Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if(!isset($_SESSION["manager"])){
- header("location: admin_login.php");
- exit();
- }
- //Be sure to check that this manager session value is in the database
- $managerID = preg_replace('#[^0-9]#i','',$_SESSION["id"]); //filter everything but numbers and letters
- $manager = preg_replace('#[A-Za-z0-9]#i','',$_SESSION["manager"]); //filter everything bu numbers and letters
- $password = preg_replace('#[A-Za-z0-9]#i','',$_SESSION["password"]); //filter everything bu numbers and letters
- //run sql query to be sure that this person is an admin and that their password session variale equals the database information
- //Connect to the MySQL database
- include "../Scripts/connect_to_mysql.php";
- $sql=mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1"); //query the person
- //--------Make sure the Person exists--------
- $existCount = mysql_num_rows($sql); //Count the num rows
- if($existCount==0){//evaluate the count
- echo "Your login session data is not on record in the database.";
- exit();
- header("location:../index.php");
- exit();
- }
- ?>
- <?php // Script 3.4 - index.php
- $page_title = 'Store Admin Page';
- include ('includes/header.php');
- ?>
- <h1>Welcome to the admin area of the online book store.</h1>
- <p><a href="#"></a>Manage Inventory Items</p>
- <?php
- include ('includes/footer.php');
- ?>
Add Comment
Please, Sign In to add comment
