Admin Checking Function or page

lorddraco98

OK, I need some help here. I've been chewing away at this one for days now and I can't figure it out. I basically want something like vBulletin does when you access anything in the /admin directory. Let me explain. Without using .htaccess, I want to do the following:

on any page located in the admin directory either have a "

require("admincheck.php");

or have a function i can call to start the admin check

first off the page/function needs to check if the session variable "adminloggedin" equals true or false. If it equals true, i want that page/function to exit, and then allow the original page to display it's source/do whatever it does.

If adminloggedin= false, then I want it to display a login box, even if the user is already logged in. THe user enters their info, the page/function somehow takes that data, checks it with my database and checks the following: Are the name/pass correct AND is that user's usergroupid= 6(administrator)

If that is true, then adminloggedin needs to be set equal to true, and the original page needs to load and do whatever it does. If the user/pass is incorrect or the user is not an admin, display an error and display the login box, and keep the variable as false.

Basically another admin check security.
So if someone could help me with the coding here that'd be great!!
Thanks!

diego25

We're glad to help - just post your question here.

Diego

lorddraco98

lol that is my question 😉
I can't figure out the code for this/the way to do it

diego25

Can we see what you've tried so far?

Diego

lorddraco98

here's my first function

function admincheck()
{
if (!(isset($_SESSION['admincploggedin'])))
{
$_SESSION['admincploggedin']= "false";

}
if ($_SESSION['admincploggedin']=="false")
{
echo "Administrator Access Required. Please Enter Your Login Information<br>";
echo "<form method='post' action='admincheck.php?action=check'>\n
<b>Username:</b><input name='loginname' type='text' length='15' maxlength='30'><br>\n
<b>Password:   </b><input name='loginpassword' type='password' length='15' maxlength='50'><br>\n
<input type='submit' value='Submit'>  <input type='reset'>
</form>";
$_SESSION[admincploggedin]= "checking";
}
}

but I dunno what to do with the stuff in the login box. Like where do I send the data to?

here's my include page attempt:

session_start();
include("config.php");
if (!(isset($_SESSION['admincploggedin'])))
{
$_SESSION['admincploggedin']= "false";

}
if ($_SESSION['admincploggedin']=="false")
{
echo "Administrator Access Required. Please Enter Your Login Information<br>";
echo "<form method='post' action='admincheck.php?action=check'>\n
<b>Username:</b><input name='loginname' type='text' length='15' maxlength='30'><br>\n
<b>Password:   </b><input name='loginpassword' type='password' length='15' maxlength='50'><br>\n
<input type='submit' value='Submit'>  <input type='reset'>
</form>";
$_SESSION[admincploggedin]= "checking";
}
if ($action=="check")
{
@ $db = mysql_pconnect($host, $user, $password);
 if (!$db)
   {
     echo "Error: Could not connect to database.  Please check that you have entered the correct information in the config.php file!<br>";
     exit;
   }
@ $select = mysql_select_db($database);
if (!$select)
    {
echo "Error: Could not select database. Please check that you have entered the correct information in the config.php file!<br>";
exit;
    } 
$query1= "select * from user where username= '$_post[loginname]'";
$result1= mysql_query($$query1)
or die("Couldn't execute query");
while($r= mysql_fetch_array($result1))
{
$checkpass= $r['password'];
$checkusergroupid= $r['usergroupid'];
}
$userpass= md5($_POST['loginpassword']);
if ($userpass !=$checkpass || $checkusergroupid != "6")
{
echo "You have either entered invalid login details or you are not a valid administrator!<br>";
echo "Please try again<br>";
$_SESSION['admincploggedin']= "false";
exit;
}
else
$_SESSION['admincploggedin'] = "true";

the problem there is how do I get the script to reload the original page that I'm trying to display if admincploggedin=true and if admincploggedin= false, then i need it to display the login box again

diego25

but I dunno what to do with the stuff in the login box. Like where do I send the data to?

Don't set the form action to adminchec.php. Set the action to the original script (i.e. the script that includes admincheck.php). That way, when the original script loads, it will include admincheck.php again, which will check again the username and password. And this also answers your second question:

the problem there is how do I get the script to reload the original page that I'm trying to display if admincploggedin=true and if admincploggedin= false, then i need it to display the login box again

By doing nothing when admincploggedin==true, PHP will just continue with the original script and it will load.

Also, another modification that you have to make, is to do an exit() or something after the login box is displayed, to terminate the script, otherwise u'll get the login box and the original script displayed (which u don't want)

Diego

lorddraco98

k, but another problem hehe. The url for the original script will have to be dynamic then. Because if I want to be able to call this function or inlcude a page, it needs to refer back to the original script, which will be different for every page that requires this. How do I get around that?
Also, for simplicity, for any page in the admin directory, I only want to have to either do a: admincheck(); or a require(admincheck.php), if possible.

diego25

So put all your code in one function called admincheck(), and set it up so that it takes a parameter. That parameter will be the URL of the original script. So, from your original script you'd say:

admincheck($PHP_SELF);

And then your function would take that URL and put it as the action of the form.

Diego

lorddraco98

k, then say I did a function. What would I put for the script that the submit button in the login box refers to? If I put the orignial script, I'd have to do more coding to get it to check and such, no?
Basically, how do I finish it off once the user hits submit to the point where admincplogged= true and my orignial script is displayed?

diego25

If I put the orignial script, I'd have to do more coding to get it to check and such, no?

No...coz when the login form submits, it goes to the original script. The original script has admincheck($PHP_SELF), and admincheck() checks for the session and all that stuff...so there's no more coding.

Diego