creating an admin page with an existing login script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

geneh18
Forum Newbie
Posts: 8
Joined: Thu Dec 15, 2011 10:08 pm

creating an admin page with an existing login script

Post by geneh18 »

Hey everyone!

I am creating an admin section to a website so the administrator can post, update and delete blog posts and comments. However, I am having trouble figuring out how to do this. I want to simply add some code to a previous log in script I had created in php and simply write an admin script to identify the session value of the admin and redirect them to the admin page and the users who log in who do not have to admin capability, to simply view the page as a user.

here is the login script labeled:
checkuser.php

Code: Select all

<?php
session_start();

$host="************"; // Host name 
$username="*******"; // Mysql username 
$password="************"; // Mysql password 
$db_name="*********"; // Database name 
$tbl_name="*******"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$username=$_POST['username']; 
$password=$_POST['password'];

// To protect MySQL injection 
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='0'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==0){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("location: user-area.php");
}
else {
echo "Wrong Username or Password";
}
?>
and here the admin.php:

Code: Select all

<?php

$host="********"; //host name
$username="********"; //Mysql username
$password="***********"; //Mysql password
$db_name="**********"; //Database name
$tbl_name="********"; //Table name

mysql_connect("$host", "$username", "$password") or die("Cannot connect!");
mysql_select_db("$db_name") or die("Cannot connect to db!");

$get = mysql_query("SELECT * FROM users WHERE username='$username'");
while($row = mysql_fetch_assoc($get)) 
{
	$admin = $row['user_level'];
}

if ($admin == 0) {
	echo "This is not an admin page";
	exit();
}
if ($admin == 1) {
	echo "This is an admin page";
	exit();
}
?>
I hope this helps!! Thanks!!
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: creating an admin page with an existing login script

Post by social_experiment »

Code: Select all

<?php
if ($admin == 0) {
        echo "This is not an admin page";
        exit();
}
if ($admin == 1) {
        echo "This is an admin page";
        exit();
}
?>
You need to regenerate the sessions before redirecting the individual users; replace the echo statements with header('location: desiredPage.php') and it should redirect the users as required. This should probably be on the same page as your initial logging, so you can check there and redirect in one motion.

Hth
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
geneh18
Forum Newbie
Posts: 8
Joined: Thu Dec 15, 2011 10:08 pm

Re: creating an admin page with an existing login script

Post by geneh18 »

I see your point. I put the session_start(); however, there is an error that states

"Notice: Undefined variable: username in C:\Program Files (x86)\EasyPHP-5.3.8.1\www\Sample\admin.php on line 9

Notice: Undefined variable: admin in C:\Program Files (x86)\EasyPHP-5.3.8.1\www\Sample\admin.php on line 15
This is not an admin page"

why am I getting the error undefined username when it is the same as it reads in the database as well as in the form on the login page?

How is the admin, not defined..it clearly is..or unless I'm missing something quite obvious..
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: creating an admin page with an existing login script

Post by social_experiment »

http://tycoontalk.freelancer.com/php-fo ... error.html
This url explains a bit more about the undefined variable error;

Code: Select all

<?php
$host="********"; //host name
$username="********"; //Mysql username
$password="***********"; //Mysql password
$db_name="**********"; //Database name
$tbl_name="********"; //Table name

mysql_connect("$host", "$username", "$password") or die("Cannot connect!");
mysql_select_db("$db_name") or die("Cannot connect to db!");

$get = mysql_query("SELECT * FROM users WHERE username='$username'")
?>
Just one question; you use the $username value you use within the query, where do you find that value? At the moment it looks like you are using the same value as the mysql username
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
geneh18
Forum Newbie
Posts: 8
Joined: Thu Dec 15, 2011 10:08 pm

Re: creating an admin page with an existing login script

Post by geneh18 »

i find that value in the login.php file where the name=username in the input field for username for the login.php
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: creating an admin page with an existing login script

Post by social_experiment »

You could move the database connection to a separate page an include it and for clarity's sake change the one of the password variable names, maybe to $dbUsername
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
geneh18
Forum Newbie
Posts: 8
Joined: Thu Dec 15, 2011 10:08 pm

