how do u make the page different..... i mean.. i want ALL the members except my username: webmaster to see one site.. and i want myself to see my admin... how do i do this? still have the same old member's area.<!-- m --><a class="postlink" href="http://www.htmlforums.com/showthread.php?s=&threadid=19071ummm.">http://www.htmlforums.com/showthread.ph ... 19071ummm.</a><!-- m -->. that didnt help me much...umm yes it did. you have to use cookies and / or sessionsi already know how to make sessions.. i have 5 members including me in my database.. my friend told me to put an extra field and call it 'level' so that everybody else is 'user' except me, which is 'admin'. he said u have to set them as a variable with an if else statment...well you can also make it so it reads the session adn if your name is listed it will show wha tyou want or not show what you want.
if you do it that way your friend said it should be pretty easy. just check for that level and do what you want depending on the level. show the new members will automatically be set as member and you will be the only admin. or unless you change it down the road.
like I said, there are various ways to do what you want, sessions anc cookies is one option. the DB is another.ok.. i want to use sessions..how might i start this?ok, in every file you want to use sessions you have to start them first.
session_start();
that goes in the file and the very top, usulaly right after the <?
then when the users sign up you want to get their info adn store some of it in the session. like their userid.
$_SESSION['userid'] = $userid // form db
then you need to check for that when you want to show a certain part of the site to certain members.heres my code.. its really confusing..
<!-- m --><a class="postlink" href="http://jeremy.resource-locator.com/brad.txt">http://jeremy.resource-locator.com/brad.txt</a><!-- m -->
thats when u login and it takes u to members.php
i want it to take to either members.php or admin.php depending if they are a member or admin. i want to make sure the member CAN NOT access admin.php unless logined in as the webmaster.. ok///see this
else {
session_register("username"); // don't use that, it is deprecated
echo 'You are now logged in. Please wait while you are redirected.';
do it like this
$_SESSION['username'] = $username;
$_SESSION['userid'] = $userid;
then you want to check for the session at the top.
if ((!$_SESSION['username']) OR (!$_SESSION['userid'])){
?>
<script>
function back()
{
location.href=http://www.htmlforums.com/archive/index.php/"<? echo $HTTP_REFERER ?>";
}
setTimeout("back()",6000);
</script>
<?
}
what version of php do you have? if it is lower then 4.0 then I would upgrade. and if you have register_globals set to on then I would turn this off as well. Security reason has it off as default.
also it is easier to use the meta tag refresh instead of teh way you have it.ok can u post all the code so it'll be easier...
a littel lazy I see 
also what version of php are you using?? also when you go in and out of php is real confusing.
<?
session_start();
if ((!$_SESSION['username']) OR (!$_SESSION['userid'])){
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL={$_SERVER['REQUEST_URI']}\">";
}
$db_host = "xxxxxx";
$db_user = "xxxxxx";
$db_pass = "xxxxx";
$db_name = "xxxx";
// check login and password
// connect and execute query
$connection = mysql_connect($db_host, $db_user, $db_pass) or die
("Unable to connect!");
$query = "SELECT * FROM members WHERE username='$username' AND password='$password'";
$result = mysql_db_query($db_name,$query,$connection);
$total = mysql_num_rows($result);
if($total==0 || $username ==" "|| $password == '')
{
?>
<p>Login Error</p>
<p>Sorry. Your username is incorrect. Please try again.</p>
<script>
function back()
{
location.href=http://www.htmlforums.com/archive/index.php/"<? echo $HTTP_REFERER ?>";
}
setTimeout("back()",6000);
</script>
<?
halt;
}
else
{
list($id,$password)=mysql_fetch_row($result);
if($password!==$password)
{
?>
<p>Login Error</p>
<p>I'm sorry but your password is incorrect. Please try again!</p>
<?
halt;
}
else
{
$_SESSION['username'] = $username;
$_SESSION['userid'] = $userid;
session_register("username"); //should use as it is deprecated
echo 'You are now logged in. Please wait while you are redirected.';
?>
<script>
function next()
{
location.href=http://www.htmlforums.com/archive/index.php/"members.php";
}
setTimeout("next()",4000);
</script>
<?
}
}?>uh... now i cant login all i'm asking is how do i make session that would check the level of the username with the id. here is my database layout:
****************************
*ID*USERNAME*PASSWORD*LEVEL*
****************************
*01* bob * fish * user*
*02* admin * dog *admin*
****************************
u see, everytime a user signs on they see the same page i see.. which is not good.....because i have my admin controls on it....i just gave you the code because i dont know where to put the Session for the level.....what version of php do you have?
edit: also where is the stuff you don't want the regular users to see? also if you have admin stuff in the members file then that is pretty unsafe. you should have your admin stuff in a seperate file way form the user folders. never have them in the safe folder or files. Alos thre is no such funtion as halt;
so try this
<?
