PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am creating an admin section to a website so the administrator can post, update and delete blog posts and comments. However, I am having trouble figuring out how to do this. I want to simply add some code to a previous log in script I had created in php and simply write an admin script to identify the session value of the admin and redirect them to the admin page and the users who log in who do not have to admin capability, to simply view the page as a user.
<?php
session_start();
$host="************"; // Host name
$username="*******"; // Mysql username
$password="************"; // Mysql password
$db_name="*********"; // Database name
$tbl_name="*******"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='0'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==0){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("location: user-area.php");
}
else {
echo "Wrong Username or Password";
}
?>
<?php
$host="********"; //host name
$username="********"; //Mysql username
$password="***********"; //Mysql password
$db_name="**********"; //Database name
$tbl_name="********"; //Table name
mysql_connect("$host", "$username", "$password") or die("Cannot connect!");
mysql_select_db("$db_name") or die("Cannot connect to db!");
$get = mysql_query("SELECT * FROM users WHERE username='$username'");
while($row = mysql_fetch_assoc($get))
{
$admin = $row['user_level'];
}
if ($admin == 0) {
echo "This is not an admin page";
exit();
}
if ($admin == 1) {
echo "This is an admin page";
exit();
}
?>
<?php
if ($admin == 0) {
echo "This is not an admin page";
exit();
}
if ($admin == 1) {
echo "This is an admin page";
exit();
}
?>
You need to regenerate the sessions before redirecting the individual users; replace the echo statements with header('location: desiredPage.php') and it should redirect the users as required. This should probably be on the same page as your initial logging, so you can check there and redirect in one motion.
Hth
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
<?php
$host="********"; //host name
$username="********"; //Mysql username
$password="***********"; //Mysql password
$db_name="**********"; //Database name
$tbl_name="********"; //Table name
mysql_connect("$host", "$username", "$password") or die("Cannot connect!");
mysql_select_db("$db_name") or die("Cannot connect to db!");
$get = mysql_query("SELECT * FROM users WHERE username='$username'")
?>
Just one question; you use the $username value you use within the query, where do you find that value? At the moment it looks like you are using the same value as the mysql username
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
You could move the database connection to a separate page an include it and for clarity's sake change the one of the password variable names, maybe to $dbUsername
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
<?php
$db_host="******"; // Host name
$db_username="*******"; // Mysql username
$db_password="*********"; // Mysql password
$db_name="*********"; // Database name
// Connect to server and select databse.
mysql_connect("$db_host", "$db_username", "$db_password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
?>
<?php
$sql = mysql_query("SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."' AND activated = 0");
die(mysql_error());
// change to
$sql = mysql_query("SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."' AND activated = 0") or die(mysql_error());
?>
It is probably the call to die() that's causing the blank page
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
that did fix the blank page issue however, I am still back to the incorrect username issue..which I know I put the correct username as it says in the database...
<?php
$user = $_SESSION['username'];
//connect to db
$connect = mysql_connect('127.0.0.1','root','');
mysql_select_db('member');
$get = mysql_query("SELECT * FROM `users` WHERE user_level='1' AND user_level='0'");
while($row = mysql_fetch_assoc($get))
{
$admin = $row['user_level'];
}
if ($admin == 0) {
echo "<a href='login.php'>Log in</a> | <a href='logout.php'>Log out</a>
<h1>This is not an admin page</h1>";
exit();
}
if ($admin == 1) {
echo "<a href='login.php'>Log in</a> | <a href='logout.php'>Log out</a>
<h1>This is an admin page<h1>";
exit();
}
?>
the error that shows in the admin.php is this: "Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\Program Files (x86)\EasyPHP-5.3.8.1\www\Sample\admin-page.php on line 18"