[losse]

Hi there
I want to create a login page where 2 types of people come to 1 login page. users and administrators. Let's call this login page login.php.

So if a user comes in and logs in, they go to a client profile page (call it edit_user.php) and if an administrator logs in they go to a master user list page (call it client_list.php).

What would be the best way to a) flag the users/administrators and create that redirect on that login page?

I thought that maybe the users, when they register could be flagged in the DB as users (ie-create a field called "access" and put a value of "1" in there) and when when the login page runs the script, checks to see the "access" level, if "1" go here, if NULL, go there?

Does that make sense? You're input is greatly appreciated.

[Nico]

I would add a field called "permission". Normal users have permission set to 0, admins to 1 or 2. This way you can easily manage your usergroups later, or add moderators for example. You just give each usergroup it's own number. So when you log in you do something like this.

PHP Code:

$query = mysql_query("

          SELECT * FROM users 

          WHERE username = '". clean_input($_POST['username']) ."' 

          AND password = '". clean_input($_POST['password']) ."'

");



if (mysql_num_rows($query) == 1)   // User found

{

    $userinfo = mysql_fetch_array($query);

    

    if ($userinfo['permission'] == 1) // Is admin

    {

          header('Location: client_list.php');

          exit();

    }

    else  // Isn't admin

    {

          header('Location: edit_user.php');

          exit();

    }

}

else  // User not found.

{

     echo 'Wrong username or password.';

} 

[losse]

Sweet... So when the client registers I just pass a value of "0" in the DB right?

Since they're not filling out the "O" on a form, how would I insert that?

Something like:

PHP Code:

INSERT INTO client (permission) VALUES ('0', ) 

??

[Nico]

Either that, or you can set the default value to 0. This way you don't have to enter it each time.

[losse]

What's this error?

Fatal error: Call to undefined function: clean_input() in /yadayada/cms_login.php on line 4

this is line 4: WHERE id = '". clean_input($_POST['id']) ."'

[Nico]

Remember the function I posted in your other thread? I used it here since I knew you had it. Include your functions.php file and it should work.

[losse]

Right.. thanks for that reminder...

That's weird now it says
Wrong username or password.

when I refresh the page... followed by the client ID field and the password field?

I checked all the fields in the DB and they match the form...

[Nico]

Try replacing this

PHP Code:

 $query = mysql_query("

          SELECT * FROM users 

          WHERE username = '". clean_input($_POST['username']) ."' 

          AND password = '". clean_input($_POST['password']) ."'

"); 

with this

PHP Code:

 $query = mysql_query("

          SELECT * FROM users 

          WHERE username = '". clean_input($_POST['username']) ."' 

          AND password = '". clean_input($_POST['password']) ."'

") OR die( mysql_error() ); 

Any errors?

[losse]

Still getting the same error... by the way instead of "username" I have the field called "id"

By the way, there isn't anyone with a permission of "1" in the table.. .woudl this make a difference?

[Nico]

It shoud redirect to edit_user.php if $userinfo['permission'] isn't set or empty. Does the username or password contain any special characters that clean_input() removes? Try removing the function just to see if it works without.

Give this a try.

PHP Code:

$query ="SELECT * FROM users 

          WHERE username = '". $_POST['id'] ."' 

          AND password = '". $_POST['password'] ."'";



$result = mysql_query($query) OR die( mysql_error() .'<br />'. $query);



if (mysql_num_rows($result) == 1)   // User found

{



// Rest of code....