Hello,
I watched a tutorial from Youtube posted by flashbuilder.
There are two pages 'index.php' and 'admin_login.php' this two pages will connect to MySQL.
First, store manager goes to index.php if manager is set then manager can do inventory works, else he will prompted to the admin_login.php to login(the mysql role here is to check the database with name and password)
Problem is it always tells that invalid entry. Can smn help, Thanks.
<<< INDEX.PHP >>>
<?php
session_start();
if(!isset($_SESSION["manager"])){
header("location: admin_login.php");
exit();
}
//be sure to check that this manager SESSION value is in fact in //the database
$managerID = preg_replace('/[^0-9]/i', '', $_SESSION["id"]);
//filter everything but numbers and letters
$manager=preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["manager"]);
//filter everything but numbers and letters
$password=preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["password"]);
//filter everything but numbers and letters
//Run MySQL query to be sure that this person is an admin and //that their passsword session var equals the database information
//Connest to MySQL database
require("../storescripts/connect_to_mysql.php");
$rashid = "SELECT * FROM admin WHERE id = $managerID AND
username = $manager AND password = $password LIMIT 1";
$sql = mysql_query($rashid);//query the person
//----MAKE SURE PERSON EXISTS IN DATABASE-------
$existCount = mysql_num_rows($sql);//count the row nums
if($existCount == 0){//evaluate the count
echo "Your Login session data is not in the database";
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "<html xmlns="<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Store Admin Area</title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
<style type="text/css">
<!--
.style1 {color: #000000}
-->
</style>
</head>
<body>
<div align = "center" id="mainWrapper">
<?php include_once("../template/template_header.php"); ?>
<div id="pageContent"><br>
<div align=left style="margiin-left:24px;">
<h2 class="style1">Hello Store Manager, what would you like to do today?</h2>
<p class="style1">
<a href="inventory_list.php">Manage Inventory</a><br>
<a href="#">Manage Blah Blah
</a></p>
</div>
<br>
</div>
<?php include_once("../template/template_footer.php"); ?>
</div>
</body>
</html>
/////////////////////////////////////////////////////////////////
<<< ADMIN_LOGIN.PHP >>>
<?php
session_start();
if(isset($_SESSION["manager"])){
header("location: index.php");
exit();
}
?>
<?php
//Parse the log in form if the user has filled it out and //pressed "Log In"
isset($_POST["username"]) && isset($_POST["password"])){
$manager = preg_replace('#[^A-Za-z0-9]#i','',$_POST["manager"]);
//filter everything but numbers and letters
$password=preg_replace('#[^A-Za-z0-9]#i','',$_POST["password"]);//filter everything but numbers and letters
//Connect to the MySQL DATABASE
require("../storescripts/connect_to_mysql.php");
$sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1");
//query the person
$existCount = mysql_num_rows($sql);//count the row nums
if(($existCount) == 1){//evaluate the count
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: index.php");
exit();
}else{
echo 'That information is incorrect, try again';
echo '<a href="index.php">Click Here</a>';
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "<html xmlns="<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin Login</title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
<style type="text/css">
<!--
.style1 {color: #000000}
-->
</style>
</head>
<body>
<div align = "center" id="mainWrapper">
<?php include_once("../template/template_header.php"); ?>
<div id="pageContent"><br>
<div align=left style="margiin-left:24px;">
<h2 class="style1">Please Log In To Manage the Store </h2>
<form id="form1" name="form1" method="post" action="admin_login.php">
User Name<br>
<input type="text" name="username" id="username" id="40" />
<br><br>
Password<br>
<input type="password" name="password" id="password" id="40" />
<br><br><br>
<input type="submit" name="button" id="button" value="Log In" />
</form>
</div>
<br>
</div>
<?php include_once("../template/template_footer.php"); ?>
</div>
</body>
</html>
/////////////////////////////////////////////////////////////////
I watched a tutorial from Youtube posted by flashbuilder.
There are two pages 'index.php' and 'admin_login.php' this two pages will connect to MySQL.
First, store manager goes to index.php if manager is set then manager can do inventory works, else he will prompted to the admin_login.php to login(the mysql role here is to check the database with name and password)
Problem is it always tells that invalid entry. Can smn help, Thanks.
<<< INDEX.PHP >>>
<?php
session_start();
if(!isset($_SESSION["manager"])){
header("location: admin_login.php");
exit();
}
//be sure to check that this manager SESSION value is in fact in //the database
$managerID = preg_replace('/[^0-9]/i', '', $_SESSION["id"]);
//filter everything but numbers and letters
$manager=preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["manager"]);
//filter everything but numbers and letters
$password=preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["password"]);
//filter everything but numbers and letters
//Run MySQL query to be sure that this person is an admin and //that their passsword session var equals the database information
//Connest to MySQL database
require("../storescripts/connect_to_mysql.php");
$rashid = "SELECT * FROM admin WHERE id = $managerID AND
username = $manager AND password = $password LIMIT 1";
$sql = mysql_query($rashid);//query the person
//----MAKE SURE PERSON EXISTS IN DATABASE-------
$existCount = mysql_num_rows($sql);//count the row nums
if($existCount == 0){//evaluate the count
echo "Your Login session data is not in the database";
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "<html xmlns="<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Store Admin Area</title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
<style type="text/css">
<!--
.style1 {color: #000000}
-->
</style>
</head>
<body>
<div align = "center" id="mainWrapper">
<?php include_once("../template/template_header.php"); ?>
<div id="pageContent"><br>
<div align=left style="margiin-left:24px;">
<h2 class="style1">Hello Store Manager, what would you like to do today?</h2>
<p class="style1">
<a href="inventory_list.php">Manage Inventory</a><br>
<a href="#">Manage Blah Blah
</a></p>
</div>
<br>
</div>
<?php include_once("../template/template_footer.php"); ?>
</div>
</body>
</html>
/////////////////////////////////////////////////////////////////
<<< ADMIN_LOGIN.PHP >>>
<?php
session_start();
if(isset($_SESSION["manager"])){
header("location: index.php");
exit();
}
?>
<?php
//Parse the log in form if the user has filled it out and //pressed "Log In"
isset($_POST["username"]) && isset($_POST["password"])){
$manager = preg_replace('#[^A-Za-z0-9]#i','',$_POST["manager"]);
//filter everything but numbers and letters
$password=preg_replace('#[^A-Za-z0-9]#i','',$_POST["password"]);//filter everything but numbers and letters
//Connect to the MySQL DATABASE
require("../storescripts/connect_to_mysql.php");
$sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1");
//query the person
$existCount = mysql_num_rows($sql);//count the row nums
if(($existCount) == 1){//evaluate the count
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: index.php");
exit();
}else{
echo 'That information is incorrect, try again';
echo '<a href="index.php">Click Here</a>';
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "<html xmlns="<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin Login</title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
<style type="text/css">
<!--
.style1 {color: #000000}
-->
</style>
</head>
<body>
<div align = "center" id="mainWrapper">
<?php include_once("../template/template_header.php"); ?>
<div id="pageContent"><br>
<div align=left style="margiin-left:24px;">
<h2 class="style1">Please Log In To Manage the Store </h2>
<form id="form1" name="form1" method="post" action="admin_login.php">
User Name<br>
<input type="text" name="username" id="username" id="40" />
<br><br>
Password<br>
<input type="password" name="password" id="password" id="40" />
<br><br><br>
<input type="submit" name="button" id="button" value="Log In" />
</form>
</div>
<br>
</div>
<?php include_once("../template/template_footer.php"); ?>
</div>
</body>
</html>
/////////////////////////////////////////////////////////////////