rapturee
02-28-2010, 04:26 AM
Hello,
Just wondering if I could pick your brains about a problem I'm having:
Its a simple login script which basically shows admin (1) a seperate page to that of a user (0).
So far I've got it to recognize isadmin 0 and take you to one page but even if you login as a user it still shows the same text "Hello, you are an admin." etc
Please help
Regards,
Dan
<?php
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());
//declares variable
$username=$_POST["username"];
$password = $_POST["password"];
$isadmin = $_POST["isadmin"];
$result = mysql_query ("SELECT * FROM users WHERE username = '$user' AND password = '$password'");
$q = mysql_query ("SELECT * FROM users WHERE isadmin = '$isadmin'");
if(mysql_num_rows($q)==1){
echo ("Hello, you are an admin. Click<a href=\"index.php/\">here to go back home</a>");
}
else if(mysql_num_rows($q)==0){
echo "Hello Normal user.";
}
?>
Just wondering if I could pick your brains about a problem I'm having:
Its a simple login script which basically shows admin (1) a seperate page to that of a user (0).
So far I've got it to recognize isadmin 0 and take you to one page but even if you login as a user it still shows the same text "Hello, you are an admin." etc
Please help
Regards,
Dan
<?php
//connect to db
$conn = mysql_connect("localhost", "blah", "blah") or die(mysql_error());
mysql_select_db("blah") or die(mysql_error());
//declares variable
$username=$_POST["username"];
$password = $_POST["password"];
$isadmin = $_POST["isadmin"];
$result = mysql_query ("SELECT * FROM users WHERE username = '$user' AND password = '$password'");
$q = mysql_query ("SELECT * FROM users WHERE isadmin = '$isadmin'");
if(mysql_num_rows($q)==1){
echo ("Hello, you are an admin. Click<a href=\"index.php/\">here to go back home</a>");
}
else if(mysql_num_rows($q)==0){
echo "Hello Normal user.";
}
?>