creating an admin page with an existing login script
Posted: Thu Dec 15, 2011 10:33 pm
Hey everyone!
I am creating an admin section to a website so the administrator can post, update and delete blog posts and comments. However, I am having trouble figuring out how to do this. I want to simply add some code to a previous log in script I had created in php and simply write an admin script to identify the session value of the admin and redirect them to the admin page and the users who log in who do not have to admin capability, to simply view the page as a user.
here is the login script labeled:
checkuser.php
and here the admin.php:
I hope this helps!! Thanks!!
I am creating an admin section to a website so the administrator can post, update and delete blog posts and comments. However, I am having trouble figuring out how to do this. I want to simply add some code to a previous log in script I had created in php and simply write an admin script to identify the session value of the admin and redirect them to the admin page and the users who log in who do not have to admin capability, to simply view the page as a user.
here is the login script labeled:
checkuser.php
Code: Select all
<?php
session_start();
$host="************"; // Host name
$username="*******"; // Mysql username
$password="************"; // Mysql password
$db_name="*********"; // Database name
$tbl_name="*******"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='0'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==0){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("location: user-area.php");
}
else {
echo "Wrong Username or Password";
}
?>Code: Select all
<?php
$host="********"; //host name
$username="********"; //Mysql username
$password="***********"; //Mysql password
$db_name="**********"; //Database name
$tbl_name="********"; //Table name
mysql_connect("$host", "$username", "$password") or die("Cannot connect!");
mysql_select_db("$db_name") or die("Cannot connect to db!");
$get = mysql_query("SELECT * FROM users WHERE username='$username'");
while($row = mysql_fetch_assoc($get))
{
$admin = $row['user_level'];
}
if ($admin == 0) {
echo "This is not an admin page";
exit();
}
if ($admin == 1) {
echo "This is an admin page";
exit();
}
?>