Admin Login

Anon

I want to do an admin login system so webmasters can login to my set of forms, that manage my website, I just cant get my admin thingy working. It should select users out of a table and if there is no match corresponding to the form the give them a access denied message or something. Could anyone help me?

amcgrath

Paste the code you're using in your "admin thingy", that would help for starters..

Anon

Hehe, Okay...

<?php
//adminfile
mysql_connect("localhost","*","");
mysql_select_db("***");
$tablename = "cncsectornewstable2";
$date = date ("H\hi l d F", time());
if($page == "login") { ?>
<form action="admin.php" method="post">
Username:<input type="text" name="username"><br>
Password:<input type="password" name="password"><br>
<input type="submit" value="Submit">
</form>
<? }
$sql = mysql_query("select from userstable where(t_username = '$username') and (t_password = '$password')");
if(!$sql) { $dontshowpage=1; echo "Access denied"; }
if(!$dontshowpage) {

<head>
<style type="text/css">
body{font-family:verdana;font-size:10px}
</style>
<title>Admin control central - <?php echo "$title"; ?></title>
</head>
<body bgcolor="white" alink="blue" vlink="blue" >
<?php
if($page == "main") { ?>
<p>Welcome, to the admin control central page</p><br>
<b>Manage...</b><br>
<a href="admin.php?page=submitnews">Submit News</a><br>
<a href="admin.php?page=formtoremovenews">Remove news items</a><br>
<a href="admin.php?page=formtoupdatenews">Update news items</a><br>
<a href="admin.php?page=viewcommentstable">Manage comments</a><br>
<a href="admin.php?page=maintanence">Maintain</a><br>

<? }
if($page == "createtables") {
$sql = mysql_query("create table $tablename(
t_newstext blob,
t_author varchar(100),
t_id int(255)not null auto_increment,
t_icon varchar(100),
t_date varchar(100),
t_subject varchar(100),
primary key(t_id))
");
if(!$sql) { $error=mysql_error(); echo "$error"; }
else{ echo "Success"; }
}
if($page == "news") { ?>
<p>Welcome to news admin:<br>
<a href="admin.php?page=submitnews">Submit News</a></p>
<?
}
if($page == "submitnews") { ?>
<p>Hi welcome to submit news to submit news fill out the form below:</p>
<form action="admin.php?username=$user&password=$pass" method="post">
<input type="hidden" name="page" value="addnewstodatabase">
Your name:<input type="text" name="author"><br>
Subject:<input type="text" name="subject"><br>
Icon:<select name="icon">
<option value="">No icon</option>
<option value="http://www.cncsector.com/yabbstuff/YaBBImages/smiley.gif">Smiley</option>
<option value="http://www.cncsector.com/yabbstuff/YaBBImages/wink.gif">Wink</option>
<option value="http://www.cncsector.com/yabbstuff/YaBBImages/huh.gif">Huh?</option>
<option value="http://www.cncsector.com/yabbstuff/YaBBImages/grin.gif">Grin</option>
<option value="http://www.cncsector.com/yabbstuff/YaBBImages/cry.gif">Cry</option>
<option value="http://www.cncsector.com/yabbstuff/YaBBImages/embarassed.gif">Embarassed</option>

Your news:<br>
<textarea cols="25" rows="10" name="newstext"></textarea><br>
<input type="submit" value="Submit news">
<? }
if($page == "addnewstodatabase") {
$sql = mysql_query("insert into $tablename(
t_author,t_newstext,t_icon,t_date,t_subject) values ('$author','$newstext','$icon','$date','$subject')");
if(!$sql) { $error = mysql_error(); echo "$error"; }
else{

