debmc99 Posted August 22, 2010 Report Share Posted August 22, 2010 Hello, I have a login system working (which I did from the Killersites University videos). I have a member's table set up in my database and all works well. My question is, what is an easy way to only have the admin username and password redirect to a page called download.php? Currently, when the admin logs in they are redirected to a page called members.php along with all other users in the db. So I made a new page for the admin to login. What I would like is for them to type in the username and password and go to download.php. The site is hosted on godaddy (not my choice) and I don't think I have access to privileges for the db. This is part of the code I am using, is there any way to specify the username and password? As in $_POST['username'] == 'specific name here' or is this not a good thing to do? I hope I am making sense. Any help would be appreciated. Thank you very much. if (isset($_POST['submit'])) { // if form has been submitted, process form if ($_POST['username'] == '' || $_POST['password'] == '') { // both fields need to be filled in if ($_POST['username'] == '') { $error['user'] = 'required!'; } if ($_POST['password'] == '') { $error['pass'] = 'required!'; } $error['alert'] = 'Please fill in required fields!'; Quote Link to comment Share on other sites More sharing options...
falkencreative Posted August 22, 2010 Report Share Posted August 22, 2010 First off, I'll point out that parts 17 and 18 in that series cover basic member permissions. I demonstrate how to adjust things so that users get different permission levels, and you can then perform different actions (such as choosing which page to redirect to) depending on their permission level. That's one way to approach it. Another way would be to hard code the admin username/password into the file. So, just after the step where you get the info from the form/make sure all the form fields are filled in, but before the step where you check the inputted data against the database, you could add a simple if statement that would check what username/password combination was entered. If they match the correct admin username/password, you redirect them to the download page. So: // get and clean data from form $input['user'] = htmlentities($_POST['username'], ENT_QUOTES); $input['pass'] = htmlentities($_POST['password'], ENT_QUOTES); // check for admin user if ($input['user'] == 'your_admin_username' && $input['pass'] == 'your_admin_password') { header("Location: download.php"); } // if they don't match, continue by checking the info from the form against the database... // create query Personally, I'm a bit more comfortable storing the username/password in the database for security reasons. I'd rather not store that in plain text within the file. Quote Link to comment Share on other sites More sharing options...
debmc99 Posted August 23, 2010 Author Report Share Posted August 23, 2010 Perfect - thanks Ben! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.