creating an admin page problem
Posted: Mon Apr 11, 2005 7:32 am
I am new with PHP and i want to create an admin page but I guess the header does not work..can someone pls help me with this one...
Code: Select all
<?php
session_start();
include "conn.inc.php";
if (isset($_POST["submit"]))
{
$query = "SELECT username, password, id FROM admin WHERE username =
'" . $_POST["username"] . "' AND password = (password('" . $_POST["password"] .
"'));";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$admin_level = $row["id"];
if (mysql_num_rows($result) == 1)
{
$_SESSION["admin_logged"] = $_POST["username"];
$_SESSION["admin_password"] = $_POST["password"];
$_SESSION["id"] = $row["id"];
header ("Refresh: 5; URL=" . $_POST["redirect"] . "");
echo "You are being redirected to your original page request!<br>";
echo "(If your browser doesn’t support this, <a href=\"" .
$_POST["redirect"]. "\">click here</a>)";
}
else
{
?>
<html>
<head>
<title>Login</title>
</head>
<body>
Invalid Username and/or Password<br>
<form action="admin_login.php" method="post">
<input type="hidden" name="redirect" value="<?php echo
$_POST["redirect"];
?>">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
<?php
}
}
else
{
if ($_SERVER['HTTP_REFERER'] == "" || $_SERVER['HTTP_REFERER'] ==
"http://localhost/magazin/admin1/index.php" || $_SERVER['HTTP_REFERER'] ==
"http://localhost/admin1/")
{
$redirect = "/admin1/index.php";
}
else
{
$redirect = $_GET["redirect"];
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
Login below by supplying your username/password...<br>
<form action="admin_login.php" method="post">
<input type="hidden" name="redirect" value="<?php echo $redirect; ?>">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br><br>
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>
<?php
}
?>