Thread: Admin page redirect
View Single Post
Old 10-17-2012, 08:27 AM   PM User | #11
nani_nisha06
Regular Coder

 
Join Date: Oct 2012
Location: mother land --india
Posts: 159
Thanks: 37
Thanked 2 Times in 2 Posts
nani_nisha06 is an unknown quantity at this point
Quote:
Originally Posted by Redcoder View Post
Hmm...does the /MYM/main.php page exsist? If it doesn't exsist, .htacess rules may be written to redirect to index.html incase of a 404 error.

Also it could be just a simple case of /MYM/main.php has code that redirects to admin/index.html everytime. Try checking your main.php code and whether the file itself exsists.
Redcoder,

With Your support I have change the above code as below, But now problem is when a normal user login in to his account he is successfully getting redirected to main.php now, if the same user enter the admin folder path he is successfully able to see all the admin features so, Now I want to block him go in to admin privilege.

I know that my model is typically old model of thinking but as I am learner I have just started with this....so help me with any framework for this issues if you think I am still thinking wrong.

Code:
<?php session_start(); ?>
<?php
$host="localhost"; // Host name 
$username="naveen"; // Mysql username 
$password="1234"; // Mysql password 
$db_name="testdata"; // Database name 
$tbl_name="test"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
function DoubleSaltedHash($pass, $salt) {
    return sha1($salt.sha1($salt.sha1($pass)));
}
$path = "wrong.php";
$usercond = true;
preg_match("/^\w{2,10}$/", $myusername,$match);
$row = 0;
if (!empty($match[0]))
{
 	$sql="SELECT * FROM `".$tbl_name."` WHERE username='$myusername'";
	
	$result=mysql_query($sql);
	$row=mysql_fetch_assoc($result);
	$mypassword = mysql_real_escape_string(DoubleSaltedHash($mypassword,$row['salt']));
	if($mypassword != $row['password'])
		$row = 0;
}

//echo "SDFSD". $row ;exit;
if (  !empty($row) > 0) 
{
	$_SESSION['myusername']=$myusername;// Register $myusername, $mypassword and redirect to file "login_success.php"
	

	if($row['usertype']==1)  //normal user
	{
		$path = "main.php";
	}
	elseif($row['usertype']==0) //admin
	{ 
		$path ="/MYM/admin/admin_main.php";
	}
}
header("Location: ".$path);


?>
Last edited by nani_nisha06; 10-17-2012 at 08:34 AM..
nani_nisha06 is offline   Reply With Quote