Different levels of user access should be provided in database management system.Here in my example different users are directed to different pages.
First create table users2 in my database.
CREATE TABLE IF NOT EXISTS `users` (
`id` int(60) NOT NULL AUTO_INCREMENT,
`user_name` varchar(60) NOT NULL,
`pass_word` varchar(60) NOT NULL,
`user_type` varchar(40) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
Then create register page as follows register.php
| <?php session_start(); ?> <html> <head> <title>Registration Form</title> </head> <body> <?php if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) { echo '<ul class="err">'; foreach($_SESSION['ERRMSG_ARR'] as $msg) { echo '<li>',$msg,'</li>'; } echo '</ul>'; unset($_SESSION['ERRMSG_ARR']); } ?> <h2><center><font color=#f09718>Registration Form</font></center></h2> <form id="loginForm" name="loginForm" method="post" action="register-check.php"> <table bgcolor=#f09718 align="center"> <tr bgcolor=#ffffff> <th width="124">User Name</th> <td width="168"><input name="user_name" type="text" class="textfield" id="user_name" /></td> </tr> <tr bgcolor=#ffffff> <th>Password</th> <td><input name="pass_word" type="password" class="textfield" id="pass_word" /></td> </tr> <tr bgcolor=#ffffff> <th>User Type </th> <td><select name="user_type"> <option value="1">Administrator</option> <option value="2">User1</option> <option value="3">User2</option> </select></td> </tr> <tr bgcolor=#ffffff> <td> </td> <td><input type="submit" name="Submit" value="Register" /></td> </tr> </table> </form> </body> |
register-check.php
| <?php session_start(); require_once('dbcon.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $user_name = clean($_POST['user_name']); $pass_word = clean($_POST['pass_word']); $user_type = clean($_POST['user_type']); //Input Validations if($user_name == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($pass_word == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($user_type == '') { $errmsg_arr[] = 'User Type missing'; $errflag = true; } //Check for duplicate login ID if($user_name != '') { $qry = "SELECT * FROM users2 WHERE user_name='$user_name'"; $result = mysql_query($qry); if($result) { if(mysql_num_rows($result) > 0) { $errmsg_arr[] = 'Login ID already in use'; $errflag = true; } @mysql_free_result($result); } else { die("Query failed"); } } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: register.php"); exit(); } $qry = "INSERT INTO users2(user_name, pass_word , user_type) VALUES('$user_name','".md5($_POST['pass_word'])."','$user_type')"; $result = @mysql_query($qry); //Check whether the query was successful or not if($result) { header("location: register-success.php"); exit(); }else { die("Query failed"); } ?> |
register-success.php
| <html> <head> <title>Registration Successful</title> </head> <body> <h1>Registration Successful</h1> <p><a href="login.php">Click here</a> to login to your account.</p> </body> </html> |
login.php
| <fieldset> <legend>User Login</legend> <form id="loginForm" name="loginForm" method="post" action="login-exc.php"> <label>Username</label><br> <input size="30" name="user_name" type="text"><br> <label>Password</label><br> <input size="30" name="pass_word" type="password"><br> <label>User Type</label><br> <select name="user_type"> <option value="1">Administrator</option> <option value="2">User1</option> <option value="3">User2</option> </select><br> <input value="Submit" type="submit"> </form> </fieldset> |
login-exc.php
| <?php session_start(); require_once('dbcon.php'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $user_name = clean($_POST['user_name']); $pass_word = clean($_POST['pass_word']); $user_type = clean($_POST['user_type']); //Input Validations if($user_name == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($pass_word == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } if($user_type == '') { $errmsg_arr[] = 'User Type missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login.php"); exit(); } $qry="SELECT * FROM users2 WHERE (user_name='$user_name' AND pass_word='".md5($_POST['pass_word'])."' AND user_type='$user_type')"; $result=mysql_query($qry); switch($user_type){ case 1: //Check whether the query was successful or not if($result){ if(mysql_num_rows($result) == 1){ //Login successful session_regenerate_id(); $login = mysql_fetch_assoc($result); $_SESSION['SESS_username'] = $login['user_name']; $_SESSION['SESS_usercategory'] = $login['pass_word']; $_SESSION['SESS_password'] = $login['user_type']; session_write_close(); header("location: sample1.php"); exit(); }else { //Login failed header("location: login_failed.php"); exit(); } } break; case 2: //Check whether the query was successful or not if($result){ if(mysql_num_rows($result) == 1){ //Login successful session_regenerate_id(); $login = mysql_fetch_assoc($result); $_SESSION['SESS_username'] = $login['user_name']; $_SESSION['SESS_usercategory'] = $login['pass_word']; $_SESSION['SESS_password'] = $login['user_type']; session_write_close(); header("location: sample2.php"); exit(); }else { //Login failed header("location: login_failed.php"); exit(); } } break; case 3: //Check whether the query was successful or not if($result){ if(mysql_num_rows($result) == 1){ //Login successful session_regenerate_id(); $login = mysql_fetch_assoc($result); $_SESSION['SESS_username'] = $login['user_name']; $_SESSION['SESS_usercategory'] = $login['pass_word']; $_SESSION['SESS_password'] = $login['user_type']; session_write_close(); header("location: sample3.php"); exit(); }else { //Login failed header("location: login_failed.php"); exit(); } } break; default:die("Query failed"); exit(); } ?> |
| sample1.php
sample1</br>
<?php
require_once "authorization.php";
echo "welcome".$_SESSION['SESS_username'];
?>
<a href="logout.php">Logout</a> | sample2.php sample2</br> <?php require_once "authorization.php"; echo "welcome".$_SESSION['SESS_username']; ?> <a href="logout.php">Logout</a> | sample1.php sample3</br> <?php require_once "authorization.php"; echo "welcome".$_SESSION['SESS_username']; ?> <a href="logout.php">Logout</a> |
authorization.php
| <?php //Start session session_start(); if(!isset($_SESSION['SESS_username']) || (trim($_SESSION['SESS_username']) == '')) { header("location: access-denied.php"); exit(); } ?> |
access-denied.php
| <html> <head> <title>Access Denied</title> </head> <body> <h1>Access Denied </h1><p align="center"> </p><h4 align="center" class="err">Access Denied!<br /> You do not have access to this resource.</h4> </body> </html> |
logout.php
| <?php session_start(); unset($_SESSION['SESS_username']); unset($_SESSION['SESS_usercategory']); unset($_SESSION['SESS_password']); ?> <html> <head> <title>Logged Out</title> </head> <body> <h1>Logout </h1> <p align="center"> </p> <h4 align="center" class="err">You have been logged out.</h4> <p align="center">Click here to <a href="login_form.php">Login</a></p> </body> </html> |
No comments:
Post a Comment