PHP - Moved: Tabed Admin..

Hello I am trying to add an IF statement to my login script so that if the username entered is 'admin' it directs to 'adminpage.php

Here is my script:

<?php
include ("connection.php");


session_start();
// Collect data from form and save in variables
//See if any info was submitted 
$Username = $_GET['Username'];  
//Clean data - trim space 
$Username = trim ( $Username);  
//Check its ok - if not then add an error message to the error string 
if (empty($Username))  
    $errorString = $errorString."<br>Please supply Username.";
//See if any info was submitted 
$Password = $_GET['Password'];  
//Clean data - trim space 
$Password = trim ( $Password);  
//Check its ok - if not then add an error message to the error string 
if (empty($Password))  
    $errorString = $errorString."<br>Please supply Password.";        

//  Query to search the user table
 $query= "SELECT * FROM Users WHERE Username='$Username' AND  Password='$Password'";

// Run query through connection
  $result = mysql_query ($query); 

$row = mysql_fetch_assoc($result);

// if rows found set authenticated user to the user name entered 
if (mysql_num_rows($result) > 0) { 
$_SESSION["authenticatedUser"] = $Username;

$_SESSION['UserID'] = $row['UserID'];

// Relocate to the logged-in page
header("Location: loggedon.php");
} 
else
// login failed redirect back to login page with error message
{
$_SESSION["message"] = "Could not connect as $Username " ;
header("Location: login.php");
}
?>

Thank you

Any help would be greatly appreciated!


<?php
$host="localhost"; // Host name
$username="user"; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name


mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

 
$barcodeID=$_POST['barcode'];

echo $barcodeID;


$barcodeID = stripslashes($barcodeID);
$barcodeID = mysql_real_escape_string($barcodeID);


$sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'";




$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
$count=mysql_num_rows($result);


if($count==1){

$_SESSION['barcode'] = $barcodeSession;
$_SESSION['userlevel'] = $row['Priority'];   
   
if($row['userlevel'] == "Admin") {
header("location:AdminSection.php");
}else{
header("location:index.php");   
}   



header("location:LoggedIn.php");
}
else {   
header("location:index.php");   
}
?>




when the script has been run, I want it to redirect to either the user page or admin page depending on their priority level.

if Priority field == "Admin" then go to admin page.

Can you see anything missing?


Thank You

I get this error:


Code: [Select]
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\user\user.php on line 5


code:
user.php:
Code: [Select]
<?php

$get = (isset($_GET['id'])); //this means that user.php?id=1 would mean $get = 1. Note: This is not SQL Inject protected.
$users = mysql_query("SELECT * FROM users WHERE id='".$get."'");
while ($row = mysql_fetch_array($users)) 
{
echo '
Id = '.$row['id'].'
Name = '.$row['name'].'
Username = '.$row['username'].'
Password = '.$row['password'].'
Reg. on = '.$row['date'].'
';
}
 

?>

<html>
<body>
<form action='user.php' method='GET'>
Username: <input type='text' value=''>
<input type='submit' value='submit'>
</form>
<?php

//what goes here?

?>
</body>
</html>

Hi, I am new here 🙂

I have been learning PHP and am currently working on my own OOP MVC CMS.  I am up to the stage where I would like to start working on the admin area, but I am not sure how best to organise things.

Should I create admin specific Controllers and Models?

In Views, should I create a sub directory Admin, and place all admin view templates within it?

Are there any good books on OOP/MVC you would recommend?

 

 

 

Hey guys, I've set up a database with a login and logout script for my site..

There is a TINYINT value called admin and it either equals 1 or 0 depending on whether the user is an admin or not..

The registration script works perfectly to create the table value and the login script works fine for the site..

The question I had was if I wanted to add a link to the bottom of every page that said:

Go to Administration Panel and make it only viewable by ADMINS I figured this little script would work..