echo "News succesfully added to the database, <a href=\"index.php?page=main\">View your news</a> or go to the <a href=\"admin.php?page=main\">Go to the main page</a>";
}
}
if($page == "maintanence") {
echo "<a href=\"admin.php?page=createtables\">Create the news table</a><br><a href=\"admin.php?page=createcomment\">Create the comments table</a><br><a href=\"admin.php?page=createuserstable\">Create the users table</a>";
}
if($page == "createcomments") {
$sql = mysql_query("create table commentsfornews(
comments varchar(255),
person varchar(255),
t_commentid int(255)not null auto_increment,
newsid varchar(10),
primary key(t_commentid))
");
if(!$sql) {$error=mysql_error(); echo "$error"; }
else{
echo "Comments table completed";
}
}
if($page == "formtoremovenews") {
$sql = "select * from cncsectornewstable2";
$result = mysql_query( $sql );
while($myrow = mysql_fetch_array($result)) {
$author = $myrow["t_author"];
$newstext = $myrow["t_newstext"];
$idnumber = $myrow["t_id"];
echo "<form action=\"admin.php\">
<input type=\"hidden\" name=\"page\" value=\"removenews\">
<input type=\"hidden\" name=\"idnumber\" value=\"$idnumber\">
<input type=\"text\" name=\"author\" value=\"$author\"><br>
<textarea cols=\"25\" rows=\"10\" name=\"newstext\">$newstext</textarea><br>
<input type=\"submit\" value=\"Remove\"><br>
<br>
</form>";
}
}
if($page == "removenews") {
$sql = mysql_query("delete from $tablename
where t_id = '$idnumber'");
echo "News sucessfully deleted";

}
if($page == "viewcommentstable") {
echo "<table border=\"1\" width=\"75%\">
<tr>
<td>News ID</td><td>Comments ID</td><td>Comment</td><td>Author</td><td>Delete</td>
</tr>";
$sql = "select from commentsfornews";
$result = mysql_query($sql);
while($myrow = mysql_fetch_array($result)) {
$person = $myrow["person"];
$comments = $myrow["comments"];
$newsid = $myrow["newsid"];
$commentsid = $myrow["t_commentid"];
echo "<tr>
<td>$newsid</td><td>$commentsid</td><td>$comments</td><td>$person</td><td align=\"center\" valign=\"middle\">
<form action=\"admin.php?page=deletecomment&commentid=$commentsid\" method=\"post\">
<input type=\"submit\" value=\"Delete\">
</form>
</td>
</tr>";
}
echo "</table>";
}
if($page == "deletecomment") {
$sql = mysql_query("delete from commentsfornews where t_commentid = '$commentid'");
if(!$sql) { $error = mysql_error(); echo "$error"; }
else { echo "Comment deleted, <a href=\"admin.php?page=viewcommentstable\">Click here to go back</a>"; }
}
if($page == "formtoupdatenews") {
$sql = ("select from $tablename");
$result = mysql_query( $sql );
while($myrow = mysql_fetch_array($result)) {
$author = $myrow["t_author"];
$newstext = $myrow["t_newstext"];
$idnumber = $myrow["t_id"];
echo "<form action=\"admin.php\">
<input type=\"hidden\" name=\"page\" value=\"updatenews\">
<input type=\"hidden\" name=\"idnumber\" value=\"$idnumber\">
<input type=\"text\" name=\"author\" value=\"$author\"><br>
<textarea cols=\"25\" rows=\"10\" name=\"newstext\">$newstext</textarea><br>
<input type=\"submit\" value=\"Update\"><br>
<br>
</form>";
}
}
if($page == "updatenews") {
$sql = mysql_query("update $tablename
set t_newstext = '$newstext'
where t_id = '$idnumber'
");
if(!$sql) {
$error = mysql_error();
echo "Failed because $error";
}
else {
echo "Succesfully updated news <a href=\"index.php\">View news</a> or <a href=\"admin.php?page=formtoupdatenews\">Update more news</a>";
}
}
if($page == "createuserstable") {
$sql = mysql_query("create table adminusers(
username varchar(255),
adminid int(255)not null auto_increment,
password varchar(255),
title varchar(255),
primary key(adminid))");
if(!$sql) { $error = mysql_error(); echo "There was a problem:<br>$error"; }
else { echo "Table created succesfully";}
}
if($page == "addauser") { ?>
<b>New user</b><br>
<form action="admin.php" method="post">
<input type="hidden" name="page" value="addusertodb">
<b>Username</b><br><input type="text" name="newuser"><br>
<b>Password</b><br><input type="password" name="userpassword"><br>
<input type="submit" value="Create user">
<?php
}
if($page == "addusertodb") {
mysql_query("insert into adminusers(
(username,password) values ('$newuser','$userpassword'))");
}
}
?>

amcgrath

Thanks, now when you say you can't get it working, what exactly do you mean? what problems, errors etc are you seeing?