if you are not logged in. If I log in from one of the pages that do not require logging in first, the page is displayed as it should without admin rights. I have another page that should not show any content except that you are logged in. I will explain this in more detail.
This used to work as it should, but it's been a while and I've tried to change it, without taking a backup, and now I can't find it back because I don't remember how I actually did it, and the more I try, the more I mess up.

So.... one of the pages that requires login should only show partial info if you are not logged in, and show a complete overview of the information on the page, but not be able to edit or delete that information. To do that, you need admin rights. All this is clearly in the DB.

As explained, there are different rights on the pages. There are also member pages that are reserved for members only. That is, there are pages that are only accessible by logging in. So there are 2 levels (actualy 3, read on and I hope you will understand the last level) of what is available to the logged in users, as well as that there is an admin user right that gives full access. This is controlled by session at the top of each page which defines the security level.

I'm hoping to get help with this here on their forum as I can't figure it out myself. I simply don't remember, and a "internet friend" from great britain has helped med put this together. It's imposible to come in contact with him. He is starting to get old. So I dont know he is alive anymore or not. At least he has been away from the internet as I know him for a very long time, and others who know or knew who he is don't know anything either. I am pasting what I find of code that can/could be useful to you below. If there is something you are missing, please ask.
Just remember that there may be small mistakes and misunderstandings since this has been a project over a long time, and I don't remember everything 100%, but I try and collect the pieces and put them together as completely as possible. I think thats it. If you wonder about some more, just ask. I hope somebody understand how this was ment to be and can put it together for me, please?

I post a part of the MySQL DB/table below as well.


There are 3 levels of user rights

- 0 These sites is for everyone. Visitors have rights to view and read chosen pages, but not have access to restricted member areas with a requirement to be logged in.

- 1 Admin who can do everything. When loggin in i want the person who is loggin in to be sent to members.php .

- 2 Supporting member that is registered for selected pages ment for registered members only. Logging in will me sent to members.php As a supporting member the user will be able to edit and change his/her saved data on selected pages in addition to gaining access to the member pages.


PHP:
session_start();
include $ROOT.'db_inc.php';
$pdo = pdoConnect();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';

$loggedin =  $_SESSION['member_id'] ?? 0;

unset( $_SESSION['member_id'], $_SESSION['isadmin']);

if ($loggedin)  {
    header("Location: {$HOST}members.php");
    exit;
}
?>



PHP:
<?php
session_start();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled';
$disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled'; 
$log_btn = isset($_SESSION['member_id']) ?  'Log out' : 'Log in';
const SYSNAME = 'Management System';
const PAGETITLE = 'Welcome';
const HELPBUTTON = "";
?>



This is from the login page. As far I can see this is working as it should.

PHP:
<?php
session_start();
include $ROOT.'db_inc.php';
$pdo = pdoConnect();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';

$loggedin =  $_SESSION['member_id'] ?? 0;

unset( $_SESSION['member_id'], $_SESSION['isadmin']);

if ($loggedin)  {
    header("Location: {$HOST}members.php");
    exit;
}
?>



PHP:
<?php
session_start();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled';
$disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled'; 
$log_btn = isset($_SESSION['member_id']) ?  'Logg ut' : 'Logg inn';
const SYSNAME = 'Management System';
const PAGETITLE = 'Welcome';
const HELPBUTTON = "";
?>



This is from index.php

PHP:
<?php
session_start();
$ROOT = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']) . '/';
$HOST = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$disabl1 = isset($_SESSION['member_id']) ? '' : 'w3-disabled';
$disabl2 = isset($_SESSION['member_id']) && isset($_SESSION['isadmin']) ? '' : 'w3-disabled'; 
$log_btn = isset($_SESSION['member_id']) ?  'Logg ut' : 'Logg inn';
const SYSNAME = 'Management System';
const PAGETITLE = 'Welcome';
const HELPBUTTON = "<span id='info_btn' class='w3-badge w3-small w3-white w3-border w3-border-white w3-right' title='Hjelp'>?</span>";
?>



