Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if (!isset($_SESSION["manager"])) {
- header("location: admin_login.php");
- exit();
- }
- // Be sure to check that this manager SESSION value is in fact in the database
- $managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
- $manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]); // filter everything but numbers and letters
- $password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
- // Run mySQL query to be sure that this person is an admin and that their password session var equals the database information
- // Connect to the MySQL database
- include "../include/scripts/mysql_connect.php";
- $sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); // query the person
- // ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
- $existCount = mysql_num_rows($sql); // count the row nums
- if ($existCount == 0) { // evaluate the count
- echo "Your login session data is not on record in the database.";
- exit();
- }
- ?>
Add Comment
Please, Sign In to add comment
