CoolAsCarlito
12-19-2008, 10:03 PM
I have two user types. Admins and non members basically I have a field in my DB that says admin and will show a 1 or 2. If there is a 1 then they are an admin if there is a 2 there are NOT an admin.
How do I indentify that if the user is admin they should be seeing 0-5 an and non admins can only see 4 and 5 in my control panel?
<?php
//if the login form is submitted
if(isset($_POST['login']))
{
// makes sure they filled it in
if(!$_POST['username'] || !$_POST['pass'])
{
die('You did not fill in a required field.');
}
$username = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['pass']);
$check = mysql_query("SELECT * FROM users WHERE username = '".$username."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0)
{
die('That user does not exist in our database.');
}
while($info = mysql_fetch_array( $check ))
{
$pass = md5(stripslashes($_POST['pass']));
$info['password'] = stripslashes($info['password']);
//$_POST['pass'] = md5($_POST['pass']); THIS IS DONE IN THE ABOVE STATEMENT
//gives error if the password is wrong
if ($pass != $info['password'])
{
die('Incorrect password, please try again.');
}
else
// if login is ok then we add a cookie and send them to the correct page
{
$username = stripslashes($username);
session_start();
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = time();
// Finds out the user type
$query = "SELECT `admin` FROM `users` WHERE `username` = '" . $username . "'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$admin = $row['admin'];
$_SESSION['admin'] = $admin;
}
}
}
else
{
// if they have not submitted the form
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Language" content="en-us">
<meta name="language" content="en-us">
<title>Backstage V1 Administration Console</title>
<link rel=stylesheet href=backstage.css type=css media=screen>
<link rel=stylesheet href=backstage_print.css type=css media=print>
</head>
<body>
<div id=login>
<form method="POST" action="http://kansasoutlawwrestling.com/other/backstage.php">
<h1>KOW Backstage</h1>
<p><label>Username:<br><input type=text name=uname id=log tabindex=1></label></p>
<p><label>Password:<br><input type=password name=pword id=pwd tabindex=2></label></p>
<p style="text-align: center;"><input type=submit class=button name=submit id=submit value="Login »" tabindex=4></p>
</form>
</div>
</body>
</html>
<?php
}
?>
How do I indentify that if the user is admin they should be seeing 0-5 an and non admins can only see 4 and 5 in my control panel?
<?php
//if the login form is submitted
if(isset($_POST['login']))
{
// makes sure they filled it in
if(!$_POST['username'] || !$_POST['pass'])
{
die('You did not fill in a required field.');
}
$username = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['pass']);
$check = mysql_query("SELECT * FROM users WHERE username = '".$username."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0)
{
die('That user does not exist in our database.');
}
while($info = mysql_fetch_array( $check ))
{
$pass = md5(stripslashes($_POST['pass']));
$info['password'] = stripslashes($info['password']);
//$_POST['pass'] = md5($_POST['pass']); THIS IS DONE IN THE ABOVE STATEMENT
//gives error if the password is wrong
if ($pass != $info['password'])
{
die('Incorrect password, please try again.');
}
else
// if login is ok then we add a cookie and send them to the correct page
{
$username = stripslashes($username);
session_start();
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = time();
// Finds out the user type
$query = "SELECT `admin` FROM `users` WHERE `username` = '" . $username . "'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$admin = $row['admin'];
$_SESSION['admin'] = $admin;
}
}
}
else
{
// if they have not submitted the form
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Language" content="en-us">
<meta name="language" content="en-us">
<title>Backstage V1 Administration Console</title>
<link rel=stylesheet href=backstage.css type=css media=screen>
<link rel=stylesheet href=backstage_print.css type=css media=print>
</head>
<body>
<div id=login>
<form method="POST" action="http://kansasoutlawwrestling.com/other/backstage.php">
<h1>KOW Backstage</h1>
<p><label>Username:<br><input type=text name=uname id=log tabindex=1></label></p>
<p><label>Password:<br><input type=password name=pword id=pwd tabindex=2></label></p>
<p style="text-align: center;"><input type=submit class=button name=submit id=submit value="Login »" tabindex=4></p>
</form>
</div>
</body>
</html>
<?php
}
?>