CodingForums.com - View Single Post

nani_nisha06 · 10-17-2012, 06:29 PM

Quote:

Originally Posted by Redcoder

You should introduce session variables to hold info on whether the user is an admin or not.

Like this

PHP Code:


			


//If user is admin

$_SESSION['user_type'] = 'admin';



//For normal users

$_SESSION['user_type'] = 'normal';

So here's how you'd implement it:

PHP Code:


			


<?php session_start(); ?>

<?php

$host="localhost"; // Host name 

$username="naveen"; // Mysql username 

$password="1234"; // Mysql password 

$db_name="testdata"; // Database name 

$tbl_name="test"; // Table name 



// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 

mysql_select_db("$db_name")or die("cannot select DB");



// username and password sent from form 

$myusername=$_POST['myusername']; 

$mypassword=$_POST['mypassword']; 



// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

function DoubleSaltedHash($pass, $salt) {

    return sha1($salt.sha1($salt.sha1($pass)));

}

$path = "wrong.php";

$usercond = true;

preg_match("/^\w{2,10}$/", $myusername,$match);

$row = 0;

if (!empty($match[0]))

{

     $sql="SELECT * FROM `".$tbl_name."` WHERE username='$myusername'";

    

    $result=mysql_query($sql);

    $row=mysql_fetch_assoc($result);

    $mypassword = mysql_real_escape_string(DoubleSaltedHash($mypassword,$row['salt']));

    if($mypassword != $row['password'])

        $row = 0;

}



//echo "SDFSD". $row ;exit;

if (  !empty($row) > 0) 

{

    $_SESSION['myusername']=$myusername;// Register $myusername, $mypassword and redirect to file "login_success.php"

    



    if($row['usertype']==1)  //normal user

    {

        $path = "main.php";

      

        $_SESSION['user_type'] = 'normal';

                

    }

    elseif($row['usertype']==0) //admin

    { 

        $path ="/MYM/admin/admin_main.php";

            

        $_SESSION['user_type'] = 'admin';   

    }

}

header("Location: ".$path);





?>

And then on top of admin PHP script write this:

PHP Code:


			
<?php



session_start();



if($_SESSION['user_type'] != 'admin') //If not admin

{



        header("Location: main.php"); ..Redirect to main.php



}



//The rest of the admin.php code here



?>

Thanks Redcoder.....This worked like a charm...

by the way any comments on the way I am planning to learn?