Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##login.php [php]
- <?php
- //change the login.php to this; all I did was added ONE line, and added group to $query.
- // login2.php
- include("connection.php");
- // Start a session. Session is explained below.
- session_start();
- // Same checking stuff all over again.
- if(isset($_POST['submit'])) {
- if(empty($_POST['username']) || empty($_POST['password'])) {
- echo "Sorry, you have to fill in all forms";
- exit;
- }
- // Create the variables again.
- $username = $_POST['username'];
- $password = $_POST['password'];
- // Encrypt the password again with the md5 hash.
- // This way the password is now the same as the password inside the database.
- $password = md5($password);
- // Store the SQL query inside a variable.
- // ONLY the username you have filled in is retrieved from the database.
- $query = "SELECT username,password,group
- FROM `users`
- WHERE username='$username'";
- $result = mysql_query($query);
- if(!$result) {
- // Gives an error if the username given does not exist.
- // or if something else is wrong.
- echo "The query failed " . mysql_error();
- } else {
- // Now create an object from the data you've retrieved.
- $row = mysql_fetch_object($result);
- // You've now created an object containing the data.
- // You can call data by using -> after $row.
- // For example now the password is checked if they're equal.
- if($row->group == Admin) $_session['admin'] = true;
- // By storing data inside the $_SESSION superglobal,
- // you stay logged in until you close your browser.
- $_SESSION['username'] = $username;
- $_SESSION['sid'] = session_id();
- // Make it more secure by storing the user's IP address.
- $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
- // Now give the success message.
- // $_SESSION['username'] should print out your username.
- echo "You are now logged in as " . $_SESSION['username'] . ", you will be redirected in: ";
- }
- }
- ?>
- ##index.php [php]
- <?PHP
- /* place this wherever on your page you want the link to go, inside a <?PHP ?> tag... */
- if ($_session['admin'] == true) echo '<a href="adminpage.php>Admin Page</a>';
- ?>
Add Comment
Please, Sign In to add comment