I am trying to make some code so that only the admin can make changes to certain parts of the database. FOr example i have called the admin username david. Trying to make an if statement to say that if the username is called david go ahead with the changes, but if not , message saying not allowed. I am using session
the code
Code: Select all
<?php
//start the session
session_start();
header("Cache-control: private"); //IE 6 Fix
//check to make sure the session variable is registered
if(session_is_registered('username')){
//the session variable is registered, the user is allowed to see anything that follows
echo "Welcome, you are still logged in '$username'.";
}
else{
//the session variable isn't registered, send them back to the login page
header( "Location: login.php" );
}
if ('$username' != "david") {
echo "You are not authorised to make changes to the database";
} else {
$db =mysql_connect("","", "");
mysql_select_db("",$db) or die ("cannot connect to database");
$query = "INSERT INTO cars(make, engine,year,des,mot,price)
VALUES('".$_POST['make']."','".$_POST['engine']."','".$_POST['year']."','".$_POST['des']."'
,'".$_POST['mot']."','".$_POST['price']."')" ;
mysql_query($query);
}
?>Any help?
many thanks