Reccomendations for Admin pages?

anthony522

I'm creating a site for a friend and need to setup some Admin pages where he can go in and modify things stored in the database. I have the pages all setup and working fine and now I need to figure out the best way to setup access to the admin pages using a PHP/MySQL solution.

Can anybody suggest a good method or direct me to a good tutorial online that would help me with this?

bastien

use a login form and sessions and store the admin stuff in another folder

anthony522

Originally posted by bastien
use a login form and sessions and store the admin stuff in another folder

Figured as much but how to do that is the part I'm not sure about 🙂.

bastien

okay...one the main page you could add a link for admins

like <a href="/admin/login.php">For Admins</a>


<?
//sample login
//
session_start();

if ($_POST['submit']){

//call to function to show login form
show_login_form();

}else{

//call to function to confirm login is correct
confirm_login();

}
//
function show_login_form()
{

   echo "<html><body><table>
             <tr><td>Username</td><td><input type=\"text\" name=\"user\"></td></tr>
             <tr><td>Password</td><td>><input type=\"password\" name=\"pass\"></td></tr>
             <tr><td colspan=2><input type=\"submit\" name=\"submit\" value=\"login\"></td></tr>
             </table></body></html>";
}//end function
//
function confim_login()
{
     $user=$_POST['user'];
     $pass=$_POST['pass'];

 //validate the user
 $sql="select password from login_table where user='$user'";

 $result=mysql_query($sql) or die("Can't connect because ".mysql_error());

 if ($result){
     while ($rows=mysql_fetch_array($result)){

        $password=$rows['password'];

     }

     if ($pass==$password){

        //set session vars
        $_SESSION['logged']=1;
        $_SESSION['ip']=getenv ("REMOTE_ADDR"); 

        //could add others as needed

       header("location:/admin/main.php");

    }else{

        echo "Unsucessful login attempt. try again."
        show_login_form();

    }
}//end function
?>

this does not address things like password encryption, db design and registration layout. this does assume that there is only one username for each user

hth