Redirect admin to different page

[ckerr27]

hello, I have created a website which has to incorporate administration features. I hjave been trying to do this for a couple of days and any help will be much appreciated.

I have a login screen (form) when the user enters their username and password they are brought to the homepage.php. Is there anyway to redirect the administrator (username=admin) to a different page from all ordinary members? e.g. deletemember.php

 

Thanks

 

[synking]

you need to look for a php log in system there really not that difficult but they deal with some pretty useful php features.

 

What you would want to do is set a session variable when they log in and are an admin.  Then forward them to the page you want with a header.

 

You would still want to keep a check on that page for that session variable though as someone could just type in that page and be able to access admin features.

 

This is the tutorial i followed a while back.

 

http://www.phpeasystep.com/phptu/6.html

[ckerr27]

I have created the login feature already, It works fine, I am just confused as how to add the admin feature, how do i direct only the admin to the deletemember.php page.

The code below shows my login code it is very similar to the tutorial you used.

 

Form code:

 

<form name="form1" method="post" action="checklogin.php">

<td>

<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">

<tr>

<td colspan="3"><strong>Member Login </strong></td>

</tr>

<tr>

<td width="78">Username</td>

<td width="6">:</td>

<td width="294"><input name="myusername" type="text" id="myusername"></td>

</tr>

<tr>

<td>Password</td>

<td>:</td>

<td><input name="mypassword" type="text" id="mypassword"></td>

</tr>

<tr>

<td> </td>

<td> </td>

<td><input type="submit" name="Submit" value="Login"></td>

</tr>

</table>

</td>

</form>

</tr>

</table>

<br><br><center>Enter your usename and password....</center>

 

 

Checklogin.php

 

<?php

$host="localhost"; // Host name

$username="root"; // Mysql username

$password=""; // Mysql password

$db_name="test"; // Database name

$tbl_name="members"; // Table name

 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

// username and password sent from form

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];

 

// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);

 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

$result=mysql_query($sql);

 

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row

 

if($count==1){

// Register $username, $password and redirect to file "home.html"

session_register("myusername");

session_register("mypassword");

header("location:home.php?myusername=" . $username);

}

else {

echo "Wrong Username or Password";

}

?>

 

 

[synking]

In the code here change the header to what page you want them to see.

 

if($count==1){
// Register $username, $password and redirect to file "home.html"
session_register("myusername");
session_register("mypassword");
header("location:home.php?myusername=" . $username);
}

 

That code though only checks if they are registered... You will need to create something that checks if they have admin rights from the user table in your database.

 

YOu should have something there that denotes who is an admin and who is not.  Then set a session variable to only those users that is unique and will never accidentaly be given to a non admin user.

 

Once you have that session set.  You can do a session check on any page.

 

if(!(isset($_SESSION['isadmin']))) {
    header("location:error404.php"):  //this can be any page you want a non admin to see if they attempt to access a page designed only for admin use.
} else {
    here you can display whatever you want the admin to see.  I can be tables that access databases or whatever you like.

then close it at the bottom of you page }

 

Sessions can get a little tricky though so have a look at this.

 

http://php.net/manual/en/features.sessions.php

 

Also please check it out as there is probably a better way to have this done.  That is just a quick way.

[Muddy_Funster]

Think about how you are going to identify if it is the admin user or not.

Think about what information you have at your disposal that will let you do that.

Think about getting that information into your script in a safe and usable way.

Think about using a better login script as a learning tool.

[raptor30506090]

Hello cant you just open a query check if your the admin if so redirect to diffrent page or am i going mad

[Drummin]

I don't know how many times I've seen this log in code but wherever it's from, stop using it.  session_register is depreciated. Make you page as follows.

<?php
session_start();
// any  pre-processing code goes here and DB connection

//Grab useful information with query like userid, level
$sql="SELECT userid,level FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
if (mysql_num_rows($result)){
$row = mysql_fetch_row($result);
//Set useful information to session, but NEVER password
$_SESSION['myusername']=$myusername;
$_SESSION['userid']=$row[0];
$_SESSION['level']=$row[1];

if ($_SESSION['level']=="admin"){
header("location: adminhome.php");
}else{
header("location: memberhome.php");
}
}else{
//set error to variable to display below
$error="Wrong Username or Password";
}
// html and head goes here
?>
<html>
<body>
<?php if (isset($error)) { echo $error; } ?>
form goes here

</body>
</html>

You should add code to check $_SESSION['level'] on all protected pages.