Limit user to admin only

[edrew04]

how to restrict the users that accessing the main database, i want only this user to be accepted to have higher previllages in user.php:  username:admin and password is: admin , if a user: username:guest password:guest, another template for them will be shown like guestuser.php

 

 

<?php include("includes/header.php"); ?>
<?php include("includes/connection.php"); ?>
<html>
<head><title>Welcome to Mountain View Hospital</title>



</head>
<body background="mv.jpg">
<?php 

//if the login form is submitted
if (isset($_POST['btn'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] || !$_POST['pass']) {
die('You did not fill in a required field. <a href=login.php>Click Here to Login.</a>');
}// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}$check =
mysql_query("SELECT *
FROM users WHERE username =
'".$_POST['username']."'")or die(
mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check))
{$_POST['hashed_password'] =
stripslashes($_POST['pass']);
$info['hashed_password'] = stripslashes($info['hashed_password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the hashed_password is wrong
if ($_POST['pass'] != $info['hashed_password']) {
die('Incorrect password, please try again. <a href=login.php>Click Here to Login.</a>');
}else
{echo "<meta http-equiv='Refresh' content='0; url=user.php'>";
}}}else
{// if they are not logged in
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>password</td>
<td>:</td>
<td><input name="pass" type="password" id="pass"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="btn" id="btn" value="Login"></td>
</tr>
</table>
<a href="register.php">Not yet registered?</a>
</td>
</form>
</tr>
</table>
<?php
}?>

</form>
</body>
</html>

[GKWelding]

Try creating a simple session table in MySQL, in this table insert the users session ID and the users user ID (I assume you have an auto-incrememnting id column in the users table). Then, in users.php do a call to your database and return the users userId using their current session ID. As the admin user ID will always be a certain value, probably 1, then you will be able to filter by this in users.php.

 

If you want a working example of this then PM me as this is fairly complicated to achieve securely and successfully.