Hi:
I have an admin panel, and i try to use session to seperate the user level, but i can't get it to work. the admin link is not hidding even i am using mod acct
here is my table structure.
table name: moderator
field: mod_id (varchar)
field: mod_password (varchar)
field: level (enum: value '0','1')
level 0 == admin
level 1 == mod
here is my source code of the menu
<?php
session_start();
// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in'])
|| $_SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login.php');
exit;
}
?>
<?
include ('connect.php');
?>
<html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<body>
<font size=+2>Menu:</font><br>=======<br>
Artist:<br>
<a href="add.php" target="main">Add Artist </a><br>
<a href="artist-edit-delete.php" target="main">Update-Delete Artist</a><br>
<br><br>Lyric:<br>
<a href="lyric-add.php" target="main">Add-Edit-Delete Lyric </a><br>
<br><br>Approve Lyric submission:
<br><a href="show-submission-song.php" target="main">Approve Users submitted lyric</a>
<br><br>Search:<br>
<a href="admin-artist-search.php" target="main">Admin Artist Search</a><br>
<?
if ($_SESSION['level'] == 0) {
session_register('mod_id');
$_SESSION['mod_id'] = $mod_id;
session_register('level');
$_SESSION['level'] = $level;
echo "<br><br>Create Mod:<br>";
echo "<a href=\"add-mod.php\" target=\"main\">Creat Mod</a>";
}
?>
<br><br><a href="logout.php" target="_parent">Logout</a>
</html>
here is my login script
<?php
include ('connect.php');
// we must never forget to start the session
session_start();
$errorMessage = '';
if (isset($_POST['mod_id']) && isset($_POST['mod_password'])) {
$mod_id = $_POST['mod_id'];
$mod_password = $_POST['mod_password'];
// check if the user id and password combination exist in database
$sql = "SELECT * FROM moderator WHERE mod_id = '$mod_id' AND mod_password = MD5('$mod_password')";
$result = mysql_query($sql)
or die('Query failed. ' . mysql_error());
$level = $row["level"];
$_SESSION["level"] = $level;
if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['db_is_logged_in'] = true;
// after login we move to the main page
header('Location: index.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}
}
?>
<html>
<head>
<title>BTZ Lyric Moderator Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form method="post" name="BTZ_LOGIN" id="BTZ_LOGIN">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User ID</td>
<td><input name="mod_id" type="text" id="mod_id"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="mod_password" type="password" id="mod_password"></td>
</tr>
<tr>
<td width="150"> </td>
<td><input type="submit" name="BTZ_LOGIN" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
