0
I am trying to redirect registered users to the control panel and other visitors to the login page, but I get this message:
Login
<?php
$page = "Login";
include "header.php";
$user_error='';
$pass_error='';
if(isset($_POST["login"])){
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
if(empty($username)){
$user_error = 'Please insert a username';
}
elseif(!empty($username)){
$checkusername = mysql_query("SELECT * FROM `database`.`user` WHERE `username` = '".$username."'");
if(mysql_num_rows($checkusername) == 0){
$user_error = 'Wrong username';
}
}
if(empty($password)){
$pass_error = 'Please insert a password';
}
elseif(!empty($password)){
$checkpassword = mysql_query("SELECT * FROM `database`.`user` WHERE `username` = '".$username."' AND `password` = '".$password."'");
if(mysql_num_rows($checkpassword) == 0){
$pass_error = 'Wrong password';
}
}
}
if(empty($user_error)&& empty($pass_error)&& isset($_POST['login'])){
$login_check = mysql_query("SELECT * FROM `database`.`user` WHERE `username` = '".$username."' and password = '".$password."'") or die(mysql_error());
if(mysql_num_rows($login_check) == 1){
setcookie("username",$username);
$_SESSION['username'];
$_SESSION['password'];
header("Location: control-painel.php");
$logged == 1;
}
}
else{
$user_error = empty($user_error)?'' : htmlEntities($user_error);
$pass_error = empty($pass_error)?'' : htmlEntities($pass_error);
?>
<div id="loginform">
<form name="loginform" method="post">
<table cellpadding="0" id="tb">
<tr>
<td colspan="2">
<div class="loginheader">
<h2>Login</h2>
</div>
</td>
</tr>
</table>
<div id="message">
<?php echo $user_error; ?><br><br>
<?php echo $pass_error; ?>
</div>
<table cellpadding="0">
<tr>
<td class="field">Username:</td>
<td><input type="text" class="text" name="username"></td>
</tr>
<tr>
<td class="field">Password:</td>
<td><input type="password" class="text" name="password"></td>
</tr>
</table>
<table cellpadding="0">
<tr>
<td class="field"></td>
<td><input type="submit" class="submitbutton" name="login" value="Login"/></td>
</tr>
</table>
</form>
</div>
<?php
}
include "footer.php";
?>
Logout
<?php
if(isset($_POST['logout'])){
session_start();
session_destroy();
header("Location: index.php");
}
?>
Control Panel
<?php
$page = "Control Painel";
include "header.php";
if(!isset($_SESSION['username'], $_SESSION['password'], $logged)){
header("location: control-painel.php");
}
else{
header("location: login.php");
}
?>
<form action="logout.php" method="post">
<input type="submit" class="submitbutton" name="logout" value="Logout"/>
</form>
<?php
include "footer.php";
?>
You already have an answer on this link: http://answall.com/questions/13386/login-em-php-niveis-de-permissao?rq=1
– user6026
Use sessions and encrypt data. Read the session manual.
– HiHello
Where do I find this manual?
– Lukaz11