session_start();
$db_host = "xxxxxx";
$db_user = "xxxxxx";
$db_pass = "xxxxx";
$db_name = "xxxx";
// check login and password
// connect and execute query
mysql_connect($db_host, $db_user, $db_pass) or die("Unable to connect!");
mysql_select_db ($db_name);
$result = mysql_query("SELECT * FROM members WHERE username='{$_POST['username']}' AND password='{$_POST['password']}'");
$total = mysql_num_rows($result);
if ($total==0){
echo"<p>Login Error</p>":
echo"<p>Sorry. Your username is incorrect. Please try again.</p>";
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL={$_SERVER['REQUEST_URI']}\">";
exit;
} else {
$row =mysql_fetch_array($result);
if ($row['password']!= $_POST['password']){
echo"<p>Login Error</p>";
echo"<p>I'm sorry but your password is incorrect. Please try again!</p>";
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL={$_SERVER['REQUEST_URI']}\">";
exit;
} else {
$_SESSION['username'] = $row['username'];
$_SESSION['level'] = $row['level'];
echo 'You are now logged in. Please wait while you are redirected.';
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL=members.php\">";
}
}
?>i have no clue..you don't have any clue on what version you have??
make a new file and put this in it.
<?
phpinfo();
?>
and then run it on you site. it will tell you all you need to <!-- m --><a class="postlink" href="knowhttp://jeremy.resource-locator.com/test.php">knowhttp://jeremy.resource-locator.com/test.php</a><!-- m -->
well.. i havent made a page just for the users yet, but i did make next.php......which is what i want to be the default page for regular users..
my admin stuff is in another folder called: /admin/
anybody can SEE it, but nobody can EDIT or DELETE anything.. i used my member's area as a password protection for it.....ok it worked.. now all my pages that were protected arent protected anymore.... i made a username and password for you:
username: scoutt
password: php
when u login you will be redirected to members.php.. when u click next i want it to display either my ADMIN controls or a default user setting depending on the level..what are you talking about not protected anymore? it was never protected in the beginning....
and where am I suppose to login at?http://jeremy.resource-locator.com/members/
actually they were....the cod eyou have here
<!-- m --><a class="postlink" href="http://jeremy.resource-locator.com/brad.txt">http://jeremy.resource-locator.com/brad.txt</a><!-- m -->
is not protecting anything. if you have more code than that then I can't see it. and the only thing I changed is the the script to go back and the login again. beside changing teh code so you are using the most current functions and the code will run faster. you had some functions in there that are deprecated or no longer used.
I logged in and go ta page that says thank you for logging in and the link I see is to the next.php page.
if you want to see what the levels are then you need to do somethign like this
if ($_SESSION['level'] == "admin"){
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL=/admin/admin.php\">";
} else {
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL=members.php\">";
}
that is protecting pages, but still shouldn't even have links to your admin pages anywhere in the users pages.yeo thanks!
if you do it that way your friend said it should be pretty easy. just check for that level and do what you want depending on the level. show the new members will automatically be set as member and you will be the only admin. or unless you change it down the road.
like I said, there are various ways to do what you want, sessions anc cookies is one option. the DB is another.ok.. i want to use sessions..how might i start this?ok, in every file you want to use sessions you have to start them first.
session_start();
that goes in the file and the very top, usulaly right after the <?
then when the users sign up you want to get their info adn store some of it in the session. like their userid.
$_SESSION['userid'] = $userid // form db
then you need to check for that when you want to show a certain part of the site to certain members.heres my code.. its really confusing..
<!-- m --><a class="postlink" href="http://jeremy.resource-locator.com/brad.txt">http://jeremy.resource-locator.com/brad.txt</a><!-- m -->
thats when u login and it takes u to members.php
i want it to take to either members.php or admin.php depending if they are a member or admin. i want to make sure the member CAN NOT access admin.php unless logined in as the webmaster.. ok///see this
else {
session_register("username"); // don't use that, it is deprecated
echo 'You are now logged in. Please wait while you are redirected.';
do it like this
$_SESSION['username'] = $username;
$_SESSION['userid'] = $userid;
then you want to check for the session at the top.
if ((!$_SESSION['username']) OR (!$_SESSION['userid'])){
?>
<script>
function back()
{
location.href=http://www.htmlforums.com/archive/index.php/"<? echo $HTTP_REFERER ?>";
}
setTimeout("back()",6000);
</script>
<?