Here would be the end of the page:
Code: [Select]
  <br />
  <center>Copyright &copy 2010 <a href="http://www.website.com">www.WEBSITE.com</a></center>

  <?php include('includes/start_admincheck.php'); ?>
    <center><a href="<?php echo $homedir .'admin.php'; ?>">Go to Administration Panel</a></center>
  <?php include('includes/end_admincheck.php'); ?>

</body>

</html>
Inside start_admincheck.php I have:

(NOTE: $cUsername refers to a setcookie and $cAdmin does as well.. They are defined on my Variable page included at the top.)
Code: [Select]
<?php include('variables/variables.php'); ?>

<?php
  mysql_connect("$mysql_hostname", "$mysql_username", "$mysql_password") or die(mysql_error());
  mysql_select_db("$mysql_database") or die(mysql_error());

  if(isset($cUsername))
  {
    $check = mysql_query("SELECT * FROM users WHERE username = '$cUsername'")or die(mysql_error());

    while($info = mysql_fetch_array( $check ))
    {
      if (($cAdmin == 1) && ($info['admin'] == 1))
      {
?>
And this is the end_admincheck.php
Code: [Select]
<?php include('variables/variables.php'); ?>

<?php
      }

      else
        die(); 
    } 
  }
  else
    die();
?>
?>
I get this Parse error thrown at the bottom of the page:

Code: [Select]
Parse error: syntax error, unexpected $end in /*******/includes/start_admincheck.php on line 15
Naturally I would checkout line 15 in start_admincheck.php, but normally when I get an $end error it is the last line of the code and leaves me lost..

Something I'm missing guys?

As always, thanks in advance 

Hallo I have a problem. This is my code:

<?php include 'connect.php';
?>

<html>
<head>
<title>Admin Insert page!</title>
</head>
<body>
<?php
error_reporting(-1);ini_set('display_errors',1);
if (isset($_POST['submit'])){
$name = $_POST['name'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM users WHERE user='$name' AND password='$password'");
$num = mysql_num_rows($result);
if($num == 0){
echo "Bad login, go <a href='login.php'>back</a>";
}else{
session_start();
$_SESSION['name'] = $name;
header("Location: admin.php");
}
}else{
?>
<form action='login.php' methody='post'>
Username: <input type='text' name='name'/><br />
Password: <input type='password' name='password'/><br />
<input type='submit' name='submit' value='Login' />

</body>
</html>

I try to use console to find the problem but I didn't.... I know that there is some problem with $num Can somebody help me? Thank you.
Edited by Artur, 19 October 2014 - 12:11 PM.

Hello,

Do you know where I can download a nice looking PHP admin dashboard for free?

Thanks in advance for the help

Hello guys.

By the end of the day, my client wants the daily report sent to his email account in .xls format. how can i attain this? I know the php mail() function but i dont know how will php create an excel file and email it to my client automatically. Where should i start?

Thanks guys!

I am trying to check for an admin user to access the admin panel.

I have been playing around try different things and this what I have ended up with

in my database table I have a column called usergroup and i do the follow to check for admin user.

Code: [Select]
$checkAdmin = mysql_query("SELECT * FROM  `users` WHERE email='$email' , usergroup =  'admin'");

$adminUser = mysql_num_rows($checkAdmin);

if ($adminUser == 0)
{
echo count($adminUser);
die ('You do not have permissions to access this area');

}

I do the select statement through phpmyadmin and it comes back with one row. which is basically hat i want to check for. I do have a variable called $email which is getting a value from the email cookie.

currently $adminUser Return a value of 10.

All of the count() functions is for testing purposes only.

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 16

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\sas\shoppingcart\adminlogin.php:16) in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 33

Hi guys,

Can anyone help me; I have created a registration form (can be use for create or modify) and login form (Admin). What I am trying to do is; once the admin log in he/she can create / register a new user which contains:

-Firstname
-Surname
-Address
-Mobile
-Dept Name
-Username
-Password
-Repeat Password

My DB will look like this:

Table PERSONS: id, firstname, surname, address, mobile, dept_id, username, password.

Table USER: id, username, password

Table DEPT: id, dept_name


Can anyone help me how am I going to related the USER table into the PERSONS so when admin register a new user - the data will be created the into database as well as the data can be extracted for modification. Any suggestion?

Here are my code:

register.php

<?php

require 'includes/application_top.php';

    

   if (!isset($_POST['name']) && isset($_GET['id'])) {


      $mode = "Modifying";
      // Get data from DB

        $q = "SELECT * FROM `persons` WHERE `ID` = '".$_GET['id']."'"; 
        $result = mysql_query($q) or die (mysql_error());
        $row = mysql_fetch_array($result);
         
        $name = $row['firstname'];
        $surname = $row['surname'];
        $address = $row['address'];
        $dept = $row['dept_id'];
        $mobile = $row['mobile'];

}else if (!isset($_POST['name']) && !isset($_GET['id'])) {

      $mode = "Register";

      // Data is empty

      $name = $surname = $address = $dept = $mobile = "";

    } else {

        $errors = array();
        if ($_POST['name'] == "") $errors[] = "Name";
        if ($_POST['surname'] == "") $errors[] = "Surname";
        if ($_POST['mobile'] == "" || !is_numeric ($_POST['mobile'])) $errors[] = "Mobile No";
             
        if (count($errors)) {

            $errormsg = "Please fill the blank info:<br/ >".implode('<br />',$errors);

            $mode = $_POST['mode'];
            $name = $_POST['name'];
            $surname = $_POST['surname'];
            $address = $_POST['address'];
            $dept = $_POST['dept'];
            $mobile = $_POST['mobile'];         

        } else {
            foreach ($_POST as $key => $val) {

$_SESSION[$key] = $val;

}
            header("Location: confirmPage.php"); 

        }         

    }    

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Modify Document</title>
</head>

<body>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
  <?php if (isset($errormsg)) echo "<div id=\"error_message\" style=\"color:red;\">$errormsg</div>"; ?>
  <div align="center">


  <table width="370" border="0">
    <h1> <?php echo $mode; ?> A User </h1>
     <p><font color="orangered" size="+1"><tt><b>*</b></tt></font>  
  indicates a required field</p>
      <tr>
        <th width="200" height="35" align="left" scope="row" >First Name

 <font color="orangered" size="+1"><tt><b>*</b></tt></font>

</th>
        <td width="160"><input type="text" name="name" value="<?php echo $name;?>" size="25"/></td>
      </tr>
     
    <tr>
       <th height="35" align="left">  Surname

    <font color="orangered" size="+1"><tt><b>*</b></tt></font>

   </th>
        <td>
        <input type="text" name="surname" value="<?php echo $surname; ?>" size="25"/></td>
      </tr>
     
    <tr>
      <th height="35" align="left">  Address</th>
        <td>

<input type="text" name="address" value="<?php echo $address; ?>" size="25"/></td>
    </tr>
      

<tr>  
       <th height="35" align="left">  
           Choose a username <font color="orangered" size="+1"><tt>*</tt></font></th>  
       <td>  
           <input name="username" type="text" maxlength="100" size="25" />        </td>  
   </tr>  
   
   <tr>  
       <th height="35" align="left">  
           Choose a password

    <font color="orangered" size="+1"><tt><b>*</b></tt></font>

   </th>  
       <td>  
           <input name="password" type="password" maxlength="100" size="25" />             </td>  
   </tr>  
   
   <tr>  
       <th height="35" align="left">  
        Repeat your password

 <font color="orangered" size="+1"><tt><b>*</b></tt></font>

</th>  
       <td>  
           <input name="repeatpassword" type="password" maxlength="100" size="25" />               </td>  
   </tr>  
         
    <tr>
      <th height="35" align="left">Department</th>
        <td>
         
        <select name="dept">
            <option value="">Select..</option>

<?php

    $data = mysql_query ("SELECT * FROM `dept` ORDER BY `id` DESC") or die (mysql_error());
    while($row_dept = mysql_fetch_array( $data )) {

?>
        <option value="<?php echo $row_dept['id'] ;?>" <?php if($row_dept['id']==$dept){echo ' selected="selected"';}?>>
        <?php echo $row_dept['dept_name'] ;?>        </option>
     
<?php
   }
?>
        </select>        </td>
    </tr>
     
    <tr>
      <th height="35" align="left">Mobile</th>
        <td><input type="text" name="mobile" value="<?php echo $mobile; ?>" size="25"/></td>
    </tr>

<tr>  
       <td align="right" colspan="2">  
           <hr noshade="noshade" />  

</td>  
   </tr>  

  </table>
  <br/>
   
  <a href="index.php">
    <input type="button" name="back" value="Back" /></a>
     
    <input type="hidden" name="id" value="<?php echo isset($_GET['id']); ?>">
    <input type="hidden" name="mode" value="<?php echo $mode; ?>">
     
    <input type="submit" value="<?php echo ($mode == "Register") ? 'Register' : 'Modify'; ?>"/>
    
  </div>
</form>

</body>
</html>

hello, I have created a website which has to incorporate administration features. I hjave been trying to do this for a couple of days and any help will be much appreciated.
I have a login screen (form) when the user enters their username and password they are brought to the homepage.php. Is there anyway to redirect the administrator (username=admin) to a different page from all ordinary members? e.g. deletemember.php

Thanks

I am using the following to check that the user is logged on before he/she views pages on my site can I adapt what is here so that only some pages can be viewed by admin only?

<?php
include("../php/dbconnect.php"); //connects to the database

//session code
session_start();
 
//Check if user is authenticated
if(!isset($_SESSION['username'])){
    
//User not logged in, redirect to login page
     header( "Location: http://webdev/schools/hhs/psy_bookings/" );
}
else
{

     //User is logged in, contiue (use session vars to diplay username/email)
     //echo "'Welcome, {$_SESSION['username']}. You are still logged in. <br />'";
    // echo "'Your email address is: {$_SESSION['email']}.'";

}//end of session code
?>  

Hello,

I have a problem with my website, Admin login page (http://www.tranceprofile.com/storeadmin/admin_login.php

I can not login to my Admin controle panel.

Login information:
Username: Mitch
Password: schuur111

Username: Admin
Password: poopoo

Can someone help me ?

Here is my admin_login.php source code.
If you need some other source code in my /storeadmin folder please tell
Code: [Select]
<?php 
session_start();
if (isset($_SESSION["manager"])) {
    header("location: index.php"); 
    exit();
}
?>
<?php 
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {

$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters
    // Connect to the MySQL database  
    include "../storescripts/connect_to_mysql.php"; 
    $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
    // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
    $existCount = mysql_num_rows($sql); // count the row nums
    if ($existCount == 1) { // evaluate the count
     while($row = mysql_fetch_array($sql)){ 
             $id = $row["id"];
 }
 $_SESSION["id"] = $id;
 $_SESSION["manager"] = $manager;
 $_SESSION["password"] = $password;
 header("location: index.php");
         exit();
    } else {
echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Log In </title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
</head>

<body>
<div align="center" id="mainWrapper">
  <?php include_once("../template_header.php");?>
  <div id="pageContent"><br />
    <div align="left" style="margin-left:24px;">
      <h2>Please Log In To Manage the Store</h2>
      <form id="form1" name="form1" method="post" action="admin_login.php">
        User Name:<br />
          <input name="username" type="text" id="username" size="40" />
        <br /><br />
        Password:<br />
       <input name="password" type="password" id="password" size="40" />
       <br />
       <br />
       <br />
       
         <input type="submit" name="button" id="button" value="Log In" />
       
      </form>
      <p>&nbsp; </p>
    </div>
    <br />
  <br />
  <br />
  </div>
  <?php include_once("../template_footer.php");?>
</div>
</body>
</html>

i want that when someone post some comment on post that don't insert in table directly before inserting i can check and after approving then insert in table for which what i doo ?any IDea about this