Jump to content

Admin Login Question


debmc99

Recommended Posts

Hello,

 

I have a login system working (which I did from the Killersites University videos). I have a member's table set up in my database and all works well.

 

My question is, what is an easy way to only have the admin username and password redirect to a page called download.php? Currently, when the admin logs in they are redirected to a page called members.php along with all other users in the db.

 

So I made a new page for the admin to login. What I would like is for them to type in the username and password and go to download.php. The site is hosted on godaddy (not my choice) and I don't think I have access to privileges for the db.

 

This is part of the code I am using, is there any way to specify the username and password? As in $_POST['username'] == 'specific name here' or is this not a good thing to do? I hope I am making sense. Any help would be appreciated. Thank you very much.

 


if (isset($_POST['submit']))
{
// if form has been submitted, process form
if ($_POST['username'] == '' || $_POST['password'] == '')
{
	// both fields need to be filled in
	if ($_POST['username'] == '') { $error['user'] = 'required!'; }
	if ($_POST['password'] == '') { $error['pass'] = 'required!'; }
	$error['alert'] = 'Please fill in required fields!';

Link to comment
Share on other sites

First off, I'll point out that parts 17 and 18 in that series cover basic member permissions. I demonstrate how to adjust things so that users get different permission levels, and you can then perform different actions (such as choosing which page to redirect to) depending on their permission level. That's one way to approach it.

 

Another way would be to hard code the admin username/password into the file. So, just after the step where you get the info from the form/make sure all the form fields are filled in, but before the step where you check the inputted data against the database, you could add a simple if statement that would check what username/password combination was entered. If they match the correct admin username/password, you redirect them to the download page. So:

 

// get and clean data from form
$input['user'] = htmlentities($_POST['username'], ENT_QUOTES);
$input['pass'] = htmlentities($_POST['password'], ENT_QUOTES);

// check for admin user
if ($input['user'] == 'your_admin_username' && $input['pass'] == 'your_admin_password')
{
   header("Location: download.php");
}
// if they don't match, continue by checking the info from the form against the database...

// create query

 

Personally, I'm a bit more comfortable storing the username/password in the database for security reasons. I'd rather not store that in plain text within the file.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...