[ricardo178]

Hello. I'm trying to load admin in my website user account when he logins but for some reason, it always set it to 0.

In database, there is "admin" and it's set to 1.
In login, i have this:

PHP код:

<?php 
ob_start(); 
?>
<?php
function callback($buffer)
{
  // replace all the apples with oranges
  return (str_replace("apples", "oranges", $buffer));
}
ob_start("callback");
?>
<BODY BGCOLOR = "#A0A0A0"> 
<div align="center">
<img src="http://images.cooltext.com/2643376.png" width="209" height="109" alt="Login" />
<br /></a>
<table border="5">
<tr>
<th>
<?php
ob_end_flush();
?>
<?php
include("conf.inc.php"); // Includes the db and form info.
session_start(); // Starts the session.
if (!isset($_POST['submit'])) { // The form has not been submitted.
    echo "<form action=\"login.php\" method=\"POST\">";
    echo "<table>";
    echo "<tr>";
    echo "<td colspan=\"2\">Login:</td>";
    echo "</tr>";
    echo "<tr>";
    echo "<td width=\"50%\">Username:</td><td width=\"50%\"><input name=\"username\" size=\"18\" type=\"text\" />";
    echo "</tr>";
    echo "<tr>";
    echo "<td width=\"50%\">Password:</td><td width=\"50%\"><input name=\"password\" size=\"18\" type=\"text\" />";
    echo "</tr>";
    echo "<tr>";
    echo "<td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"Login\"</td>";
    echo "</tr>";
    echo "</table>";
    echo "</form>";
} else {
    $username = form($_POST['username']);
    $password = md5($_POST['password']); // Encrypts the password.
 
    $q = mysql_query("SELECT * FROM `users` WHERE username = '$username' AND password = '$password'") or die (mysql_error()); // mySQL query
    $result = mysql_query("SELECT * from users");
    $r = mysql_num_rows($q); // Checks to see if anything is in the db.
        if ($r == 1) { // There is something in the db. The username/password match up.
        $_SESSION['logged'] = 1;
    while($row = mysql_fetch_array($result))
    {
        $_SESSION['admin'] = $row['admin'];
    }
    header("Location: site.php"); // Goes to main page.
        exit(); // Stops the rest of the script.
        } else { // Invalid username/password.
header("Location: login.php"); // Goes back to login page.
    }
}
 
mysql_close($db_connect); // Closes the connection.
?>
<?php 
ob_end_flush(); 
?>

It should set $SESSION['admin'] to 1 if it is 1 in database, but than i have this to check if user is admin:

PHP код:

<?php
include("conf.inc.php"); // Includes the db and form info.
session_start(); // Starts the session.
if ($_SESSION['admin'] != 1) { // There was no session found!
    header("Location: members.php"); // Goes to login page.
    exit(); // Stops the rest of the script.
}
?>

You are admin........

But it returns all the time to members.php.
Any idea what's the problem?
Thank you.

[Extremo]

PHP код:

header("Location: members.php"); // Goes to login page. 


Maybe?

EDIT: Nevermind, reading helps a lot LOL. I only read the text at the buttom <.<

[ricardo178]

Quote:

Originally Posted by Extremo PHP код: header("Location: members.php"); // Goes to login page.  Maybe?

That's there to head you to membrs.php page IN CASE you're not admin.. If you're admin, it should just say: You are admin.........

Cos there is, if($SESSION['admin'] != 1 and "!=" means different. So if it's different from 1, it should head to that page.
I think this part is good, because i tested setting admin to 1 no matter if he is admin or not in login and it worked. Just, when i try to set it to the value that is in database, it sets to 0 even if it's 1.

[Extremo]

Hm I don't see anything wrong with the code at all. Are you sure it's "admin" and not "Admin"? lol.

EDIT:

Nevermind actually, I think I can clearly see whats wrong.

PHP код:

$q = mysql_query("SELECT * FROM `users` WHERE username = '$username' AND password = '$password'") or die (mysql_error()); // mySQL query 
    $result = mysql_query("SELECT * from users"); // here you query again but for no user at all?
    $r = mysql_num_rows($q); // Checks to see if anything is in the db. 
        if ($r == 1) { // There is something in the db. The username/password match up. 
        $_SESSION['logged'] = 1; 
    while($row = mysql_fetch_array($result)) // you check back if hes an admin by using $result which is for all users and not him specifically? This is your mistake, you probably override the admin account with some other user's account lol
    { 
        $_SESSION['admin'] = $row['admin']; 
    } 


To fix it:

PHP код:

while($row = mysql_fetch_array($result)) // this
while($row = mysql_fetch_array($q)) // becomes this 


I think anyway lol.

[ricardo178]

Yeah, that's it. Thank you alot... I blowed my head on trying stuff. xD

[Extremo]

Yeah you just confused the queries. I don't know why you even need that $result one, you can just delete that as it'll simply cause extra load thats unnecessary and wastes memory.

Regards.

[BrandyPenguin]

Why you make double query? This should work->

PHP код:

 $q = mysql_query("SELECT * FROM `users` WHERE username = '$username' AND password = '$password'") or die (mysql_error()); // mySQL query
    $r = mysql_num_rows($q); // Checks to see if anything is in the db.
        if ($r == 1) { // There is something in the db. The username/password match up.
        $_SESSION['logged'] = 1;
        $row = mysql_fetch_array($q)
        $_SESSION['admin'] = $row['admin'];
    header("Location: site.php"); // Goes to main page.
        exit(); // Stops the rest of the script.
        } else { // Invalid username/password.
header("Location: login.php"); // Goes back to login page.
    } 


[Extremo]

What's the point of re-posting the answer? Sorry I just felt like asking because I honestly see no point :S

Regards.