Thread: Admin page redirect
View Single Post
Old 10-17-2012, 03:49 PM   PM User | #13
Redcoder
Regular Coder

 
Redcoder's Avatar
 
Join Date: May 2012
Location: /dev/couch
Posts: 309
Thanks: 2
Thanked 46 Times in 45 Posts
Redcoder has a little shameless behaviour in the past
Quote:
Originally Posted by nani_nisha06 View Post
Redcoder,

With Your support I have change the above code as below, But now problem is when a normal user login in to his account he is successfully getting redirected to main.php now, if the same user enter the admin folder path he is successfully able to see all the admin features so, Now I want to block him go in to admin privilege.
You should introduce session variables to hold info on whether the user is an admin or not.

Like this
PHP Code:

//If user is admin
$_SESSION['user_type'] = 'admin';

//For normal users
$_SESSION['user_type'] = 'normal'
So here's how you'd implement it:

PHP Code:

<?php session_start(); ?>
<?php
$host="localhost"// Host name 
$username="naveen"// Mysql username 
$password="1234"// Mysql password 
$db_name="testdata"// Database name 
$tbl_name="test"// Table name 

// Connect to server and select databse.
mysql_connect("$host""$username""$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername stripslashes($myusername);
$mypassword stripslashes($mypassword);
$myusername mysql_real_escape_string($myusername);
function DoubleSaltedHash($pass$salt) {
    return sha1($salt.sha1($salt.sha1($pass)));
}
$path "wrong.php";
$usercond true;
preg_match("/^\w{2,10}$/"$myusername,$match);
$row 0;
if (!empty($match[0]))
{
     $sql="SELECT * FROM `".$tbl_name."` WHERE username='$myusername'";
    
    $result=mysql_query($sql);
    $row=mysql_fetch_assoc($result);
    $mypassword mysql_real_escape_string(DoubleSaltedHash($mypassword,$row['salt']));
    if($mypassword != $row['password'])
        $row 0;
}

//echo "SDFSD". $row ;exit;
if (  !empty($row) > 0
{
    $_SESSION['myusername']=$myusername;// Register $myusername, $mypassword and redirect to file "login_success.php"
    

    if($row['usertype']==1)  //normal user
    {
        $path "main.php";
      
        $_SESSION['user_type'] = 'normal';
                
    }
    elseif($row['usertype']==0//admin
    
        $path ="/MYM/admin/admin_main.php";
            
        $_SESSION['user_type'] = 'admin';   
    }
}
header("Location: ".$path);


?>
And then on top of admin PHP script write this:

PHP Code:
<?php

session_start();

if($_SESSION['user_type'] != 'admin'//If not admin
{

        header("Location: main.php"); //Redirect to main.php

}

//The rest of the admin.php code here

?>
__________________
For professional Hosting and Web design.....


NetEssentials.co.uk
Last edited by Redcoder; 10-17-2012 at 06:37 PM..
Redcoder is offline   Reply With Quote
The Following 2 Users Say Thank You to Redcoder For This Useful Post:
hujan (10-29-2012), nani_nisha06 (10-17-2012)