Login

Cooper94 · March 2, 2009

<?php include 'data.php'; 
ob_start();
session_start();
if(isset($_POST['submit'])) { 

// username and password sent from form 
$username=$_POST['username']; 
$password=$_POST['password']; 
$enc=md5($_POST['password']);

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);


$sql=mysql_query("SELECT * FROM pilots WHERE username='$username' AND password='$enc' AND admin='yes' || admin='hub'");
$omg = mysql_num_rows($sql);

if($omg > 0){
while($row = mysql_fetch_array($sql)){

$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['admin'] = $row['admin'];
$_SESSION['hub'] = $row['hub'];

header ('Location: successadm.php');	
mysql_close($connection);
}
} 
else {
echo "Wrong Username/Password";
}}
?>         
<center>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
            <fieldset>
            <div> <br />
              <label for="txtusername">Username:</label>
              <input type="text" name="username" value="" title="Text input: Username" id="txtusername" maxlength="20" />
            </div>
            <div>
              <label for="txtpassword"> Password:</label>
              <input type="password" name="password" title="Text input: Password" id="txtpassword" maxlength="20" />
            </div>
            <br />
            <div>                
              <input type="submit" name="submit" value="Login" />
              <input type="submit" name="ResetButton" title="Reset button: Login" id="btnReset" value="Clear" class="button" />
              <br />
              </div>
            </fieldset>
          </form> 
<font color="red">
</font>
</center>

If I press login in it will automatily bring me to admin area why is that?

Thank You

Maq · March 2, 2009

Try changing this:

$sql=mysql_query("SELECT * FROM pilots WHERE username='$username' AND password='$enc' AND admin='yes' || admin='hub'");

to this:

$sql=mysql_query("SELECT * FROM pilots WHERE username='$username' AND password='$enc' AND (admin='yes' OR admin='hub')");

Sign In

Login

Recommended Posts

Cooper94

Link to comment

Share on other sites

Maq

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information