PHP Multi-user Login with Session -


i have 7 user levels. redirected depending on input (for example input credentials of admin, redirected admin page) , same goes other 6. problem have after logging in, if change url (localhost/admin/home.php) (localhost/employee/home.php) can access employee's page. want have restrictions on that. or maybe error says "unauthorized user. access denied." that. here's code.

index.php

    <form action="checklog.php" method="post">      <h1>log in</h1>        <p>         <label for="username" class="uname" > email or username </label>        <input id="username" name="username" required="required" type="text" placeholder="myusername " minlength="2" />       </p>                                 <p>         <label for="password" class="youpasswd"> password </label>        <input id="password" name="password" required="required" type="password" placeholder="eg. x8df!90eo" minlength="2" />        </p>                                <input type="submit" name="submit" value="login">     </form>      <?php // display error messages     if(isset($_get['err'])){     if ($_get['err']==1){     echo "invalid credentials.";}     else if($_get['err']==5){     echo "successfully logged out";}     else if ($_get['err']==2){     echo "you're trying access unauthorized page.";     }     }     ?>     </body>

checklog.php (this process credentials.)

    <?php require_once("db.php"); function check_input($r){     $r=trim($r);     $r=strip_tags($r);     $r=stripslashes($r);     $r=htmlentities($r);     $r=mysql_real_escape_string($r);     return $r;     } if (isset($_post['username'],$_post['password'])){      $u=check_input($_post['username']);     $p=md5(check_input($_post['password']));     try{     $db=get_db();     $stmt=$db->prepare("select * users username=? && password=?");     $stmt->execute(array($u,$p));     $r=$stmt->fetch(pdo::fetch_assoc);     if($r){         session_start();         $access_level=$r['access_level'];         $_session['username']=$r['username'];         $_session['access_level']=$access_level;         if ($access_level==0){             header("location: admin/home.php");             }          if($access_level==1){             header("location: user/home.php");             }            if($access_level==2){               header("location: businesshead/home.php");               }             if($access_level==3){                header("location: scm/home.php");                }              if($access_level==4){                 header("location: finance/home.php");                 }               if($access_level==5){                  header("location: gm/home.php");                  }                if($access_level==6){                  header("location: scma/home.php");                }          }     else{         header("location:index.php?err=1");         }     }     catch(pdoexception $e){         die("database error: ".$e->getmessage());     } } else{     header("location:index.php");     } ?>

and lets assume admin page (admin.php)

<!doctype html> <body>  welcome!  </body> </html>

thank in advance!

you have check session on every page. put related code on top of every page like

admin page

 <?php     session_start();  if($_session['type'] != 0){         echo "unauthorized user. access denied."         die; // stop further execution  } ?>

user page

<?php     session_start();  if($_session['type'] != 1){         echo "unauthorized user. access denied."         die; // stop further execution   } ?>

Comments

Post a Comment

Popular posts from this blog

python - Selenium remoteWebDriver (& SauceLabs) Firefox moseMoveTo action exception -

while performing simple hover test on firefox through selenium (3.4.0) python bindings (3.4.3) using of available os in saucelabs (except linux, latest available firefox version old), performing following actionchain: hover = actionchains(driver) hover.move_to_element(elm_men_menu).perform() it throws following error: taceback: file [...] in testhover hover.perform() file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/common/action_chains.py", line 80, in perform action() file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/common/action_chains.py", line 290, in <lambda> command.move_to, {'element': to_element.id})) file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 256, in execute self.error_handler.check_response(response) file "/usr/local/lib/python2.7/...
Read more

html - How to custom Bootstrap grid height? -

why bootstrap grid has height 591.067 ? did height came ? .main-post { padding: 20px; background-color: #fff; border: 1px solid #d8d8d8; margin-bottom: 100px; } .main-post .post-categories { margin-bottom: 10px } .main-post h3 { margin: 0 0 10px; color: #777; letter-spacing: -1px; font-weight: bold } .main-post .post-author, .main-post .post-date, .main-post .post-comments { font-size: 12px } .main-post img { display: block; margin: 10px 0; } .main-post .post-summary { line-height: 1.7; color: #888 } .main-post { color: #999 } <div class="col-sm-6"> <div class="main-post"> <h3 class="post-title"> <a href="#"> post title </a> </...
Read more

transpose - Maple isnt executing function but prints function term -

im using maple im in worksheetmode tried using maple input , 2d input , want transpose matrix a: := `<|>`(`<,>`(1, .5, -2), `<,>`(.5, 9/4+b, 5+3*b), `<,>`(-2, 5+3*b, 18+9*b+4*a)); b:= transpose(a); when exectute sheet dont translated values, there same input. matrix looks same input matrix plus function term. you can see picture in following link: why arent functions executed? meanwhile b:=a^+ doing right way , transposed matrix. other functions return function body instead needed values... if using 2d input mode (the default) space you've got between transpose , bracketed (b) interpreted multiplcation. rid of such space. also, either load package @ start of document like, with(linearalgebra): before calling transpose command package, or call it's full name like, linearalgebra:-transpose(b);
Read more