Discussion – Lesson 7 - NOO-CMS - Displaying articles in PHP

Back

Comments

lawrence njoroge

Member

lawrence njoroge:2/26/2017 0:31

heloo i want some little asistance please, i want to make a code that directs the admin to the administration page and the other users to articles page how to i do that
sign in php code

<?php
session_start();
require('Db.php');
Db::connect('127.0.0.1', 'noocms_db', 'root', '');

if (isset($_SESSION['user_id']))
{
        header('Location: administration.php');
        exit();
}

if ($_POST)
{
        $user = Db::queryOne('
                SELECT user_id, admin
                FROM user
                WHERE name=? AND password=SHA1(?)
        ', $_POST['name'], $_POST['password'] . "t&#ssdf54gh");
        if (!$user)
                $notice = 'Invalid name or password.';

        if(user)
        {
                $_SESSION['user_id'] = $user['user_id'];
                $_SESSION['user_name'] = $_POST['name'];
                $_SESSION['user_admin'] = $user['admin'];
                header('Location: administration.php');
                exit();
        }
 else
         {$_SESSION['user_id'] = $user['user_id'];
           $_SESSION['user_name'] = $_POST['name'];
           header('Location: reports.php');
           exit();


         }
}
?>

adimistration code

<?php
session_start();
if (!isset(!$_SESSION['user_id']))
{
        header('Location: sign-in.php');
        exit();
}

if (isset($_GET['sign-out']))
{
        session_destroy();
        header('Location: sign-in.php');
        exit();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
        <meta charset="utf-8" />
        <link rel="stylesheet" href="style.css" type="text/css" />
        <title>Administration</title>
</head>

<body>
    <header>
                        <div id="logo"><h1></h1></div>
                <nav>
                        <ul>
                            <li><a href="home.php">Home</a></li>
                                <li><a href="about.php">About us</a></li>
                                <li><a href="members.php">members</a></li>
                                <li><a href="contact.php">Contact</a></li>
                                <li><a href="administration.php?sign-out">Sign-out</a></li>>
                        </ul>
                </nav>
</header>
<article>
        <div id="centerer">
                <header>
                        <h1>Administration</h1>
                </header>
                <section>
                        <p>Welcome to the administration, you're signed in as <?= htmlspecialchars($_SESSION['user_name']) ?>.</p>
                        <?php
                                if ($_SESSION['user_admin'])
                                        echo("You don't have an administrator role, ask the administrator for it.");
                        ?>
                        <h2><a href="editor.php">Article editor</a></h2>
                        <h2><a href="articles.php">Article list</a></h2>
                        <h2> register a new member<a href="sign-up.php">sign-up</a> </h2>
                </section>
                <div class="clear"></div>
        </div>
</article>
    <footer>
        Made by &copy;<a href="http://www.facebook.com/lawnj">lawrence</a>
    </footer>
</body>
</html>

2/26/2017 0:31

where there is will there is a way

IT Man

Member

IT Man:2/26/2017 1:47

You have admin permission in $_SESSION['user_admin'], so use something like this:

if (isset($_SESSION['user_admin']) && $_SESSION['user_admin'] == 1)
{
    header('Location: admin-page.php');
    exit();
}
else
{
    header('Location: article.php');
    exit();
}

2/26/2017 1:47

lawrence njoroge

Member

lawrence njoroge:2/26/2017 13:28

still the code doesn't work

<?php
session_start();
require('Db.php');
Db::connect('127.0.0.1', 'noocms_db', 'root', '');

if (isset($_SESSION['user_id']))
{
        header('Location: administration.php');
        exit();
}

if ($_POST)
{
        $user = Db::queryOne('
                SELECT user_id, admin
                FROM user
                WHERE name=? AND password=SHA1(?)
        ', $_POST['name'], $_POST['password'] . "t&#ssdf54gh");
        if (!$user) {
        $notice = 'Invalid name or password.';
    }else
        {
                $_SESSION['user_id'] = $user['user_id'];
                $_SESSION['user_name'] = $_POST['name'];
     if (isset($_SESSION['user_admin']) && $_SESSION['user_admin'] == 1)
{
    header('Location: administration.php');
    exit();
}
else
{
    header('Location: reports.php');
    exit();
}

        }
}
?>

the admin an other users are taken to the reports.php page

2/26/2017 13:28

where there is will there is a way

IT Man

Member

IT Man:2/26/2017 16:10

Yes, sure. You removed setting permission for $_SESSION. So before if with redirects add this:

$_SESSION['user_admin'] = $user['admin'];

2/26/2017 16:10

lawrence njoroge

Member

lawrence njoroge:2/27/2017 11:06

Thank you man 8-)

2/27/2017 11:06

where there is will there is a way

Kev Harris

Member

Kev Harris:1/16/2020 16:36

Great tutorial, thank you.

1/16/2020 16:36

Dream like you will live forever, Live like you will die tomorrow.

PHP professional, $7000 a month. Like the sound of that? We'll get you there for $120.

Discover more...

PHP professional, $7000 a month. Like the sound of that? We'll get you there for $120.

PHP e-shop course

To maintain the quality of discussion, we only allow registered members to comment. Sign in. If you're new, Sign up, it's free.

6 messages from 6 displayed.