Jump to content


Photo

Please help with cross-file variables (admin login options)


  • Please log in to reply
3 replies to this topic

#1 spInGoBlin

spInGoBlin
  • Members
  • Pip
  • Newbie
  • 4 posts

Posted 26 April 2006 - 10:16 PM

I'm trying to separate some users (with admin rights) from others, so that they can view and enter some data that will be hidden from others in many consequent windows. My login page goes like this:

if (isset($_POST['Submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];

$result = mysql_query("Select * From admin where username='$username'",$link);
if(mysql_num_rows($result)>0)
{
$row = mysql_fetch_array($result, MYSQL_BOTH);
if($password == $row["password"])
{
$_SESSION['adminok'] = "ok";
$_SESSION['username'] = "username";
$_SESSION['password'] = "password";
header("Location: admin.php");
}
else {$msg = "Password incorrect";}
}
else {$msg = "Username incorrect";}
}
?>

There's a row in the SQL table (admin_rights) that's either 0 or 1 (true/false). how can I pass this variable on to another php page to filter out some rows from other SQL tables, depending on this variable? I reckon it should go something like this:

$clientsresult = mysql_query("Select * from clients",$link);
$numcli = mysql_num_rows($clientsresult);
$nc = 0;
while($clients = mysql_fetch_array($clientsresult, MYSQL_BOTH)){
if ($isadmin) {
$nc++;
$client[$clients['client_ID']] = $clients['name'];
}
}

Well, this seems simple, but how shall I get the $isadmin from login page? This is also simple I know :) but I'm having awsome trouble. Help please! Thanks.


#2 Twentyoneth

Twentyoneth
  • Members
  • PipPipPip
  • Advanced Member
  • 118 posts
  • LocationGlasgow, KY

Posted 27 April 2006 - 04:13 AM

[EDIT: Misread. ]

#3 sanfly

sanfly
  • Members
  • PipPipPip
  • Advanced Member
  • 344 posts
  • LocationNew Zealand

Posted 27 April 2006 - 04:25 AM

Cant you just add a session in the login page? Or am i misreading too?

if (isset($_POST['Submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];

$result = mysql_query("Select * From admin where username='$username'",$link);
if(mysql_num_rows($result)>0)
{
$row = mysql_fetch_array($result, MYSQL_BOTH);
if($password == $row["password"])
{
$_SESSION['isadmin'] = "1"; // 1 = yes, 0 = no
$_SESSION['adminok'] = "ok";
$_SESSION['username'] = "username";
$_SESSION['password'] = "password";
header("Location: admin.php");
}
else {$msg = "Password incorrect";}
}
else {$msg = "Username incorrect";}
}
?>

then in the other page

$clientsresult = mysql_query("Select * from clients",$link);
$numcli = mysql_num_rows($clientsresult);
$nc = 0;
while($clients = mysql_fetch_array($clientsresult, MYSQL_BOTH)){
if ($_SESSION['isadmin'] == "1") {
$nc++;
$client[$clients['client_ID']] = $clients['name'];
}
}


If you're not part of the solution, you're part of the precipitate

#4 spInGoBlin

spInGoBlin
  • Members
  • Pip
  • Newbie
  • 4 posts

Posted 27 April 2006 - 05:08 AM

Thank You sanfly! It worked perfectly, after I remembered to use start_session(), too :) Problem solved




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users