login script with two levels of access

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jsd219
    #1

    login script with two levels of access

    Can anyone help with this code please! I am a novice and need help.

    I have two hard coded user ids and passwords with an additional field
    called level. for the sake of
    this explanation lets call them.
    user_id - abc password - 123 level - 1
    user-id - xyz password - 456 level - 2

    I have two separate admin pages called list_pages.php and
    list_pages1.php

    I need a login to allow people that sign in with login "abc" to be
    able to access "list_pages.php " and people that login in with "xyz"
    to be able to access "list_pages1.ph p"

    can anyone help, Please. I am desperate

    God bless
    jason

    Tags: None
    • SterLo
      #2
      Re: login script with two levels of access

      Well...

      Try this...

      It's a little rough but you should get the basic idea.
      -------------
      <?php
      $user1 = "abc";
      $user2 = "xyz";
      $pass1 = "123";
      $pass2 = "456";

      $action = (isset($_POST["submit"])) ? $_POST["submit"] :NULL;

      if($action == "submit") {
      $showForm = false;
      $user = $_POST["username"];
      $pass = $_POST["password"];
      if($user == $user1 && $pass == $pass1) {
      /* Include your files here for user1. */
      }elseif($user == $user2 && $pass == $pass2) {
      /* Include your files here for user2. */
      }else{
      /* Do error stuff here. */
      $showForm = true;
      }
      }
      ?>
      <?php if($showForm == true) {
      <form method="post" action="index.p hp">
      <label for="username"> Username:</label>
      <input id="username" name="username" type="text" value="" />
      <label for="password"> Password:</label>
      <input id="password" name="password" type="password" value="" />
      <input type="submit" name="submit" id="submit" value="Submit" />
      </form>
      <?php } ?>

        Comment

        • jsd219
          #3
          Re: login script with two levels of access

          On May 31, 9:31 am, SterLo <sterling.hamil ...@gmail.comwr ote:
          Well...
          >
          Try this...
          >
          It's a little rough but you should get the basic idea.
          -------------
          <?php
          $user1 = "abc";
          $user2 = "xyz";
          $pass1 = "123";
          $pass2 = "456";
          >
          $action = (isset($_POST["submit"])) ? $_POST["submit"] :NULL;
          >
          if($action == "submit") {
          $showForm = false;
          $user = $_POST["username"];
          $pass = $_POST["password"];
          if($user == $user1 && $pass == $pass1) {
          /* Include your files here for user1. */
          }elseif($user == $user2 && $pass == $pass2) {
          /* Include your files here for user2. */
          }else{
          /* Do error stuff here. */
          $showForm = true;
          }
          }
          ?>
          <?php if($showForm == true) {
          <form method="post" action="index.p hp">
          <label for="username"> Username:</label>
          <input id="username" name="username" type="text" value="" />
          <label for="password"> Password:</label>
          <input id="password" name="password" type="password" value="" />
          <input type="submit" name="submit" id="submit" value="Submit" />
          </form>
          <?php } ?>
          Will this not show the user names and passwords in the source code
          allowing anyone to pull up the code and get the passwords?

          God bless
          jason

            Comment

            • Jerry Stuckle
              #4
              Re: login script with two levels of access

              jsd219 wrote:
              On May 31, 9:31 am, SterLo <sterling.hamil ...@gmail.comwr ote:
              >Well...
              >>
              >Try this...
              >>
              >It's a little rough but you should get the basic idea.
              >-------------
              ><?php
              > $user1 = "abc";
              > $user2 = "xyz";
              > $pass1 = "123";
              > $pass2 = "456";
              >>
              > $action = (isset($_POST["submit"])) ? $_POST["submit"] :NULL;
              >>
              > if($action == "submit") {
              > $showForm = false;
              > $user = $_POST["username"];
              > $pass = $_POST["password"];
              > if($user == $user1 && $pass == $pass1) {
              > /* Include your files here for user1. */
              > }elseif($user == $user2 && $pass == $pass2) {
              > /* Include your files here for user2. */
              > }else{
              > /* Do error stuff here. */
              > $showForm = true;
              > }
              > }
              >?>
              ><?php if($showForm == true) {
              ><form method="post" action="index.p hp">
              > <label for="username"> Username:</label>
              > <input id="username" name="username" type="text" value="" />
              > <label for="password"> Password:</label>
              > <input id="password" name="password" type="password" value="" />
              > <input type="submit" name="submit" id="submit" value="Submit" />
              ></form>
              ><?php } ?>
              >
              Will this not show the user names and passwords in the source code
              allowing anyone to pull up the code and get the passwords?
              >
              God bless
              jason
              >
              Jason,

              It could - if they could display the code. A properly configured
              webserver will parse the code and only send the results to the browser,
              not the code.

              But your concern is well founded. I normally put user id's and
              passwords in an include file outside the document root.

              --
              =============== ===
              Remove the "x" from my email address
              Jerry Stuckle
              JDS Computer Training Corp.
              jstucklex@attgl obal.net
              =============== ===

                Comment

                • C.
                  #5
                  Re: login script with two levels of access

                  On 31 May, 19:58, Jerry Stuckle <jstuck...@attg lobal.netwrote:
                  >
                  It could - if they could display the code. A properly configured
                  webserver will parse the code and only send the results to the browser,
                  not the code.
                  >
                  But your concern is well founded. I normally put user id's and
                  passwords in an include file outside the document root.
                  >
                  See also the recent thread 'how to not write password in code for
                  using to mysql?'

                  (also at http://groups.google.co.uk/group/com...df0802/?hl=en#)

                  C.

                    Comment

                    Previous template Next
                    Working...