T
That Random Guy
Guest
Okay, so I'm trying to create an administration area for my staff on my site, and it's all been working, but, being a novice at programming with mySQL and PHP, I've come to an error that shouldn't be a problem for someone good at it 
; I want to select whether or not the user is an admin, and if they are, then it starts a session. Whether or not they are an admin, they are sent to the admin page, and if the session isn't equal to one, then they are sent back to the login page. When I try this, I'm always sent back... Here is the code(which probably has flaws ):
<?php
$tbl = "content_admin";
if(!$_POST['submit'])
{
echo "<center>\n";
echo "Log in to Administration Area:<br />";
echo "<table border=\"0\">";
echo "<form action=\"index.php\" method=\"POST\">\n";
echo "<tr><td><p>Username:</p><input type=\"text\" name=\"user\" /></td></tr>";
echo "<tr><td><p>Password:</p><input type=\"password\" name=\"pass\" \></td></tr>";
echo "<tr><td><input type=\"submit\" value=\"Login\" name=\"submit\" \></td></tr>";
echo "</form>\n";
echo "</table>\n";
echo "</center>\n";
}else{
include_once "functions.php";
connect();
session_start();
ob_start();
$username = protect($_POST['user']);
$password = $_POST['pass'];
$errors = 0;
if(empty($username)){
$errors += 1;
echo "You did not supply a username!<br />";
}
if(empty($password)){
$errors += 1;echo "You did not supply a password!<br />";
}
if($errors >= 1){
echo "<strong><font color=\"#FF0000\">Please fix all </strong>$errors<strong> errors before continuing.<br /><a href=\"index.php\">Back</a>.</font></strong>";
}else{
$sql = "SELECT * FROM `users` WHERE `username`='".$username."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 0){
echo "The username you supplied does not exist!";
}else {
$sql2 = "SELECT * FROM `users` WHERE `username`='".$username."' AND `password`='".md5($password)."'";
$res2 = mysql_query($sql2) or die(mysql_error());
if(mysql_num_rows($res2) == 0){
echo "Username and password combination incorrect!";
}else {
if($rows['admin'] >= 5)
{
$_SESSION['a_priv']=1;
echo "poop";
}
header("Location: admin.php");
}
}
}
ob_end_flush();
}
?>
Could someone please help me figure out what's wrong...
(translation: can someone help me figure out how to check the admin level )
Oh, and in the databse, my admin level is 9, but I can't figure out how to do this... Thanks 
Oh, and the 'echo "poop";' thing was to test if it worked
; I want to select whether or not the user is an admin, and if they are, then it starts a session. Whether or not they are an admin, they are sent to the admin page, and if the session isn't equal to one, then they are sent back to the login page. When I try this, I'm always sent back... Here is the code(which probably has flaws ):<?php
$tbl = "content_admin";
if(!$_POST['submit'])
{
echo "<center>\n";
echo "Log in to Administration Area:<br />";
echo "<table border=\"0\">";
echo "<form action=\"index.php\" method=\"POST\">\n";
echo "<tr><td><p>Username:</p><input type=\"text\" name=\"user\" /></td></tr>";
echo "<tr><td><p>Password:</p><input type=\"password\" name=\"pass\" \></td></tr>";
echo "<tr><td><input type=\"submit\" value=\"Login\" name=\"submit\" \></td></tr>";
echo "</form>\n";
echo "</table>\n";
echo "</center>\n";
}else{
include_once "functions.php";
connect();
session_start();
ob_start();
$username = protect($_POST['user']);
$password = $_POST['pass'];
$errors = 0;
if(empty($username)){
$errors += 1;
echo "You did not supply a username!<br />";
}
if(empty($password)){
$errors += 1;echo "You did not supply a password!<br />";
}
if($errors >= 1){
echo "<strong><font color=\"#FF0000\">Please fix all </strong>$errors<strong> errors before continuing.<br /><a href=\"index.php\">Back</a>.</font></strong>";
}else{
$sql = "SELECT * FROM `users` WHERE `username`='".$username."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 0){
echo "The username you supplied does not exist!";
}else {
$sql2 = "SELECT * FROM `users` WHERE `username`='".$username."' AND `password`='".md5($password)."'";
$res2 = mysql_query($sql2) or die(mysql_error());
if(mysql_num_rows($res2) == 0){
echo "Username and password combination incorrect!";
}else {
if($rows['admin'] >= 5)
{
$_SESSION['a_priv']=1;
echo "poop";
}
header("Location: admin.php");
}
}
}
ob_end_flush();
}
?>
Could someone please help me figure out what's wrong...
(translation: can someone help me figure out how to check the admin level )Oh, and in the databse, my admin level is 9, but I can't figure out how to do this...
Thanks Oh, and the 'echo "poop";' thing was to test if it worked