lady_rysher 0 Report post Posted June 16, 2010 salam, nak bertanya, sy dok wat login yang ada access level, contohnya bila admin login system akan direct ke page admin then bile user login system akan direct user ke page user...masalahnya skang ni..sy ade prob sikit, when admin login boleh lepas..trus masuk ke adminye page...tp dia tak boleh pass session...username admin tu tak boleh di display...then bile user biase login, langsung tak lepas..system direct ke access denied nye page...hadeh...fenin dh dok ekjas2...nk mintak jasa baik sahabat2 boleh dak tlong tengok2 kn code ni... pro_log.php [code]<?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); //idpengguna $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Sila masukan Id Pengguna!'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Sila masukkan Katalaluan!'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM staff WHERE ID_Pengguna='$login' AND Kata_Laluan='".md5($_POST['password'])."'"; $result=mysql_query($qry); $mysql=mysql_fetch_array($result); $usertype=$mysql['Tahap_Capaian']; $num=mysql_num_rows($result); //Check whether the query was successful or not if($result) { if($result && $num==1){ //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); echo $_SESSION['SESS_MEMBER_ID'] = $member['ID_Staff']; echo $_SESSION['SESS_FIRST_NAME'] = $member['Nama']; session_write_close(); //header("location: syarat_wajib.php"); //exit(); //include("auth.php"); //include("Index.php"); if($usertype=="1"){ echo $usertype; //echo'<meta http-equiv="refresh" content="0;URL=../skp/syarat_wajib.php">'; } if($usertype=="2"){ echo'<meta http-equiv="refresh" content="0;URL=../skp/staff_baru.php">'; } }else { //Login failed header("location: login_gagal.php"); exit(); } }else { die("Query failed"); } ?> [/code] auth.php [code] <?php //Start session session_start(); //Check whether the session variable SESS_MEMBER_ID is present or not if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) { header("location: access-denied.php"); exit(); } ?> [/code] Quote Share this post Link to post Share on other sites
dans kam 39 Report post Posted June 16, 2010 (edited) Salam... Kat mana perkaitan dua fail tu? kat fail pro_log.php, include tu dicommented. Cuma tertanya2... Maybe ko boleh clearkan lg pasal masalah atau code ko tu.. Edited June 16, 2010 by dans kam Quote Share this post Link to post Share on other sites
lady_rysher 0 Report post Posted June 16, 2010 hehehe...yg banyak komen tu ssb dok try macam2...tu yg terkomen sane sini tu.. camni fist pagenye login-form.html...then proses form nye pro_log.php...then untuk fail session auth.php.....ni sebenarnye coding amik dari intenet...asalnye takde access level...tp di tambah access levelnye..ok ni coding original nye [code] <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); //idpengguna $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Sila masukan Id Pengguna!'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Sila masukkan Katalaluan!'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM staff WHERE ID_Pengguna='$login' AND Kata_Laluan='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['ID_Staff']; $_SESSION['SESS_FIRST_NAME'] = $member['Nama']; //$_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: syarat_wajib.php"); exit(); }else { //Login failed header("location: login_gagal.php"); exit(); } }else { die("Query failed"); } ?> [/code] yg di bawah ni lak coding yg dh dimodified dengan meletakan access level [code] <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); //idpengguna $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Sila masukan Id Pengguna!'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Sila masukkan Katalaluan!'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM staff WHERE ID_Pengguna='$login' AND Kata_Laluan='".md5($_POST['password'])."'"; $result=mysql_query($qry); $mysql=mysql_fetch_array($result); $usertype=$mysql['Tahap_Capaian']; $num=mysql_num_rows($result); //Check whether the query was successful or not if($result) { if($result && $num==1){ //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); echo $_SESSION['SESS_MEMBER_ID'] = $member['ID_Staff']; echo $_SESSION['SESS_FIRST_NAME'] = $member['Nama']; session_write_close(); //header("location: syarat_wajib.php"); //exit(); //include("auth.php"); //include("Index.php"); if($usertype=="1"){ echo $usertype; //echo'<meta http-equiv="refresh" content="0;URL=../skp/syarat_wajib.php">'; } if($usertype=="2"){ echo'<meta http-equiv="refresh" content="0;URL=../skp/staff_baru.php">'; } }else { //Login failed header("location: login_gagal.php"); exit(); } }else { die("Query failed"); } ?> [/code] masalahnya sekarang ni yg dekat session_regenerate_id() tu...dia tak leh nk generate id..agak faham dak prob saye ni.. Quote Share this post Link to post Share on other sites
slier 28 Report post Posted June 16, 2010 aku tgk ok jer kod tu Quote Share this post Link to post Share on other sites
