Hi all, I'm looking for some advice about control user access to parts of my PHP site would be....
At present, I have the log in script:
This obviously authorises the user based upon the username and password entered. I'm looking to simply restrict access to one or two pages on the website, to those logged in as Admin.
Is there any obvious issues about the above code? I'm not bothered about user type - as all logged in users will have the same privileges - ie. admin privileges. The point of passwording the site is to stop others from changing the database contents etc.
Is there any code I could use within the "You are authorised" statement, which would auto redirect to a page - of options only accessible to logged in users?
Thanks
At present, I have the log in script:
Code:
<?php
$auth = false; // Assume user is not authenticated
if (isset( $PHP_AUTH_USER ) && isset($PHP_AUTH_PW)) {
// Connect to MySQL
mysql_connect( 'localhost', 'root', '' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'Technician_support' )
or die ( 'Unable to select database.' );
// Formulate the query
$sql = "SELECT * FROM users WHERE
username = '$PHP_AUTH_USER' AND
password = '$PHP_AUTH_PW'";
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// A matching row was found - the user is authenticated.
$auth = true;
}
}
if ( ! $auth ) {
header( 'WWW-Authenticate: Basic realm="Private"' );
header( 'HTTP/1.0 401 Unauthorized' );
echo 'Authorization Required.';
exit;
} else {
echo '<P>You are authorized!</P>';
echo '<A HREF="editfault.php"> Edit Fault </A>';
}
?>This obviously authorises the user based upon the username and password entered. I'm looking to simply restrict access to one or two pages on the website, to those logged in as Admin.
Is there any obvious issues about the above code? I'm not bothered about user type - as all logged in users will have the same privileges - ie. admin privileges. The point of passwording the site is to stop others from changing the database contents etc.
Is there any code I could use within the "You are authorised" statement, which would auto redirect to a page - of options only accessible to logged in users?
Thanks
Last edited: