Home arrow PHP arrow Page 2 - Project Management: Administration

The Admin Login Script - PHP

If you've followed along as we've built the core and authentication sections of a project management application, you can guess what this article is all about. It will walk you through the scripts you need to employ to add an administration section to the application. It will enable administrators to complete tasks that you may not want to allow all of your application's users to do.

TABLE OF CONTENTS:
  1. Project Management: Administration
  2. The Admin Login Script
  3. The Index Page
  4. The Other Scripts
By: David Web
Rating: starstarstarstarstar / 1
August 25, 2008

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

When a user uses the project management application, they have to log in to be given access to the application. This access will be granted if the user is in the database. The code for this verification process is something like this:


<?php

include "dbcon.php";

include "functions.php";

//initialise variables

$err="";

$errmsg=false;


//is form submitted?

if(isset($_POST['submit'])){

//check that the form values are not empty, if so, set errormsg value

if(empty($_POST['uname'])){

$errmsg="The username field is empty, please enter a username<br>";

$err=true;

}

if(empty($_POST['upass'])){

$err=true;

$errmsg .="The password field is empty, please enter password<br>";

}


//check that the username is in correct format

if(!checkformat($_POST['uname'])){

$err=true;

$errmsg .="The username that you entered has a incorrect format.<br>";

}



//if there is no errors above, then clean the form values before using in query.

if(!$err){

$cleanuname = mysql_escape_string($_POST['uname']);

$cleanupass = mysql_escape_string($_POST['upass']);


$checkuser = "SELECT * from users WHERE uname = '".$cleanuname."' AND upass = '".$cleanupass."'";

$checkuser_res = mysql_query($checkuser);

$checkuser_num = mysql_num_rows($checkuser_res);


if($checkuser_num > 0){

//if user exists and passes authentication

//setup session variables and redirect to index page

$row = mysql_fetch_assoc($checkuser_res);

$_SESSION['name'] = $row['name']." ".$row['sname'];

$_SESSION['uid'] = $row['uid'];

$_SESSION['level'] = $row['level'];


//redirect

header("location:main.php");

}else{

//if values do not match set errmsg

$err=true;

$errmsg .="The username or password you entered does not match.<br> MYSQL ERROR ".mysql_error();

}//else


}//end $err check


} //end form submit check


?>

This is verification stage one. The important part in this code is the one listed below:

if($checkuser_num > 0){

//if user exists and passes authentication

//setup session variables and redirect to index page

$row = mysql_fetch_assoc($checkuser_res);

$_SESSION['name'] = $row['name']." ".$row['sname'];

$_SESSION['uid'] = $row['uid'];

$_SESSION['level'] = $row['level'];


//redirect

header("location:main.php");

Take a closer look at where the authentication process successfully verifies the user. It is at this point that the user's details are transferred into session variables, i.e:

$_SESSION['level'] = $row['level'];

These are the login variables that the secondary admin login script uses to determine if a user has the right to access the admin section:

<?php

ob_start();

session_start();

if(isset($_SESSION['level'])){

$level = $_SESSION['level'];

//if the access level is admin, then grant access to user

if($level == "admin"){

header("location:index.php");

As you can see from the above code snippet, the user access level information is stored in the $_SESSION['level'], which is then transferred to a local variable called "$level."

$level = $_SESSION['level'];

The value of the local variable is then compared against a string called "admin":

if($level == "admin"){

If the value that is contained in the $level variable is admin, then the user is granted access to the admin section. Otherwise the user is redirected to the main login page:

}else{//level does not contain admin, redirect user to login page

header("location:../login.php");

}

If the session variable is not set, it means that this user is trying to access the page without going through any of the login checks that are required. The script simply redirects them to the main login page:

}else{

//send user to login

header("location:../login.php");


}//end session check


ob_end_flush();

?>

The ob_end_flush() function is then used to "flush" out any unsent headers to avoid the "headers already sent" error message.



 
 
>>> More PHP Articles          >>> More By David Web
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: