//top of code<?php//Display errors; COMMENT OUT WHEN NOT DEBUGGINGini_set('di

1. //top of code
2. <?php
3. //Display errors; COMMENT OUT WHEN NOT DEBUGGING
4. ini_set('display_errors', 1);
5. ini_set('display_startup_errors', 1);
6. error_reporting(E_ALL);
7. //DB
8. require('lib/func.php');
9.  
10. //The function looks like this
11. //Checks if user is already logged in and redirects.
12. if (isset($_SESSION['user'])){
13. $user = getUserInfo($_SESSION['user']);
14.  
15. if ($user != null) {
16. if ($user['admin'] == 1) {
17. header('Location: admin.php');
18. exit;
19. } else {
20. header('Location: login.php');
21. }
22. }
23. }
24. if (isset($_POST)){
25. if(sizeof($_POST) > 0) {
26. $user = mysqli_real_escape_string($link, trim($_POST['username'])); //error
27. $pass = mysqli_real_escape_string($link, trim($_POST['password'])); //error
28. if(isValidAdminUser($user,$pass)) {
29. persistUser($user);
30. header('Location: admin.php');
31. exit;
32. } elseif(isValidStateUser($user,$pass)) {
33. persistUser($user);
34. header('Location: /');
35. exit;
36. } else {
37. $error = "Invalid username or password";
38. }
39. }
40. }
41. //what am i missing from this? what's am i doing wrong/needs improvement?
42.  
43. //top of file
44. <?php
45. include("define.mysqli.php");
46. if(!isset($_SESSION)){
47. session_start();
48. }
49. //....
50. function isValidAdminUser($uname,$pass) {
51. $query = "SELECT * FROM users WHERE login = '$uname' AND admin = 1";
52. $result = mysqli_query($link, $query) or die(mysqli_error($link)); //error
53. if(mysqli_num_rows($result) > 0) {
54. $user = mysqli_fetch_array($result); //error
55. if(md5($pass) == $user['password'])
56. return true;
57. }
58. return false;
59. }
60.  
61. //the original code was
62. function isValidAdminUser($uname,$pass) {
63. $query = "SELECT * FROM users WHERE login = '$uname' AND admin = 1";
64. $result = mysql_query($query) or die(mysql_error()); //error
65.  
66. if(mysqli_num_rows($result) > 0) {
67. $user = mysqli_fetch_array($result); //error
68. if(md5($pass) == $user['password']) {
69. return true;
70. }
71. }
72. return false;
73. }
74. //i changed it to mysqli best i could but $link is undefined???
75.  
76. //in same code as above
77.  
78. <?php
79. # FileName="Connection_php_mysql.htm"
80. # Type="MYSQL"
81. # HTTP="true"
82. if(!isset($_SESSION)){
83. session_start();
84. }
85. if(!defined("DATABASE_PREFIX"))
86. define("DATABASE_PREFIX","dbr_");
87. $hostname = "127.0.0.1";
88. $username = "*correct_username";
89. $password = "*correct_password";
90. $database = "*correct_database";
91. $link = mysqli_connect($hostname, $username, $password, $database);
92.  
93. if(!$link) {
94. echo "Error: Unable to connect to MySQL." . PHP_EOL;
95. echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
96. echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
97. exit;
98. }
99.  
100. //echo "Success: Established MySQL connection." . PHP_EOL;
101. //echo "Host Information: " . mysqli_get_host_info($link) . PHP_EOL;
102.  
103. mysqli_close($link);
104. ?>