mysql - Checking if user is admin or not in PHP -
i new php , trying school assignment teacher says "google it" , can't find asnwer works me.
here's login.php (please excuse swedish notes in it, teacher)
<?php //start session session_start(); require('connect.php'); //3. if form submitted or not. //3.1 if form submitted if (isset($_post['username']) , isset($_post['password'])){ //sätter form värderna variabler $username = $_post['username']; $password = $_post['password']; //kollar om variblerna redan finns databasen $query = "select * `user` username='$username' , password='$password'"; $result = mysql_query($query) or die(mysql_error()); $count = mysql_num_rows($result); //kollar om bägge värdena är likadana databasen och sedan skapar sessionen om de är det. if ($count == 1){ $_session['loggedin'] = 1; $_session['username'] = $username; }else{ //3.1.3 om värdena inte stämmer kommer ett fel medelande att skickas till användaren. echo "invalid login credentials."; } } //om han loggar in så skickas han vidare till protected.php if ($_session['loggedin'] == 1) { header('location: protected.php'); }else{ ?> here's page accessed after you've logged in(the protected page)
<?php session_start(); require('connect.php'); // startar sessionen så att man kan använda session variablerna // inkluderar connect.php för att ansluta till databasen if ($_session['loggedin'] != 1) { //om loggedin är inte lika med 1 skickas han till första login sidan header('location: index.php'); exit; } ?> <html> <head><title>logged in!</title></head> <body>asdsdfsdf<br><a href="logout.php">log out</a><br> <?php $sql = "select admin `user` username='$_session['username']'"; $result = mysql_query($sql); $admin = mysql_fetch_array($result); $_session['admin'] = $admin['admin']; if ($_session['admin']) == 1 { echo "you admin!"; }else{ echo "you normal user"; } ?> </body> </html> i don't understand how code won't work. :/
<?php $sql = "select admin `user` username='$_session['username']'"; $result = mysql_query($sql); $admin = mysql_fetch_array($result); $_session['admin'] = $admin['admin']; if ($_session['admin']) == 1 { echo "you admin!"; }else{ echo "you normal user"; }
please check again code:
$sql = "select admin `user` username='$_session['username']'"; there maybe 2 mistakes here:
- you cannot interpolate $_session in ' ';
- when in quote, "$_session['username']" should change "$_session[username]";
to recap, can use way below:
$sql = "select admin `user` username='".$_session['username']."'"; by way can keep original method of sql have quote:
where username='xxx'
Comments
Post a Comment