user and administrator login

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
georgehowell
Forum Newbie
Posts: 9
Joined: Fri Apr 23, 2010 8:44 am

user and administrator login

Post by georgehowell »

hallo php gurus,
the following code seems to have a problem differentiating between a user and administrator login:
<?php
@session_start();

function __autoload($class_name) {
require_once $class_name . '.php';
}

if(isset($_POST['username']) && isset($_POST['password']))
{
$user = new User();

if($user->login($_POST['username'], $_POST['password']))
{
$_SESSION['user'] = $user;
include("home.php");
exit();
}
}
?>
The intention is, that the Administrator is redirected to the Admin section of the site upon login, while all other users surf as usual. The "status" column in the database differentiates all other users from the administrator by containing either a "1" or "0", one being the Administrator.

Anyway, this is my attempt, which has errors.
If anyone out there has a more efficient approach to login forms, please let me know.
Thanks,
georgehowell
User avatar
markusn00b
Forum Contributor
Posts: 298
Joined: Sat Oct 20, 2007 2:16 pm
Location: York, England

Re: user and administrator login

Post by markusn00b »

Take away that @ on line 2. Never use that symbol. I will hunt you down if you do!

How are you determining whether the user is a regular user or an administrative user? In the code you posted, there doesn't appear to be any checks for this. In your User model, I suggest you have User::getStatus() method that returns the User's status. Check the return value of this function. If it's equal to 1, send him to the admin page, otherwise, send him to the regular users page.

Mark.

P.S. It makes sense to have, in your User's model class, some constants holding the possible statuses for users. So you could do something like:

Code: Select all

if ($user->getStatus() === User::STATUS_ADMIN) { /** redirect to admin */ }
This way, when you add more user statuses (remember: requirements are always changing) you only have to change the value of the constants, instead of changing the logic-code.
georgehowell
Forum Newbie
Posts: 9
Joined: Fri Apr 23, 2010 8:44 am

Re: user and administrator login

Post by georgehowell »

Hi Mark,
thanx for your comments.
My teacher at college wrote this, but there's something wrong, and i'm not sure what it is.

Following is the "User.php" file:

<?php
class User extends ConnectToDb {

public $username = "";
private $cart;
private $products = array();

public function __construct() {
parent::__construct();
}

public function login($username,$password) {
$ps = $this->db->prepare("Select username, password from sz_users where username = ? and password = ?");
$this->username = $username;
$ps->execute(array($username,$password));
return ($ps->rowCount() == 1);
}

public function register($username,$password,
$firstname,$lastname,$dob,$street,$city,$country,
$zip,$homeAreaCode,$homeNo,$workAreaCode,$workNo,
$email,$subscribe) {
$ps = $this->db->prepare("Insert into SZ_users (username,password,firstname,
lastname,dob,street,city,country,zip,homeAreaCode,
homeNo,workAreaCode,workNo,email,subscribe) values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");

$ps->execute(array($username,$password,
$firstname,$lastname,$dob,$street,$city,
$country,$zip,$homeAreaCode,$homeNo,
$workAreaCode,$workNo,$email,$subscribe));

return ($ps->rowCount() == 1);
}

function get_username() {
return $this->username;
}
public function __sleep() {
return array("username","cart","products");
}
public function __toString() {
return "user = " . $username;
}
}
?>



The only difference between a user and the administrator is determined by one column in the database table for "users", which is "status" -ie, 1 instead of 0..
Sorry, but i'm not sure how to present this problem. I've been mostly guessing up until now.
User avatar
markusn00b
Forum Contributor
Posts: 298
Joined: Sat Oct 20, 2007 2:16 pm
Location: York, England

Re: user and administrator login

Post by markusn00b »

Your *teacher* wrote that? Must be easy to get a job as a programming teach these days, huh?

Anyway, I can't write this for you and I'm sure you don't want to cheat (I hope).

The first thing you need to do is to update your SELECT statement to also pull the user status from the database. Then, from the $ps variable, you need to take this status and save it into your object ($this->status = $ps->whatever *). Next, add a public method to your class that returns this status.

Then, when this is done, you can simply:

Code: Select all

if ($user->getStatus() === 1) { /** user is an admin */ } else { /** user is regular */ }
Unfortunately, I don't think I can be anymore helpful than this - that is the job of your teacher.

* I have no idea what your database class is doing, so I cannot be anymore specific than this.

Mark.
georgehowell
Forum Newbie
Posts: 9
Joined: Fri Apr 23, 2010 8:44 am

thanks

Post by georgehowell »

appreciate all your help Mark
here's the site if you'd like a look: http://www.relativity.net.au/webdiploma ... index.html
probably needed a bit more ground work in PHP before attempting this one however.
All the best to you sir,

cheers,
George
User avatar
markusn00b
Forum Contributor
Posts: 298
Joined: Sat Oct 20, 2007 2:16 pm
Location: York, England

Re: thanks

Post by markusn00b »

georgehowell wrote:appreciate all your help Mark
here's the site if you'd like a look: http://www.relativity.net.au/webdiploma ... index.html
probably needed a bit more ground work in PHP before attempting this one however.
All the best to you sir,

cheers,
George
And you, George.

Come back when you have more questions :)
Post Reply