Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 44
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 44
Warning: Cannot modify header information - headers already sent by (output started at /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php:6) in /home/content/y/a/n/yankeefaninkc/html/argyle/backstage.php on line 64
What I want to do is have it do the check to check the authlevel of the user and then if he's 1 then have it bring up the user control panel and if its a 2 then have it bring up the admin control panel.
This is my code:
Code: Select all
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Backstage V1 Administration Console</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<?php include('backstage.css'); ?>
</head>
<?php
require ('database.php');
//if the login form is submitted
if(isset($_POST['login']))
{
// makes sure they filled it in
if(!$_POST['username'] || !$_POST['pass'])
{
die('You did not fill in a required field.');
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0)
{
die('That user does not exist in our database.');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = md5(stripslashes($_POST['pass']));
$info['password'] = stripslashes($info['password']);
//$_POST['pass'] = md5($_POST['pass']); THIS IS DONE IN THE ABOVE STATEMENT
//gives error if the password is wrong
if ($_POST['pass'] != $info['password'])
{
die('Incorrect password, please try again.');
}
else
// if login is ok then we add a cookie and send them to the correct page
{
$_POST['username'] = stripslashes($_POST['username']);
session_start();
$_SESSION['username'] = $_POST['username'];
$_SESSION['loggedin'] = time();
// Finds out the user type
$query = "SELECT `authlevel` FROM `users` WHERE `username` = '" . $username . "'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$authLevel = $row['authlevel'];
$_SESSION['authlevel'] = $authLevel;
// Sends them to correct page after login
if($authLevel == "2")
{
$page = "admin.php";
}
else
{
$page = "backstage.php";
}
header("Location: $page");
}
}
}
else
{
// if they have not submitted the form
?>
<body>
<div id="login">
<center>
<h1>KOW Backstage</h1><br>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>Username:</p>
<input type="text" name="username" maxlength="40" size="40">
<br><br>
<p>Password:</p>
<input type="password" name="pass" maxlength="50" size="40">
<br><br>
<input type="submit" name="login" value="Login >>"><br><br>
</form>
</center>
</div>
</body>
</html>
<?php
}
?>