SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Enthusiast nkacharani's Avatar
    Join Date
    Oct 2010
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Redirecting users to different pages according to their roles

    hello!..

    I have a table users in my database and I have also a login page where user submit their username and password before entering the system, I was wondering how can I redirect different users to different pages using their roles.

    Can someone please help?

  2. #2
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,189
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    In my head a switch would be a nice solution otherwise a collection of IF statements.

    switch()
    PHP Code:
    // Login code....

    switch ($role) {
        case 
    'user':
            
    $redirect 'user.php';
        break;
        case 
    'moderator':
            
    $redirect 'moderator.php';
        break;
        case 
    'administrator':
            
    $redirect 'administrator.php';
        break;
    }

    header('Location: ' $redirect); 
    IF statement
    PHP Code:
    // Login code...

    if ($role == 'user') {
        
    $redirect 'user.php';
    } else if (
    $role == 'moderator') {
        
    $redirect 'moderator.php';
    } else if (
    $role == 'administrator') {
        
    $redirect 'administrator.php';
    }

    header('Location: ' $redirect); 

  3. #3
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,495
    Mentioned
    161 Post(s)
    Tagged
    4 Thread(s)
    Or a roles table, with a row for each role, and containing the role id, the page for that role, and whatever other info about the roles you need.

  4. #4
    SitePoint Enthusiast nkacharani's Avatar
    Join Date
    Oct 2010
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    <?php
    // process the script only if the form has been submitted
    if (array_key_exists('login', $_POST)) {
    // start the session
    session_start();
    require_once('includes/dbConnect.inc.php'); //connect to the database
    include 'includes/title.inc.php'; //display title
    include ('includes/corefuncs.inc.php');
    // clean the $_POST array and assign to shorter variables
    nukeMagicQuotes();
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);
    //$userrole = $_POST['userrole'];
    $userrole = $_POST['userrole'];

    // connect to the database as a restricted user
    $conn = dbConnect('query');
    // get the username's details from the database
    $sql = "SELECT * FROM users WHERE username = '$username'";
    $result = mysql_query($sql);
    $row = mysql_fetch_assoc($result);

    if (md5($password)== $row['password']) {
    $_SESSION['authenticated'] = 'Nkacharani';
    }
    // if no match, destroy the session and prepare error message
    else {
    $_SESSION = array();
    session_destroy();
    $error = 'Invalid username or password';
    }
    // if the session variable has been set, redirect
    if (isset($_SESSION['authenticated'])) {
    // get the time the session started
    $_SESSION['start'] = time();
    switch($userrole){
    case 'admin':
    header('Location: front_page.php');
    break;
    case 'clerk':
    header('Location: clerk.php');
    break;
    case 'user':
    header('Location: user_list.php');
    }
    }
    ?>

    <?php
    if (isset($error)) {
    echo "<p>$error</p>";
    }
    elseif (isset($_GET['expired'])) {
    ?>
    <p>Your session has expired. Please log in again.</p>
    <?php } ?>
    <h2 align="center">Enter your username and password</h2>

    <form id="log" name="login" method="post" class="details" action="">

    <div >
    <label class="fixedwidth">Username/label>
    <input name="username" id="username" type="text" class="fixedwidth" />
    </div>

    <div >
    <label class="fixedwidth">Password/label>
    <input name="password" id="password" type="password" class="fixedwidth" />
    </div>
    <div>
    <input type="hidden" name="userrole" value="<?php echo $userrole; ?>" />
    </div>
    <div class="buttonarea">
    <input name="login" id="login" type="submit" value="User Login" />
    </div>
    </form>

    Thank you!...
    ....this is what I had before and I have added the switch code if I enter username and password it is not redirecting anywhere and no any errors messages

  5. #5
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,495
    Mentioned
    161 Post(s)
    Tagged
    4 Thread(s)
    You have userrole as a hidden field in the form. Not only is this a security risk, but you don't even give it a value (try doing a print_r of $_POST and you'll see it's empty), so the switch will never redirect anywhere.

  6. #6
    SitePoint Enthusiast nkacharani's Avatar
    Join Date
    Oct 2010
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I did that because I thought it would help me to compare the roles from table users. Can you help me the best way to do it.

    I am stack real!

  7. #7
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,495
    Mentioned
    161 Post(s)
    Tagged
    4 Thread(s)
    How do you know what role a user has?

  8. #8
    SitePoint Enthusiast nkacharani's Avatar
    Join Date
    Oct 2010
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I guess what I want to do is; Check the username against its userrole in a table and if the role is admin say I would direct the user to Admin page. So I thought by fetching the userrole as a hidden field I could just use it in switch code to check the user role and redirect user accordingly.

  9. #9
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,495
    Mentioned
    161 Post(s)
    Tagged
    4 Thread(s)
    Ok, assuming you have userrole column in your users table, all you have to do is
    PHP Code:
    $userrole $row['userrole']; 
    after you've fetched the result from your query and before you reach the switch.

    Don't use the hidden field in the form. A malicious user could make himself admin by sending the correct value for that field.

  10. #10
    SitePoint Enthusiast nkacharani's Avatar
    Join Date
    Oct 2010
    Posts
    53
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you!..., Its done.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •