Hi Guys. Really Stuck here. I am making a website, its basicall an online shop of sorts. I am making a login page for our customers and an admin page for us lot to upload new products to sql etc. Whats its meant to do is accept the username and pw then allow me to access the adminpage. Although its just saying that user doesnt exist all the time. I dont know why becuase the details are correct. :-\
admin_login page is the code below.
<?php
session_start();
if(isset($_SESSION["manager"])){
header("location:index.php");
exit();
}
?>
<?php
if(isset($_POST["username"])&&isset($_POST["password"])){
$manager = preg_replace('#[A-Za-z0-9]#i','',$_POST["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i','',$_POST["password"]);
include"../storescripts/connect_to_mysql.php";
$sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1");
$existCount = mysql_num_rows($sql);
if($existCount == 1){
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: index.php");
exit();
}else{
echo 'That Information Is Incorrect. Try again <a href="index.php">Click Here</a>';
exit();
}
}
?>
and now the index.php which is what the admin see when they log in successfully.
<?php
session_start();
if(isset($_SESSION["manager"])){
header("location: admin_login.php");
exit();
}
//Be Sure To Check That This Manager Session Value Is Infact In The DataBase
$managerID = preg_replace('#[^0-9#i','',$_SESSION["id"]);
$manager = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["manager"]);
$password = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["password"]);
include "../strorescripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1");
$existCount = mysql_num_rows($sql);
if($existCount == 0){
header("location:../index.php");
exit();
}
?>