I am currently using the following code to make sure a user is logged in before they can view the admin area. This code goes in the admin.php file, and any other page that is in the admin panel.
and here is the file i use to process the login. after they click submit for entering from the login area, it will process the login information.
my question is, how can i make it so if a certian user logs in, say "guest", and that it is limited to only view the areas of the site, but to be able to actually submit any info, delete any info, or anything like that?
PHP:
session_start();
if(!isset($_SESSION['loggedin'])) {
header('Location: http://www.workperkaz.com/admin/index.php?error=1');
exit();
}
and here is the file i use to process the login. after they click submit for entering from the login area, it will process the login information.
PHP:
<?php
session_start();
include('includes/phpconnect.php');
//$dbHost = ""; // Database Connection Details - host
//$dbUser = ""; // Database Connection Details - username
//$dbPass = ""; // Database Connection Details - password
//$dbname = ""; // Database Connection Details - database name
$username = $_POST['username'];
// Stores our inputted data in these variable names
$password = $_POST['password'];
// Stores our inputted data in these variable names
//$db = mysql_connect($dbHost,$dbUser,$dbPass); // Connection Code
mysql_select_db ("DATABASE NAME GOES HERE"); // Connects to database
$query = "SELECT user, pass FROM login WHERE user = '$username' AND pass = '$password'";
$result = mysql_query($query);
if(mysql_num_rows($result)) {
$_SESSION['loggedin'] = 1;
//header('Location: http://www.workperkaz.com/admin/admin.php');
include("admin.php");
exit(); }
else {
//header('Location:http://www.workperkaz.com/admin/index.php?error=1');
echo '<div align="center">Invalid login data supplied. Please try again.</div>';
include("index.php");
exit(); }
?>
my question is, how can i make it so if a certian user logs in, say "guest", and that it is limited to only view the areas of the site, but to be able to actually submit any info, delete any info, or anything like that?
Last edited: