Login Access Levels

Question

Dear David Power,Firstly let me appreciate you for your very good written tutorials. I am actually not a web developer but my wish is to learn it, Since last couple of Years, I am trying to learn and create a simple website but still at the initial stage and could not get succeeded, I might be a dumb person but well I am also courageous that I did not surrender yet.I read your 'First Dynamic Website Tutorial' in which you have taught us login without access levels, I viewed few tutorials from Youtube and learnt about access levels. Now, I have created 2 tables in xampp 'users' & 'news'. If I want to give access to Admin to update/delete news and also to manage users but Users can only view and update their email or password. means i need to assign access levels. I assigned 2 as default level for users and 1 for admin.both were working fine, then I actually don't know what happened, my admin denied to get login, while user is perfectly working and arrive me at user control panel. I tried and removed Recordset and Restrict page access from Admin Control Panel and added it again But still admin login do not works.In the login Page I mentioned table name as users and if Login Succeed go to Page "User Account pannel" while if failed go to "LoginFailed" and access level as "Userlevel" colums in users table.Now, it takes Users to User Account Pannel but to admin it takes to LoginFailed page.This is more than a week I could not solve this  David, could you please help me in this? what could be a possible reason which I should check, and/or what could be a possible solution to resolve this login issue? OR could you please give me any PHP or Javascript code to assign access levels to users and admin? please....Regards,

osgood_ · Accepted Answer

David_Powers wrotehttps://forums.adobe.com/people/Nancy+OShea , osgood_, and BenPleysier are all right: Dreamweaver's PHP server behaviors are no longer fit for purpose. Do not use them. If you like my style of teaching, but can't afford a subscription to lynda.com, try to get hold of a copy of my PHP Solutions, 3rd Edition, published by Apress. It's not expensive, and you can probably find a second-hand copy.I've not been active in these forums for several months for personal reasons. I do intend to come back eventually, but not just yet.Nice to see you're still around David and hope whatever is keeping you away eventually resolves itself in a positive way.It would'nt be difficult to direct an Admin user to an Admin Section of the website and a Non-Admin-User to a different section of the website based on what access level they have been assigned in the database.Using mysqli below. Querying a database with the name 'users' and a table within that database with the name 'users'. In the users table there are 3 fields - username, password and userlevel where you set the userlevel to 1 for an admin and leave it blank for a non admin.Of couse this is just a simple example and principal of using mysqli, checking username and password are correct and what level of access the user has and sending them to the appopriate section. In the instance below the password in NOT encrypted in the database but it should be which would bring a new set of problems when checking the password against the form field input. If you are using php 5.5 or greater you can use the php password_verify function, PHP: password_verify - Manual which would be reasonably easy to incorporate into the code.Of course this would also have a knock on effect as you would need to remove any DW server behaviours you have used on the internal pages which effect the login being verified and replace that with a simple bit of php code that redirects back to the login page if $_SESSION['username'] is not set. That is set once the username and password has been checked against those held in the database and are verified as correct - $_SESSION['username'] = $username;real_escape_string((trim($_POST['username']));$sql = 'SELECT * FROM users';$result = $conn->query($sql) or die($conn->error);while ($row = $result->fetch_assoc()) {if ($row['username'] == $username && $row['userlevel'] == 1 && $row['password'] == trim($_POST['password'])) {$_SESSION['username'] = $username;// Redirect to admin users to specific page if login successfulheader('Location: http://www.bbc.co.uk');}elseif ($row['username'] == $username && $row['password'] == trim($_POST['password'])) {$_SESSION['username'] = $username;// Redirect non-admin users to specific page if login successfulheader('Location: http://www.itv.co.uk');}else {// If username and password don't match then asign a message to a variable$response = "Sorry you do not have permission to access this website";}}}?>Secure Login

Login Username

Nancy OShea · Answer

The "First Dynamic Website" tutorial is many years old and not entirely relevant for modern PHP & MySQL users. Ir relies on the deprecated Server Behavior Panels which Adobe removed from DW in 2013 for very good reasons. The code is neither secure or supported in PHP 7. You should not use the old Server Behavior Panels for modern projects.

If you want to learn modern coding methods , David Powers has some excellent PHP video tutorials on Lynda.com.

David Powers — Online Courses, Classes, Training, Tutorials on Lynda

Lynda.com charges a subscription rate but they have quality control standards that YouTube does not have. So you get what you pay for.

Nancy

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded