PHP - Password Protected Pages / Simple Admin Login With Php

Hi guys,

Can anyone assist me. I am trying to create a login for admin and user (if user not a member click register link) below is my code: But whenever I enter the value as: Username: admin Password:123 - I got an error message "That user does not exist!"

Any suggestion and help would be appreciated.
Thanks.

login.php

<?php 

//Assigned varibale $error_msg as empty

//$error_msg = "";

session_start();

$error_msg = "";

if (isset($_POST['submit'])) {

if ($a_username = "admin" && $a_password = "123") 

{

//Define $_POST from form text feilds

$username = $_POST['username'];

$password = $_POST['password'];

//Add some stripslashes

$username = stripslashes($username);

$password = stripslashes($password);

//Check if usernmae and password is good, if it is it will start session

if ($username == $a_username && $password == $a_password)

{

session_start();

$_SESSION['session_logged'] = 'true';

$_SESSION['session_username'] = $username;

//Redirect to admin page

header("Location: admin_area.php");

}

}

$username = (isset($_POST['username'])) ? $_POST['username'] : ''; 

$password = (isset($_POST['password'])) ? $_POST['password'] : ''; 

if($username && $password) {

$connect = mysql_connect("localhost", "root", "") or die ("Couldn't connect!");

mysql_select_db("friendsdb") or die ("Couldn't find the DB");

$query = mysql_query ("SELECT * FROM `user` WHERE username = '$username'");

$numrows = mysql_num_rows($query);

if ($numrows != 0){

while ($row = mysql_fetch_array($query)) {

$dbusername = $row['username'];

$dbpassword = $row['password'];

}

//Check to see if they are match!

if ($username == $dbusername && md5($password) == $dbpassword) {

header ("Location: user_area.php");

$_SESSION['username'] = $username;

}

else

$error_msg = "Incorrect password!";

//code of login

}else

$error_msg = "That user does not exist!";

//echo $numrows;

}

else

$error_msg = "Please enter a username and password!";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Page</title>
</head>

<body>
<br />
<?php

require "header.php";
?><br />
<div align="center">
<table width="200" border="1">

<?php

// If $error_msg not equal to emtpy then display error message

if($error_msg!="") echo "<div id=\"error_message\"style=\"color:red; \">$error_msg</div><br />";?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<!--form action="login_a.php" method="post"-->

Username: <input type="text" name="username" /><br /><br />

Password: <input type="password" name="password"  /><br /><br />

<input type="submit" name = "submit" value="Log in"  />
</form> <p> </p>

Register a <a href="register.php">New User</a>
</table>
</div>
</body>
</html>

Howdy,

I am new to PHP and I have not worked on the forum for a couple of months.  Well, I can't sign in!!!     I am a real noob at this.

Any help greatly appreciated.  The return email is not set up.  So, I can't get a reset going.

Can I pull the password file and start again?  How can I go about doing this?

Thanks in advance.

Hallo I have a problem. This is my code:

<?php include 'connect.php';
?>

<html>
<head>
<title>Admin Insert page!</title>
</head>
<body>
<?php
error_reporting(-1);ini_set('display_errors',1);
if (isset($_POST['submit'])){
$name = $_POST['name'];
$password = $_POST['password'];
$result = mysql_query("SELECT * FROM users WHERE user='$name' AND password='$password'");
$num = mysql_num_rows($result);
if($num == 0){
echo "Bad login, go <a href='login.php'>back</a>";
}else{
session_start();
$_SESSION['name'] = $name;
header("Location: admin.php");
}
}else{
?>
<form action='login.php' methody='post'>
Username: <input type='text' name='name'/><br />
Password: <input type='password' name='password'/><br />
<input type='submit' name='submit' value='Login' />

</body>
</html>

I try to use console to find the problem but I didn't.... I know that there is some problem with $num Can somebody help me? Thank you.
Edited by Artur, 19 October 2014 - 12:11 PM.

Any help would be greatly appreciated!


<?php
$host="localhost"; // Host name
$username="user"; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name


mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

 
$barcodeID=$_POST['barcode'];

echo $barcodeID;


$barcodeID = stripslashes($barcodeID);
$barcodeID = mysql_real_escape_string($barcodeID);


$sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'";




$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
$count=mysql_num_rows($result);


if($count==1){

$_SESSION['barcode'] = $barcodeSession;
$_SESSION['userlevel'] = $row['Priority'];   
   
if($row['userlevel'] == "Admin") {
header("location:AdminSection.php");
}else{
header("location:index.php");   
}   



header("location:LoggedIn.php");
}
else {   
header("location:index.php");   
}
?>




when the script has been run, I want it to redirect to either the user page or admin page depending on their priority level.

if Priority field == "Admin" then go to admin page.

Can you see anything missing?


Thank You

Hi, I want to create a simple online buying site. I have an admin site with login where admin can add items to the database table, and change other fields such as price and description of product and I want to make a public html page to display the updates made in my admin page. I appreciate it if someone give me some suggestions on how to get started. My admin php scripts is working fine (so SQL queries for UPDATE, DELETE, INSERT) but I don't know how to 'sync' it with the an nice html table of products the user can checkbox off to purchase on the public website. Let me know, thanks.

hi guys how you doing? i new here so take it easy on me .

basically just need some quick help and i thought this would be the best place to ask. ive been working on a admin login script but cant seem to get it right, i mean i can login in with random passwords :/ and also everytime i go to the index.php it shows the information i dont want it without  being logged in. ive got the script running live just incase anyone wants to see what i mean its at http://www.lukerodham.co.uk/admin

heres the code. Thanks in advance.

index.php
Code: [Select]
<?php 
require_once("login.php"); 

$adminuser = $_SESSION['user'];
?>

<html>
<head>
<title>hoonigans.co.uk</title>
</head>
<body>
<h3 align="center">Welcome to the admin page.</h3>
<span class="maintext"><br />
<p align="center">If you would like to post some news please <a href="news/post.php">click here</a>.<br />
To logout please <a href="logout.php">click here</a></p>
</body>
</html>


login.php
Code: [Select]
<?php

function loginpage($error){
    echo "
    <html>
    <body>
    <div align='center'>
    <form method='post' action='".$_SERVER['REQUEST_URI']."'>
    <label>username: 
    <input type='text' name='username' id='username'><br>
    <label>password: 
    <input type='password' name='password' id='password'><br>
    </label>
    <label>
    <input type='submit' name='submit' id='submit' value='submit'>
    </label>
    </form>
    </div>
    </body>
    </html>
    ";
}

$username = $_POST['username'];
$password = $_POST['password'];
$login = $_post['login'];

$host = *********;
$dbuser = *********;
$dbname = *********;
$dbpass = *********;

mysql_connect("$host","$dbuser","$dbpass");
mysql_select_db("$dbname");

session_start(); 
if($_SESSION['user'] != $username){
if(!$submit){
loginpage(false);
}
    elseif($submit){
        $get = mysql_query("SELECT * FROM users WHERE username='$username'");
        while ($row = mysql_fetch_assoc($get)){
      
           $admin = $row['admin'];
           $passwordmatch = $row['password'];
           
           if ($passwordmatch==$password&&$admin==1){
            
            $_SESSION['user']="$username";
            echo "this worked";
           }
           else{
            die("Sorry wrong information.");
           }
        }
    }
}
?>

Hello,

I have a problem with my website, Admin login page (http://www.tranceprofile.com/storeadmin/admin_login.php

I can not login to my Admin controle panel.

Login information:
Username: Mitch
Password: schuur111

Username: Admin
Password: poopoo

Can someone help me ?

Here is my admin_login.php source code.
If you need some other source code in my /storeadmin folder please tell
Code: [Select]
<?php 
session_start();
if (isset($_SESSION["manager"])) {
    header("location: index.php"); 
    exit();
}
?>
<?php 
// Parse the log in form if the user has filled it out and pressed "Log In"
if (isset($_POST["username"]) && isset($_POST["password"])) {

$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]); // filter everything but numbers and letters
    $password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]); // filter everything but numbers and letters
    // Connect to the MySQL database  
    include "../storescripts/connect_to_mysql.php"; 
    $sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1"); // query the person
    // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
    $existCount = mysql_num_rows($sql); // count the row nums
    if ($existCount == 1) { // evaluate the count
     while($row = mysql_fetch_array($sql)){ 
             $id = $row["id"];
 }
 $_SESSION["id"] = $id;
 $_SESSION["manager"] = $manager;
 $_SESSION["password"] = $password;
 header("location: index.php");
         exit();
    } else {
echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Log In </title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
</head>

<body>
<div align="center" id="mainWrapper">
  <?php include_once("../template_header.php");?>
  <div id="pageContent"><br />
    <div align="left" style="margin-left:24px;">
      <h2>Please Log In To Manage the Store</h2>
      <form id="form1" name="form1" method="post" action="admin_login.php">
        User Name:<br />
          <input name="username" type="text" id="username" size="40" />
        <br /><br />
        Password:<br />
       <input name="password" type="password" id="password" size="40" />
       <br />
       <br />
       <br />
       
         <input type="submit" name="button" id="button" value="Log In" />
       
      </form>
      <p>&nbsp; </p>
    </div>
    <br />
  <br />
  <br />
  </div>
  <?php include_once("../template_footer.php");?>
</div>
</body>
</html>

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 16

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\sas\shoppingcart\adminlogin.php:16) in C:\xampp\htdocs\sas\shoppingcart\adminlogin.php on line 33

Ok.. I have made an admin section for a couple of sites, and it works fine, alough i'm almost certain that the way i have done it is not the "proper way".

What I have done is had a form with a password field that sends the password via POST to another script that checks the password is correct via variable, something like this:
Code: [Select]
<?php

  $pass = $_POST["pass"];
  $correct = "imapassword";

  if($pass == $correct){
    
  //display contents of page

  else{
  //return user to login screen
  }
?>

And then it saves the password into a cookie, that dies either over time or when the browser closes. And then on each page it tests wether that cookie is still there and is correct. When the user wants to log out it just destroys the cookie.

This seems like a really hashed up way of doing it, could anybody let me know the bare essentials for making a similar system, but the "right way". Thankyou in advance

Hi all,

Sorry to be a pain, but I've been out of the php game for quite a few years and have just come back to it briefly to help someone out.
I've been using an old admin auth script that I used to use a long time ago but it's not working, and I can't for the life of me work it out :/

I apologise for the noobishness of the code, but as I said, it's been a long time.
Any and all help would be very greatly appreciated.

Here is the code:

<?

   require("config.php");

   mysql_connect($server,$login,$password) or die('Error connecting to server');
   mysql_select_db($base) or die('Error connecting to database');

   $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'");
   $data = @mysql_fetch_array($req);
   $member_name = $data["username"];
   $member_pass = $data["mempass"];
   $member_userlevel = $data["level"];

   if($member_pass == $admin_pass)
      {
      SetCookie("mgdwebby","$member_name:$member_pass:$member_userlevel");
      }

include("header.php");

?>



<?

if($action=="login")
   {

   if($admin_login==""){ echo"Wrong info. "; }
   elseif($admin_pass==""){ echo"Wrong info. "; }
   else{

   require("config.php");

   mysql_connect($server,$login,$password) or die('Error connecting to server');
   mysql_select_db($base) or die('Error connecting to database');

   $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'");
   $data = @mysql_fetch_array($req);
   $member_name = $data["username"];
   $member_pass = $data["mempass"];

   if($member_pass == $admin_pass)
      {

      echo"<head><meta http-equiv=\"refresh\" content=\"2;URL=admin.php\"></head><br><center>Please

Wait.</center><br>";
      $auth = explode(":",$HTTP_COOKIE_VARS["mgdwebby"]);
      if(empty($auth[0]) || empty($auth[1]))
         {
         }
      else
         {
         echo"Welcome<br>";
         include("admin_left.php");
         }
      }
   else
      {
      echo"Wrong info. ";
      }
       }
   }      
else
   {

   echo"<form method='post' action='?action=login'>
   <table width='307' align='center' cellspacing='0' cellpading='0' border='0'>
     <tr>
       <td width='200'>&nbsp;Login : </td>
       <td>&nbsp;<input type='text' name='admin_login'></td>
     </tr>
      <tr>
       <td width='200'>&nbsp;Password : </td>
       <td>&nbsp;<input type='password' name='admin_pass'></td>
     </tr>
     <tr>
       <td colspan='2' align='center'><center><input type='submit' value='Login'></center></td>
   </table> ";

   }

?>



<?

include("footer.php");

?>

Howdy colleagues, Please help! I am writing a WP plugin the boss of the website to be notified when an admin logs in. So far so good, but I can't make the damn code to send the email when the user logs in. If I change the add_action to "admin_notices" the email is being sent, but if I put "wp_login" it does not Please help, here is the code so far...

function _emnoti_get_time_of_login(){
		$time_of_login = date('l F Y');
		return $time_of_login;
	}
#   Get the IP of the user that logged themselves as admin

	function _emnoti_get_ip(){
		$sources = array(
	'REMOTE_ADDR',
	'HTTP_X_FORWARDED_FOR',
	'HTTP_CLIENT_IP',
);
	foreach ($sources as $source) {
		if(!empty($_SERVER[$source])){
			$ip = $_SERVER[$source];
		}
	}
	return $ip;
	}

#   Email all the info above to a pointed email address
	function emnoti_send_email($user_login, $user){
		if(_emnoti_check_if_admin() === true){
		//	print _emnoti_get_time_of_login();
		//	print _emnoti_get_ip();
			wp_mail("MY EMAIL!", "Test subject", 'test body');
		}
	}

add_action('wp_login', 'emnoti_send_email', 10, 2);

?>

Hey guys,

I'm kind of a n00b with PHP and i'm trying to practice by building a mock e-comm site, but i'm having a problem with my admin login form. When the information is submitted the form just clears and doesn't redirect me to the index.php file i have set-up. My knowledge of php isn't where i'd like it to be yet, so i'm here for help! I'll post the code for bpoth the admin login page and the index.php file.

ADMIN LOGIN PAGE
            |
            |
            V
<?php
session_start();
if (isset($_SESSION["username"])) {
    header("location: index.php");
    exit();
}

?>
<?php

if (isset($_POST["username"]) && isset($_POST["password"])){

   $username = $_POST["username"]; // filter everything but numbers and letters
    $password = $_POST["password"]; // filter everything but numbers and letters

    include "../storescripts/connect_to_mysql.php";
    $sql = mysql_query("SELECT id FROM admin WHERE username='$username' AND password='$password' LIMIT 1");

    $existCount = mysql_num_rows($sql); // count the row nums
    if ($existCount == 1) { // evaluate the count
        while($row = mysql_fetch_array($sql)){
             $id = $row["id"];
       }
       $_SESSION["id"] = $id;
       $_SESSION["username"] = $username;
       $_SESSION["password"] = $password;
       header("location: index.php");
         exit();
    } else {
      echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
      exit();
   }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
      <title>Store Admin Area</title>
        <link rel="stylesheet" type="text/css" href="../css/main_style.css" />
   </head>

   <body>
           <div id="wrapper">
                  <div id="text"><br />
                     <div align="left" style="margin-left:100px; margin-top:100px;">
                        <h2>Please Login To Manage The Store</h2>
                        <br /><br />
                        <form id="form1" name="form1" method="post" action="admin_login.php">
                        <strong>Username</strong>
                           <input name="username" type="text" id="username" size="40" />
                        <br /><br />
                        <strong>Password</strong>
                           <input name="password" type="password" id="password" size="40" />
                        <br />
                        <br />
                           <input type="submit" name="button" id="button" value="Login" />
                        </form>
                     </div>
           </div><!--closes wrapper-->
   </body>
</html>



INDEX.PHP FILE
           |
           |
           V

<?php
session_start();
if (!isset($_SESSION["username"])) {
    header("location: admin_login.php");
    exit();
}

$usernameID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]);
$username = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]);

include "../storescripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM admin WHERE id='$usernameID' AND username='$username' AND password='$password' LIMIT 1"); // query the person

$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 0) { // evaluate the count
    echo "Your login session data is not on record in the database.";
     exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
      <title>Store Admin Area</title>
        <link rel="stylesheet" type="text/css" href="../css/main_style.css" />
   </head>

   <body>
          <div id="wrapper">
                  <div id="text"><br />
                     <div align="left" style="margin-left:100px; margin-top:100px;">
                        <h2>Hello store manager, what would you like to do today?</h2>
                        <p><a href="inventory_list.php">Manage Inventory</a><br />
                        <a href="#">Manage Blah Blah </a></p>
                     </div>
                     <br />
                  <br />
                  <br />
                </div><!--closes wrapper-->
   </body>
</html>

Any help and suggestions are greatly appreciated! Thanks!

Login.php

Code: [Select]
<?php
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("Regis") or die(mysql_error());


     if (isset($_POST["sub"]))
     {
        $_POST['pass'] = md5($_POST['pass']);
      if (!get_magic_quotes_gpc())
       {
        $_POST['username'] = addslashes($_POST['username']);
        $_POST['pass'] = addslashes($_POST['pass']);
      }


       $usercheck = $_POST["username"];

       $check = mysql_query("SELECT username FROM registration WHERE username = '$usercheck'") or die(mysql_error());

       $check2 = mysql_num_rows($check);
        //if the name exists it gives an error
     if ($check2 != 0)
     {
      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Sorry, the username" ." ".$usercheck." ". "is already in use.')</SCRIPT>");
      echo ("<SCRIPT LANGUAGE='JavaScript'>setTimeOut(window.location = 'registration.php',1)</script>");

     }

      else if($_POST['username'] && $_POST['pass'] && $_POST['pass2'] )
     {
      $insert = "INSERT INTO registration (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
      $add_member = mysql_query($insert);
      echo("<SCRIPT LANGUAGE='JavaScript'>window.alert('Registration had been succesfully added :)')</SCRIPT>");
     }

     }
     
?>

<html>
<head>
<script type="text/javascript">
 function a()
{
   var x = document.login.username.value;
   var y = document.login.pass.value;

   if(x==""&& y=="")
   {
    alert("Please insert all message!");
    return false;
   }
   if(x=="")
   {
     alert("Please insert an username!");
     return false;
   }
   if(y=="")
   {
     alert("Please insert an password!");
     return false;
   }
}
</script>
</head>
 <body>
 <table border="0">
 <form name="login" method="post" action="form2.php" onsubmit="return a()">
 <tr><td colspan=2><h1>Login</h1></td></tr>
 <tr><td>Username:</td>
 <td><input type="text" name="username" maxlength="40"></td></tr>
 <tr><td>Password:</td>
 <td><input type="password" name="pass" maxlength="50"></td></tr>
 <tr><td><input type="submit" name="submit" value="Register"></a></td>
 <td><input type="submit" name="submit" value="Login"></td></tr>
 </form>
 </body></html>




form2.php

Code: [Select]
<?php
mysql_connect("localhost","root") or die(mysql_error());
mysql_select_db("cute") or die(mysql_error());
$message=$_POST['message'];
$n=$_POST['username'];


if(isset($_POST['submit'])) //if submit button push has been detected

{


   if(strlen($message)>1)
   {
      $message=strip_tags($message);
      $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP
      $checkforbanned="SELECT IP from ipbans where IP='$IP'";
      $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS");

    if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list
    {
     print "You IP is banned from posting.";
    }

    else
    {
     $thedate = date("U"); //grab date and time of the post
     $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$n','$IP','$thedate','$message')";
     mysql_query($insertmessage) or die("Could not insert message");
    }
   }
}


 ?>
<html>
<head>
<script type="text/javascript">
function addsmiley(code)
{
var pretext = document.smile.message.value;
              this.code = code;
              document.smile.message.value = pretext + code;
}

function a()
{
 var x = document.smile.message.value;
 if(x=="")
 {
  alert("Please insert an message!");
  return false;
 }

}

</script>
<style type="text/css">
body{ background-color: #d8da3d }
</style>
</head>
<body>
  <form name="smile" method="post" action="form2.php" onSubmit="return a()" >
   Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br>
   <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" />
   <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" />
   <input type="hidden" name="username" value="<?php echo $n;?>">
   <input type='submit' name='submit' value='Send' class='biasa'  ></form>

   
 
  <br> <br>
  </body>
</html>

My problem is in login.php in form section, can one form can be used user or admin because just now im doing is for user if user login it goes to form2.php but im want also in the same form if admin the form post to form3.php any way to do that thank you

<?php
session_start( );
include_once( dirname( __FILE__ )."/../inc/func/get_sth.php" );
include_once( _ABSPATH_."/inc/func/header.php" );
if ( $_GET["f"] == "login" )
{
    $adminuser = strtolower( strip_tags( trim( $_POST["adminuser"] ) ) );
    $r_0 = strtolower( strip_tags( trim( $_SESSION["r"] ) ) );
    $r_1 = strtolower( strip_tags( trim( $_POST["r"] ) ) );
    if ( $r_0 == $r_1 )
    {
        $result = mysql_query( "SELECT password FROM admin where adminuser='".$adminuser."'" );
        $val = mysql_fetch_array( $result );
        if ( !$val["password"] )
        {
            $loginfail = 1;
        }
        else
        {
            if ( $val[password] === md5( $_POST["password"] ) )
            {
                $_SESSION['admin'] = $adminuser;
                header( "Location: ./" );
                exit( );
            }
            $loginfail = 1;
        }
    }
    else
    {
        $loginfail = 2;
    }
}
$page_title = l( "Administration Login" )." | ".get_sitename( );
$smarty->assign( "page_title", $page_title );
$smarty->assign( "loginfail", $loginfail );
$smarty->display( "mgt/login.tpl" );
?>

Login.php

Code: [Select]
<?php
    session_start();
    mysql_connect("localhost","root") or die(mysql_error());
    mysql_select_db("cute") or die(mysql_error());
    $username = $_POST['username'];
    $password = $_POST['pass'];
    if (isset($_POST["submit"]))
    {
     $log = "SELECT * FROM regis WHERE username = '$username'";
     $login = mysql_query($log);  
     $row = mysql_fetch_array($login);
     $number = mysql_num_rows($login);
     if ($number > 0)
     {


        $_SESSION['username'] = $row['username'];
        $_SESSION['userlevel'] = $row['userlevel'];
        
         
        if($_SESSION['userlevel']==1)
       {
        $_SESSION['is_logged_in'] == 1;
        header("Location: form2.php");
       }
        else if($_SESSION['userlevel']== 0)
       {
         $_SESSION['is_logged_in'] == 1;
         header("Location: registration.php");
       }
     }

Registration.php

Code: [Select]
<?php
echo 'Welcome:' .$_SESSION['is_logged_in'];?>
form2.php

Code: [Select]
<?php
session_start();
if (empty($_SESSION['is_logged_in']))
{
 header("Location:chatframe.php");
 die();     // just to make sure no scripts execute
}
?>
<?php
mysql_connect("localhost","root") or die(mysql_error());
mysql_select_db("cute") or die(mysql_error());
$message=$_POST['message'];
$a=$_SESSION['username'];



if(isset($_POST['submit'])) //if submit button push has been detected

{


   if(strlen($message)>1)
   {
      $message=strip_tags($message);
      $IP=$_SERVER["REMOTE_ADDR"]; //grabs poster's IP
      $checkforbanned="SELECT IP from ipbans where IP='$IP'";
      $checkforbanned2=mysql_query($checkforbanned) or die("Could not check for banned IPS");

    if(mysql_num_rows($checkforbanned2)>0) //IP is in the banned list
    {
     print "You IP is banned from posting.";
    }

    else
    {
     $thedate = date("U"); //grab date and time of the post
     $insertmessage="INSERT into chatmessages (name,IP,postime,message) values('$a','$IP','$thedate','$message')";
     mysql_query($insertmessage) or die("Could not insert message");
    }
   }
}


 ?>
<html>
<head>
<script type="text/javascript">
function addsmiley(code)
{
var pretext = document.smile.message.value;
              this.code = code;
              document.smile.message.value = pretext + code;
}

function a()
{
 var x = document.smile.message.value;
 if(x=="")
 {
  alert("Please insert an message!");
  return false;
 }

}

</script>
<style type="text/css">
body{ background-color: #d8da3d }
</style>
</head>
<body>
  <form name="smile" method="post" action="form2.php" onSubmit="return a()" >
   Your message:<br><textarea name='message' cols='40' rows='2'></textarea><br>
   <img src="smile.gif" alt=":)" onClick="addsmiley(':)')" style="cursor:pointer;border:0" />
   <img src="blush.gif" alt=":)" onClick="addsmiley('*blush*')" style="cursor:pointer;border:0" />
   <input type='submit' name='submit' value='Send' class='biasa'  ></form>

   
 
  <br> <br>
  </body>
</html>
In this registration.php when im called back its appear nothing im means the number is not showing and the login code even im had also put the "$_SESSION['is_logged_in'] == 1;" outside if else userlevel statement and then i put $d=  $_SESSION['is_logged_in'] == 1;   and im echoing back but it is nothing im thinks something wrong in session is login

 and also still it cannot redirect to admin -form2.php when session is login in is 1