BasicCX 27 Report post Posted June 16, 2010 (edited) [code] if($result && $num==1){[/code] Kenapa ada ni: [b]&& $num==1[/b]? data dalam table ada berapa baris? Ni la kemungkinan, penyebab admin sahaja boleh akses. Edited June 16, 2010 by BasicCX Quote Share this post Link to post Share on other sites
slier 28 Report post Posted June 17, 2010 [quote name='BasicCX' date='17 June 2010 - 07:07 AM' timestamp='1276729635' post='1037394'] [code] if($result && $num==1){[/code] Kenapa ada ni: [b]&& $num==1[/b]? data dalam table ada berapa baris? Ni la kemungkinan, penyebab admin sahaja boleh akses. [/quote] $num mesti sama dengan 1 sebab username mesti unik $num == 1 user has been found $num == 0 user not found Quote Share this post Link to post Share on other sites
lady_rysher 0 Report post Posted June 17, 2010 ok...mmang username unik...kire sy kene change code tu jd gini ke? [code] if($result) { if($result==1){ if($num==1){ //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id_staff']; $_SESSION['SESS_FIRST_NAME'] = $member['Nama']; session_write_close(); if($usertype=="1"){ echo $usertype; echo'<meta http-equiv="refresh" content="0;URL=../skp/syarat_wajib.php">'; } if($usertype=="2"){ echo'<meta http-equiv="refresh" content="0;URL=../skp/staff_baru.php">'; } }else { //Login failed header("location: login_gagal.php"); exit(); } } }else { die("Query failed"); } [/code] tp kali ni langsung tak jd pe...page statik...tak pi mane2 pun...hadeh.. Quote Share this post Link to post Share on other sites
slier 28 Report post Posted June 17, 2010 (edited) aku tgk kod ko ok je aku test ok je [code]<?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } if($_POST) { //Sanitize the POST values $login = clean($_POST['login']); //idpengguna $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Sila masukan Id Pengguna!'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Sila masukkan Katalaluan!'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; header("location: login-form.php"); exit(); } //Create query $qry = "SELECT * FROM staff WHERE ID_Pengguna='$login' AND Kata_Laluan='".md5($_POST['password'])."'"; $result = mysql_query($qry); //Check whether the query was successful or not if($result) { $num = mysql_num_rows($result); if($num == 1) { $member = mysql_fetch_array($result); $usertype = $member['Tahap_Capaian']; //Login Successful //session_regenerate_id(); //$member = mysql_fetch_assoc($result); //echo $_SESSION['SESS_MEMBER_ID'] = $member['ID_Staff']; //echo $_SESSION['SESS_FIRST_NAME'] = $member['Nama']; //session_write_close(); //header("location: syarat_wajib.php"); //exit(); //include("auth.php"); //include("Index.php"); if($usertype == 1 ) { echo'<meta http-equiv="refresh" content="0;URL=../skp/syarat_wajib.php">'; } if($usertype == 2) { echo'<meta http-equiv="refresh" content="0;URL=../skp/staff_baru.php">'; } } else { //Login failed header("location: login_gagal.php"); exit(); } } else { die("Query failed"); } } ?>[/code] Edited June 17, 2010 by slier Quote Share this post Link to post Share on other sites
lady_rysher 0 Report post Posted June 17, 2010 aik...ni yg muskil ni...aku dok try asyik access denied je... Quote Share this post Link to post Share on other sites
Kuzie 0 Report post Posted June 21, 2010 haa... haa... xtahu...hehehe Quote Share this post Link to post Share on other sites
dans kam 39 Report post Posted June 21, 2010 (edited) hm... konfius jugak aku tgk.. tapi.... ko kata access denied? 1. adakah bermakna fail xdpt akses? 2. ataupun dia redirect ke page login_gagal.php? Kalo no 1 tu maybe masalah fail permission.. Kalo no 2 tu, kalo tgk kat condition tu, masalahnye ($num == 0) bersamaan dgn xde user yg berkenaan dlm db.. masih mencari-cari.. Edited June 21, 2010 by dans kam Quote Share this post Link to post Share on other sites
johnburn 6 Report post Posted June 28, 2010 [quote name='lady_rysher' date='17 June 2010 - 10:35 AM' timestamp='1276742112' post='1037425'] ok...mmang username unik...kire sy kene change code tu jd gini ke? [code] if($result) { if($result==1){ if($num==1){ //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id_staff']; $_SESSION['SESS_FIRST_NAME'] = $member['Nama']; session_write_close(); if($usertype=="1"){ echo $usertype; echo'<meta http-equiv="refresh" content="0;URL=../skp/syarat_wajib.php">'; } if($usertype=="2"){ echo'<meta http-equiv="refresh" content="0;URL=../skp/staff_baru.php">'; } }else { //Login failed header("location: login_gagal.php"); exit(); } } }else { die("Query failed"); } [/code] tp kali ni langsung tak jd pe...page statik...tak pi mane2 pun...hadeh.. [/quote] yg ni mmg la static xpergi mana2 sbb lady ada buat check [b]if($result==1){[/b] $result xkan sama dgn satu sbb $result tu simpan data yg diquery dan ia dlm bntuk array still xjd lg ke bnda ni? aku rasa aku dh tau apa yg problem kt sini tp nk tggu lady post code yg terlatest yg dia tgh try dh keliru xtau mana satu yg dia nk rjuk untk bt pembetulan Quote Share this post Link to post Share on other sites