Re: creating an admin page with an existing login script

Post by geneh18 »

I did both as you suggested @socal_experiment and when I submit the form again, it shows up with a blank page and the page goes to checkuser.php
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: creating an admin page with an existing login script

Post by social_experiment »

Can you paste the new code
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
geneh18
Forum Newbie
Posts: 8
Joined: Thu Dec 15, 2011 10:08 pm

Re: creating an admin page with an existing login script

Post by geneh18 »

here is the checkuser.php

Code: Select all

<?php
session_start();
include('config.php');

// username and password sent from form 
$username = stripslashes($_POST['username']); 
$password = stripslashes($_POST['password']);

$sql = mysql_query("SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."' AND activated = 0");

die(mysql_error());


$numrows = mysql_num_rows($sql);
$query = mysql_fetch_array($sql);

if ($numrows > 0) 
{
      
   $_SESSION['username'] = $username;
   $_SESSION['password'] = $password;
   
   echo 'You are logged in as '.$_SESSION['username'].' Click <a href="logout.php">here</a> to log out!';
}
else
{
      if ($username!=$query['username']) 
      {
         echo 'Incorrect username';
      }
      elseif ($password!=$query['password']) 
      {
         echo 'Incorrect password';
      }
      else 
      {
         echo 'Incorrect username and passord!';
      }
}

?>
and here is the config.php

Code: Select all

<?php

$db_host="******"; // Host name 
$db_username="*******"; // Mysql username 
$db_password="*********"; // Mysql password 
$db_name="*********"; // Database name 

// Connect to server and select databse.
mysql_connect("$db_host", "$db_username", "$db_password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");


?>
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: creating an admin page with an existing login script

Post by social_experiment »

Code: Select all

<?php
$sql = mysql_query("SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."' AND activated = 0");
die(mysql_error());
// change to
$sql = mysql_query("SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."' AND activated = 0") or die(mysql_error());
?>
It is probably the call to die() that's causing the blank page
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
geneh18
Forum Newbie
Posts: 8
Joined: Thu Dec 15, 2011 10:08 pm

Re: creating an admin page with an existing login script

Post by geneh18 »

that did fix the blank page issue however, I am still back to the incorrect username issue..which I know I put the correct username as it says in the database...
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: creating an admin page with an existing login script

Post by social_experiment »

Code: Select all

<?php
if ($username!=$query['username']) 
      {
         echo 'Incorrect username';
      }
?>
Are you referring to this section of the code? Print out $username and $query['username'] to see what information they contain
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
geneh18
Forum Newbie
Posts: 8
Joined: Thu Dec 15, 2011 10:08 pm

Re: creating an admin page with an existing login script

Post by geneh18 »

now the check user just shows with a black page..even when I printed out $username..
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: creating an admin page with an existing login script

Post by social_experiment »

geneh18 wrote:now the check user just shows with a black page..even when I printed out $username..
From the results you report back $username contains no information; what does the code for the submission form look like?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
geneh18
Forum Newbie
Posts: 8
Joined: Thu Dec 15, 2011 10:08 pm

Re: creating an admin page with an existing login script

Post by geneh18 »

Ok, I got the checkuser.php to work however I have an issue with the admin script
admin.php

Code: Select all

<?php

$user = $_SESSION['username'];

//connect to db
$connect = mysql_connect('127.0.0.1','root','');
mysql_select_db('member');

$get = mysql_query("SELECT * FROM `users` WHERE user_level='1' AND user_level='0'");
while($row = mysql_fetch_assoc($get)) 
{
	$admin = $row['user_level'];
}

if ($admin == 0) {
	echo "<a href='login.php'>Log in</a> | <a href='logout.php'>Log out</a>
		  <h1>This is not an admin page</h1>";
	exit();
}
if ($admin == 1) {
	echo "<a href='login.php'>Log in</a> | <a href='logout.php'>Log out</a>
		  <h1>This is an admin page<h1>";
	exit();
}
?>
the error that shows in the admin.php is this: "Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\Program Files (x86)\EasyPHP-5.3.8.1\www\Sample\admin-page.php on line 18"
Post Reply