SQL:
-- ----------------------------
-- Table structure for member
-- ----------------------------
CREATE TABLE `member`  (
  `member_id` int(11) NOT NULL AUTO_INCREMENT,
  `fname` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `lname` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `member_class` int(11) NULL DEFAULT NULL COMMENT '1 boating , 2- supporting',
  `address` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `town` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `county` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `postcode` varchar(10) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `email` varchar(45) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `mobile` varchar(15) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `extra` tinyint(4) NULL DEFAULT NULL,
  `comments` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `date_join` date NULL DEFAULT NULL,
  `date_leave` date NULL DEFAULT NULL,
  `password` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
  `admin` tinyint(4) NULL DEFAULT NULL COMMENT '1 = admin\n0 = ordinary member',
  PRIMARY KEY (`member_id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 50 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of member
-- ----------------------------
INSERT INTO `member` VALUES (12, 'Scott', 'Chegg', 1, NULL, NULL, NULL, NULL, '[email protected]', '07259049068', NULL, NULL, '2019-01-01', NULL, '$2y$10$KBlMC5wCL.K6EHvxSTIejOBBSRFesGhDfK.iNb7v.uexVwmQOhCPG', 1);
INSERT INTO `member` VALUES (13, 'Laura', 'Norder', 0, NULL, NULL, NULL, NULL, '[email protected]', '07403996096', NULL, NULL, '2020-06-01', NULL, '$2y$10$KBlMC5wCL.K6EHvxSTIejOBBSRFesGhDfK.iNb7v.uexVwmQOhCPG', 0);
INSERT INTO `member` VALUES (14, 'Peter', 'Dowt', 2, '', '', '', '', '[email protected]', '07242833304', NULL, NULL, '2020-01-01', NULL, '$2y$10$KBlMC5wCL.K6EHvxSTIejOBBSRFesGhDfK.iNb7v.uexVwmQOhCPG', 0);


SQL:
-- ----------------------------
-- Table structure for member_number
-- ----------------------------
DROP TABLE IF EXISTS `member_number`;
CREATE TABLE `member_number`  (
  `member_no` int(11) NOT NULL,
  `member_id` int(11) NULL DEFAULT NULL,
  PRIMARY KEY (`member_no`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = latin1 COLLATE = latin1_swedish_ci ROW_FORMAT = Dynamic;

-- ----------------------------
-- Records of member_number
-- ----------------------------

SET FOREIGN_KEY_CHECKS = 1;
 
Last edited:
Joined
Mar 31, 2023
Messages
95
Reaction score
8
It sounds like you have a login system in place that restricts access to certain pages based on user permissions. However, it seems that you are experiencing issues with the login system, and you are not able to remember how it was set up originally.

To troubleshoot this issue, you will need to review the code for the login system, including any scripts that handle authentication and session management. Based on your description, it sounds like there is a redirect in place that is causing the user to be sent back to the homepage when they attempt to access a restricted page. You will need to modify this redirect so that it only occurs when the user is not logged in.

Additionally, you will need to review the user permissions in your database to ensure that they are set up correctly. Make sure that each user is assigned the appropriate permission level, and that the permission levels are being checked correctly in your code.

Here is an example MySQL table that could be used to store user information and permissions:

sqlCopy code
CREATE TABLE users (
id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(255) NOT NULL,
password VARCHAR(255) NOT NULL,
permission_level INT(11) NOT NULL DEFAULT '0'
);

In this table, each user is assigned a unique ID, a username, and a password. The permission_level field is used to store the user's permission level, with 0 being the default level for non-logged-in users.

To implement the different permission levels you described, you could use the following logic:

  • Level 0: No special permissions required. All users have access.
  • Level 1: Admin permissions required. Only users with permission_level = 1 can access these pages.
  • Level 2: Supporting member permissions required. Only users with permission_level = 2 can access these pages.
You will need to modify your code to check the user's permission level when they attempt to access a restricted page, and redirect them if they do not have the required permissions. You may also need to modify your database schema to include additional fields or tables to support more complex permission structures.
 
Joined
Jul 4, 2023
Messages
376
Reaction score
42
BTW,
if permission_level is range of 3 numbers, why not use ENUM

e.g.

SQL:
CREATE TABLE users (
  id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
  username VARCHAR(255) NOT NULL,
  password VARCHAR(255) NOT NULL,
  permission_level ENUM('0','1','2') NOT NULL DEFAULT '0'
);
 

Members online

Forum statistics

Threads
473,792
Messages
2,569,639
Members
45,352
Latest member
SherriePet

Latest Threads

Top