I am using a log-in script called Member Manager. When users sign-up they choose between paid member or free member, then when they log-in, they are directed to a menu page where they can Change Password, Edit Profile, Log out or View Content Page. I'd like it so that when a free member logs-in, that type of member can have all those choices, but only have access to a certain Content Page. And when a paid member logs-in he can have all the menu choices but only access a different Content page. Can someone tell me how this might be accomplished? I'm providing the log-in page, for possible modification. Is there another page someone may want to look at to help me out? Thanks. <?php global $error_message; ?> <TABLE width="100%" height="100%"> <form method="POST" action="index.php"> <tr> <td width="25%" height="70%" valign="top" > </td> <td width="80%" valign="top" > <table cellpadding="1" width="75%"> <tr><td> </td></tr> <tr><td> </td></tr> <tr><td colspan="3" width="100%" class='hLine' ><SPAN class='pageTitle'>Login</span></td></tr> <input class='field' type='hidden' name='command' value='account'> <input class='field' type='hidden' name='param' value='login'> <tr><td colspan='3' class='pageTitle'></td></tr> <tr><td> </td></tr> <tr> <td width='25%' class='fieldLabel'>User name</td> <td width="25%"><input class='field' type='text' size='30' maxlength="30" name='user_name' value='[user_name]'></td> <td width="10%" class='errorMessage'> </td> </tr> <tr> <td class='fieldLabel'>Password</td> <td><input class='field' type='password' size='30' maxlength="30" name='password' ></td> <td class='errorMessage'> </td> </tr> </tr> <tr><td> </td></tr> <tr><td colspan='3' align='center'> <span class='errorMessage'>[error_message]</span></td></tr> <tr><td> </td></tr> <tr><td> </td></tr> <tr><td colspan='3' ><div class='hLine'></div></td></tr> <tr><td colspan='3' align="right"><input class='button' type='submit' value='Login'></td></tr> </table> </td></tr> </form> Code (markup):
the registration form has nothing to do with the processing of it. i assume that is what you have shown. but for a rough overview of what to do assuming that you have an understanding oh php. submit form process.php: <?php $sql = "select username, password, userlevel, name, foo, bar from users where username='".$_POST['username']."' and password = '".md5($_POST['password'])."'"; $result = mysql_query($sql) or die( mysql_error() ); if ( mysql_num_rows($result) == 0) // user not found send error die("invalid username or password"); // generic error $row = mysql_fetch_row($result); $level = $row[2]; if ( $level == 1) // free user include("inc/free_user.inc.php"); else if ( $level == 2) // paid user include("inc/paid_user.inc.php"); else // got a user level other than 1 or 2 do_soemthing(); ?> PHP:
When a user logs in, store their access level in the session. When it comes time to render a page, just reference the session variable to decide if the link should be visible or not. My user sessions typically include their id, the username and the access level. Most database functions use the id but the username is typically displayed. Also, when doing this sort of thing, it's a good idea to verify the access level in the included pages so that nonpaid users can't access exclusive paid user pages.