Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- login_action.php
- <?php
- session_start();
- include("connect.php");
- $tbl_name="users";
- $username=$_POST['username'];
- $password=$_POST['password'];
- $username = stripslashes($username);
- $password = stripslashes($password);
- $username = mysqli_real_escape_string($conn,$username);
- $password = mysqli_real_escape_string($conn,$password);
- $password = sha1($password);
- $result = mysqli_query($conn, "SELECT * FROM $tbl_name WHERE user='$username' AND password='$password'");
- if(mysqli_num_rows($result) != 1){
- echo "<script>alert(' Wrong Username or Password Access Denied !!! Try Again');
- window.location='index.php';
- </script>";
- }else{
- $row = mysqli_fetch_assoc($result);
- $_SESSION['role'] == $row['role'];
- if($row['role'] == 'Admin'){
- header('location: admin.php');
- exit;
- else{
- echo "<script>alert('Wrong username or password. Try again');
- window.location='index.php';
- </script>";
- }
- }
- admin.php
- <?php
- session_start();
- if (isset($_SESSION['role']) != 'Admin') {
- echo "You are not the admin";
- }
- ?>
- <html>
- <head>
- <title> Administrator Page </title>
- <head>
- <body><br>
- <h1 align="center">
- Welcome To Administrator Page <br>
- <a href='logout.php'>Click here to log out</a>
- </h1>
- </body>
- </html>
- else{
- $row = mysqli_fetch_assoc($result);
- $_SESSION['role'] = $row['role']; // <--- Notice only one equal
- if($row['role'] = 'Admin'){
- header('location: admin.php');
- exit;
Add Comment
Please, Sign In to add comment