}
what version of php do you have? if it is lower then 4.0 then I would upgrade. and if you have register_globals set to on then I would turn this off as well. Security reason has it off as default.
also it is easier to use the meta tag refresh instead of teh way you have it.ok can u post all the code so it'll be easier...
a littel lazy I see also what version of php are you using?? also when you go in and out of php is real confusing.<?
session_start();
if ((!$_SESSION['username']) OR (!$_SESSION['userid'])){
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL={$_SERVER['REQUEST_URI']}\">";
}
$db_host = "xxxxxx";
$db_user = "xxxxxx";
$db_pass = "xxxxx";
$db_name = "xxxx";
// check login and password
// connect and execute query
$connection = mysql_connect($db_host, $db_user, $db_pass) or die
("Unable to connect!");
$query = "SELECT * FROM members WHERE username='$username' AND password='$password'";
$result = mysql_db_query($db_name,$query,$connection);
$total = mysql_num_rows($result);
if($total==0 || $username ==" "|| $password == '')
{
?>
<p>Login Error</p>
<p>Sorry. Your username is incorrect. Please try again.</p>
<script>
function back()
{
location.href=http://www.htmlforums.com/archive/index.php/"<? echo $HTTP_REFERER ?>";
}
setTimeout("back()",6000);
</script>
<?
halt;
}
else
{
list($id,$password)=mysql_fetch_row($result);
if($password!==$password)
{
?>
<p>Login Error</p>
<p>I'm sorry but your password is incorrect. Please try again!</p>
<?
halt;
}
else
{
$_SESSION['username'] = $username;
$_SESSION['userid'] = $userid;
session_register("username"); //should use as it is deprecated
echo 'You are now logged in. Please wait while you are redirected.';
?>
<script>
function next()
{
location.href=http://www.htmlforums.com/archive/index.php/"members.php";
}
setTimeout("next()",4000);
</script>
<?
}
}?>uh... now i cant login
all i'm asking is how do i make session that would check the level of the username with the id. here is my database layout:****************************
*ID*USERNAME*PASSWORD*LEVEL*
****************************
*01* bob * fish * user*
*02* admin * dog *admin*
****************************
u see, everytime a user signs on they see the same page i see.. which is not good.....because i have my admin controls on it....i just gave you the code because i dont know where to put the Session for the level.....what version of php do you have?
edit: also where is the stuff you don't want the regular users to see? also if you have admin stuff in the members file then that is pretty unsafe. you should have your admin stuff in a seperate file way form the user folders. never have them in the safe folder or files. Alos thre is no such funtion as halt;
so try this
<?
session_start();
$db_host = "xxxxxx";
$db_user = "xxxxxx";
$db_pass = "xxxxx";
$db_name = "xxxx";
// check login and password
// connect and execute query
mysql_connect($db_host, $db_user, $db_pass) or die("Unable to connect!");
mysql_select_db ($db_name);
$result = mysql_query("SELECT * FROM members WHERE username='{$_POST['username']}' AND password='{$_POST['password']}'");
$total = mysql_num_rows($result);
if ($total==0){
echo"<p>Login Error</p>":
echo"<p>Sorry. Your username is incorrect. Please try again.</p>";
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL={$_SERVER['REQUEST_URI']}\">";
exit;
} else {
$row =mysql_fetch_array($result);
if ($row['password']!= $_POST['password']){
echo"<p>Login Error</p>";
echo"<p>I'm sorry but your password is incorrect. Please try again!</p>";
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL={$_SERVER['REQUEST_URI']}\">";
exit;
} else {
$_SESSION['username'] = $row['username'];
$_SESSION['level'] = $row['level'];
echo 'You are now logged in. Please wait while you are redirected.';
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL=members.php\">";
}
}
?>i have no clue..you don't have any clue on what version you have??
make a new file and put this in it.
<?
phpinfo();
?>
and then run it on you site. it will tell you all you need to <!-- m --><a class="postlink" href="knowhttp://jeremy.resource-locator.com/test.php">knowhttp://jeremy.resource-locator.com/test.php</a><!-- m -->
well.. i havent made a page just for the users yet, but i did make next.php......which is what i want to be the default page for regular users..
my admin stuff is in another folder called: /admin/
anybody can SEE it, but nobody can EDIT or DELETE anything.. i used my member's area as a password protection for it.....ok it worked.. now all my pages that were protected arent protected anymore.... i made a username and password for you:
username: scoutt
password: php
when u login you will be redirected to members.php.. when u click next i want it to display either my ADMIN controls or a default user setting depending on the level..what are you talking about not protected anymore? it was never protected in the beginning....
and where am I suppose to login at?http://jeremy.resource-locator.com/members/
actually they were....
the cod eyou have here<!-- m --><a class="postlink" href="http://jeremy.resource-locator.com/brad.txt">http://jeremy.resource-locator.com/brad.txt</a><!-- m -->
is not protecting anything. if you have more code than that then I can't see it. and the only thing I changed is the the script to go back and the login again. beside changing teh code so you are using the most current functions and the code will run faster. you had some functions in there that are deprecated or no longer used.
I logged in and go ta page that says thank you for logging in and the link I see is to the next.php page.
if you want to see what the levels are then you need to do somethign like this
if ($_SESSION['level'] == "admin"){
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL=/admin/admin.php\">";
} else {
echo"<META HTTP-EQUIV=\"Refresh\" Content=\"3;URL=members.php\">";
}
that is protecting pages, but still shouldn't even have links to your admin pages anywhere in the users pages.yeo thanks!