user login system for other pages too

[koelkast]

YaBB SE Version: 1.5.1 RC1
PHP Version: 4.3.1
MySQL Version: 3.23.x
Server Platform: Windows
Link to Forum:

Problem Description:
Hi. I want to use the login system of YabbSE for one of the pages of my site too.
I tried many things but it still doesn't work. Now, what do I want:
On a php-page some code that checks whether the visitor is a guest, or a member of "administrators" or a member of "global moderators" or member of "trusted persons" or just a member. If the visitor is just a member or guest and not admin, g-mod or trusted-person they get an error.
So the page isonly available to a few membergroups. Can I find this code anywhere or does anybody know how to create this?

[Metho]

Look at SSI.php. Or go to http://www.youraddress.com/yourforum/ssi_examples.php . Makes life a lot easier.

Methonis

[koelkast]

I've already seen this page and script but if I put such a login on my page, it doesn't look at the membergroup. There is a function <login> or something but that redirects you to the forum

I found this script on the forum:

Code Select Expand

<?phpinclude_once ("Settings.php");include_once ("Subs.php");include_once ("Load.php");LoadCookie();if ($username == 'Guest') {  header("Location: http://www.yoursite.com/noEntry.php");  exit;}?>




But that only looks at the username and also not at the membergroup. What do I need to change to have it look at the membergroup?

[koelkast]

maybe this helps one of you? I  found this script in one of the templates and I think it askes for the membergroup. I tried it with echo but it doesn't give the variable $membergoup but I think something is missing...

   // Load membergroups
   $request = mysql_query("SELECT membergroup FROM {$db_prefix}membergroups WHERE 1 ORDER BY ID_GROUP") or database_error(__FILE__, __LINE__);
   $membergroups = array();
   while ($row = mysql_fetch_row($request))
      $membergroups[] = $row[0];
   echo $membergroup;

[Metho]

To check you'd just do something like:

if ($settings[7] == 'Administrator || $settings[7] == 'Global Moderator' || $settings[7] = ='Trusted Persons')
{
do your redirect to special access
}
else
{
No entry
}

Methonis

[koelkast]

Parse error: parse error, unexpected T_GLOBAL  

What can I try...

[Metho]

Will have to global $settings probably.

Methonis

[koelkast]

to global  

[Metho]

Something like:

<?PHP
global $settings;

if ($settings[7] == 'Administrator || $settings[7] == 'Global Moderator' || $settings[7] = ='Trusted Persons')
{
header("Location: http://www.yourdomain.com/good.php");
exit;
}
else
{
header("Location: http://www.yourdomain.com/bad.php");
exit;
}

Sorta like that. Dunno if that would actually work or not though.

Methonis

[koelkast]

That doesn't work, it always terurns bad.php  

I found another script but that also returns the echo 'error'. What's wrong with this?

Code Select Expand

$username = mysql_escape_string($_GET['username']);
$md5_passwrd = md5_hmac($_GET['password'], strtolower($username));

include_once('forum/Settings.php');

$dbcon = mysql_connect($db_server, $db_user, $db_passwd) or
die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());

$result = mysql_query('SELECT passwd, memberGroup FROM '.$db_prefix.'members WHERE memberName=\''.$username.'\'');

if(mysql_num_rows($result) > 0)
{
 $data = mysql_fetch_row($result);

 if ($data[0] != $md5_passwrd)
 {
    if ($data[0] == crypt($_GET['password'], substr($_GET['password'], 0, 2)) || $data[0] == md5($_GET['password']))
    {
         if($data[1] == 'Administrator' || $data[1] == 'Global Moderator')
          echo '2';
       else
          echo '1';
   }
    else
   {
          echo '0';
   }
 }
 else if($data[0] == $md5_passwrd)
 {
   if($data[1] == 'Administrator' || $data[1] == 'Global Moderator')
     echo '2';
   else
     echo '1';
 }
 else
   echo '0';
}
else
 echo 'error';

[Metho]

Yes, I was pretty sure mine wouldn't work, it was to give you the correct if statement and redirects. That code you just posted is an utter overkill and not needed. Just do this. This is tested and it works.

Code Select Expand

<?PHP
global $settings;
include_once ("/path/to/your/forum/Settings.php");
include_once ("/path/to/your/forum/Sources/Subs.php");
include_once ("/path/to/your/forum/Sources/Load.php");
LoadCookie();

if ($settings[7] == 'Administrator' || $settings[7] == 'Global Moderator' || $settings[7] == 'Trusted Persons')
{
header("Location: http://www.yourdomain/good.php");
exit;
}
else
{
header("Location: http://www.yourdomain.com/bad.php");
exit;
}
?>

[koelkast]

Well I tried your code, but the strange fact is that this script also returns bad.php every time, even when I'm admin or global mod.
So no error or something like that, simply always 'bad'.

/edit deleted nonsense

[Douglas]

And now, for the way I do this on my site...  may not be the best, but it works nicely...

Code Select Expand

<? require('/home/douglas/subsites/fff/forums/SSI.php');  
$DB[hostname] = "localhost";
$DB[username] = "mysqluser";
$DB[password] = "mysqlpass";
$DB[dbname] = "databasename";
$connection = mysql_connect ($DB[hostname], $DB[username], $DB[password]) or die ("Could not connect to the server.  The following error has occurred <b>" . mysql_error() . "</b>");
$db = mysql_select_db ($DB[dbname]);

global $username, $ID_MEMBER;
if ($username == "Guest") { DoLogIn(); exit(); }
$query = mysql_query("select emailAddress, memberGroup from yse_members where ID_MEMBER = '$ID_MEMBER'");
$result = mysql_fetch_array ($query); list ($email, $group) = $result;
if ($group == "Banned") { echo "We're sorry, but this account has been disabled.&nbsp; If you feel that this is an error, please contact <a href=\"mailto:webmaster@mydomain?subject=Account Turned off for $user[name]\">Douglas</a>.&nbsp; Thank you. :)"; exit(); }
if (($group == "Administrator") || ($group == "Global Moderator") || ($group == "Moderator")) { header("Location: http://www.yourdomain/good.php");
exit; }

else

{ header("Location: http://www.yourdomain/bad.php");
exit; }Just the basics for you to start with.  I have that set in a lib.php file.  

[koelkast]

Fatal error: Call to undefined function: dologin() in x.php on line 11  

[Douglas]

Well, do you have that set up in your lib.php file?  Make it a function, or change dologin().  That's my exact code, it was put up so that you could see how I handle all of that stuff.  

Don't be afraid to explore and learn a little bit.  That's how I got started with PHP Development.