Sorry I'm beginner in PHP MYSQL, I want to ask how to add exception in this paged for different type of users.
I only have 3 types, ADMIN, TEAM LEADER and AGENT.
ADMIN = can access all the pages
both TEAM LEADER and AGENT were not.
So the logic only ADMIN can visit this page if not head to the index.php
<?php
session_start();
include_once 'dbconnect.php';
if(!isset($_SESSION['user']))
{ header("Location: employee.php"); }
$res=mysql_query("SELECT * FROM accounts WHERE user_id=".$_GET['id']);
$userRow=mysql_fetch_array($res);
?>
On your log in page place this line in the code block where the user is found and validated... $_SESSION['UserGroup'] = $LoginRS['Permission'];
Whereas $LoginRS is the name of your sql query and ['Permission'] is the field in the database that stores user level permissions.
Then at the top of your page you can determine if the logged in user has permission to view this page...
<?php
if (!isset($_SESSION)) {
session_start();
}
if(isset($_SESSION['UserGroup']) && $_SESSION['UserGroup'] == 'Admin') {
?>
<body>
<html>
Page Content
</body>
</html>
<?php
} else {
header("Location: index.php");
exit;
} // end if user is not admin
?>
Related
i have created a login in php , when user logs in it will redirect to dashboard. if the user is already logged in and tries to access login page, it should redirect him to dashboard
i have tried something like below code:
<?php
error_reporting(0);
date_default_timezone_set('Asia/Kolkata');
session_start();
include('db.php');
if(isset($_POST['entering']))
{
$adminuser = $_POST['password'];
$query=mysqli_query($con,"select id from users where password='$adminuser'");
$ret=mysqli_fetch_array($query);
if($ret>0 ){
$_SESSION['cvmsaid']=$ret['ID'];
header('location:dashboard.php');
}
else{
$msg="Invalid Password.";
}
}
if($_SESSION['cvmsaid']){
header("location:dashboard.php");
exit();
}
such that when the user tries to view login page after logging in, it should redirect him to dashboard, but this code is not working. Can anyone please tell me what is wrong here?
Answer:
Active session variable:
if($ret>0 ){
$_SESSION['cvmsaid']=$ret['ID'];
$_SESSION['login']=TRUE;
header('location:dashboard.php');
}
Use it in all page:
if( $_SESSION['login']==FALSE){
header('location:login.php');
}
below is my admin pannel code
<?php
session_start();
if (!isset($_SESSION['username']))
{
header("Location: login.php");
}
if (isset($_SESSION['username'])&& $_SESSION['status'])
{
include('adminnav.php');
}
?>
and this is my usernav bar
<?php
session_start();
if (!isset($_SESSION['username'])&& $_SESSION['status'])
{
header("Location: login.php");
}
if (isset($_SESSION['username'])&& $_SESSION['status'])
{
$_SESSION['status'];
header("Location: usernav.php");
}
?>
i have same interface for admin and user for login , when i log in to system with user profile the user can assess admin pages e.g. remove user etc, all i wanna know it how to restrict user page and admin so that user can access admin page.
I want to login in a page. If he is admin, then he will redirect to admin home page & If he is user, will redirect to user home page. but my problem is when I set session to the admin homepage or user homepage, it does not work. there is a code named "homepage.php" That I use to create session in the admin homepage. without this part, after login, user enter to the homepage. But with this part user reditect to the index.php page always. Where is the problem in my code?
homepage.php
<?php
session_start();
if(!isset($_SESSION["sess_user"]) || $_SESSION['sess_user']!='1')
{
header("location:../index.php");
}
else
{
$username = $_SESSION['sess_user'];
include ('database.php');
}
?>
try this
<?php
#session_start();
if(isset($_SESSION['sess_user')
{
if($_SESSION['sess_users']=='admin')
{
header("Location: adminhomepage.php");
}
else
{
$username = $_SESSION['sess_user'];
header("Location: userdashboard.php");
}
}
else
{
header("location:../index.php");
}
?>
Hello I have problem with user when login.
When user login to profile page and on browser click on back again show login page.
How to block user who is login to see login page?
Here is code for in profile.php
<?php
include 'common.php';
session_start();
if ($_SESSION['uid_cre'] == '' && $_SESSION['login_cre'] != 'true')
{
$_SESSION['last_page_cre'] = 'home.php';
header("location:home.php");
}
include 'includes/header_home.php';
?>
You could use an include. ie
if(!isset($_SESSION['????'])){
include "login_form.php";
}else{
include "logged in page here.";
}
I'm not sure if this answers your question?
After users are logged in successfully then you must passing username or userid of that user in $_SESSION['uid'] = $userid;
So on Login page, check
if(isset($_SESSION['uid']) or !empty($_SESSION['uid']))
header("location:home.php");
and if above 2nd condition is true then you can hide text "login" from your menu too.
Hope this solution works for your problem.
I currently have a login form that redirects the user to another page if the login is successful. The page is supposed to be a protected page that will not open for the user if they are not logged in and will redirect them to the login form page.
In order to do this I stored the login data (email & password) as session variables and used these to verify if the user is allowed to view the page.
In my login php page I have the following code
<?php
session_start();
if ($count == 1) {
$_SESSION['logged'] = 1;
$_SESSION['email'] = $myemail;
$_SESSION['password'] = $mypassword;
header("Location: account.html");
exit();
}
?>
And I begin my account html file with the following :
<?php
session_start();
if ($_SESSION['logged'] != 1) { //no session
header("Location:memberlogin.html");
exit();
}
?>
However any time I load the account page I am allowed to view it each time. Its my first time using the Session variableand Im not sure if i Used it correctly.
FIXED Thanks to suggestions below
I tweaked the code suggested below and my protected page is now working. Thanks for all the help.
The php code won't be referenced from an html page.
So, change account.html to account.php then add the session check code on top of the page as follows:
account.php:
<?php
if ($_SESSION ['logged'] !=1) {
//User is not logged in
header ("Location:memberlogin.html");
exit();
}
?>
However, redirecting is not the best solution, you can display an error message if user is not logged in, else grant user access to the page information.
You can implement it as follows:
account.php:
<?php
if ($_SESSION ['logged'] !=1) {
//User is not logged in, display an error message
echo 'You need to be logged in to access this page';
exit();
}
else{
//Display all information that only a logged in user can view
echo 'You are logged in, you can view the page';
}
?>