I was hoping someone could take a second and look down my code and see if they see any problems with how it was written before I continue on.
Code: <?php
require "backstageconfig.php";
require "backstagefunctions.php";
ob_start();
//if the login form is submitted
if(isset($_POST['submit']))
{
// makes sure they filled it in
if(!$_POST['username'] || !$_POST['password'])
{
die('You did not fill in a required field.');
}
$username = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
$check = mysql_query("SELECT * FROM users WHERE username = '".$username."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0)
{
die('That user does not exist in our database.');
}
while($info = mysql_fetch_array( $check ))
{
$pass = md5(stripslashes($_POST['password']));
$info['password'] = stripslashes($info['password']);
//$_POST['pass'] = md5($_POST['pass']); THIS IS DONE IN THE ABOVE STATEMENT
//gives error if the password is wrong
if ($pass != $info['password'])
{
die('Incorrect password, please try again.');
}
else
// if login is ok then we add a cookie and send them to the correct page
{
$username = stripslashes($username);
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = time();
// Finds out the user type
$query = "SELECT `admin` FROM `users` WHERE `username` = '" . $username . "'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$admin = $row['admin'];
$_SESSION['admin'] = $admin;
#########################################
######## ADMIN SCRIPT CAN BE ADDED BELOW
#########################################
if(isset($_SESSION['admin'])) { ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Language" content="en-us">
<meta name="language" content="en-us">
<title>Backstage V1 Administration Console</title>
<link rel="stylesheet" href="backstage.css" type="text/css" media="screen">
</head>
<body>
<div id=container>
<div class=header>
<table cellpadding="0" cellspacing="0" border="0" width="95%">
<tr>
<td width=110 align=center></td>
<td></td>
<td width=40 valign=bottom align=right>
<a href="#" onclick="">Home</a> | <a href="#" onclick="">Logout</a> | <a target="_blank" href="http://kansasoutlawwrestling.com/phpBB3">Forums</a></td>
</tr>
</table>
</div>
<div id=container2>
<div id=nav>
<?php if(isset($_SESSION['loggedin'])) { ?>
<h1>Character</h1>
<ul>
<li><a href="#" onclick="">Biography</a></li>
<li><a href="#" onclick="">Allies</a></li>
<li><a href="#" onclick="">Rivals</a></li>
<li><a href="#" onclick="">Quotes</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['loggedin'])) { ?>
<h1>Submit</h1>
<ul>
<li><a href="#" onclick="">Roleplay</a></li>
<li><a href="#" onclick="">News</a></li>
<li><a href="#" onclick="">Match</a></li>
<li><a href="#" onclick="">Seg</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?>
<h1>Handler</h1>
<ul>
<li><a href="#" onclick="">Directory</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?>
<h1>Booking</h1>
<ul>
<li><a href="#" onclick="">Champions</a></li>
<li><a href="#" onclick="">Booker</a></li>
<li><a href="#" onclick="">Compiler</a></li>
<li><a href="#" onclick="">Archives</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?>
<h1>Fed Admin</h1>
<ul>
<li><a href="#" onclick="">Handlers</a></li>
<li><a href="#" onclick="">Characters</a></li>
<li><a href="#" onclick="">Applications</a></li>
<li><a href="#" onclick="">Event Names</a></li>
<li><a href="#" onclick="">Title Names</a></li>
<li><a href="#" onclick="">Match Types</a></li>
<li><a href="#" onclick="">Divisions</a></li>
<li><a href="#" onclick="">Arenas</a></li>
</ul>
<?php } ?>
<?php if(isset($_SESSION['loggedin']) && $_SESSION['admin'] == 1) { ?>
<h1>Site Admin</h1>
<ul>
<li><a href="#" onclick="">Templates</a></li>
<li><a href="#" onclick="">Content</a></li>
<li><a href="#" onclick="">Bio Configuration</a></li>
<li><a href="#" onclick="">News Categories</a></li>
<li><a href="#" onclick="">Menus</a></li>
</ul>
<?php } ?>
</div>
<div id=content>
</div>
<div id="footer">Backstage 1 © 2009
</div>
</div>
</div>
</body>
</html>
<?php
#########################################
######## ADMIN SCRIPT HAS TO END ABOVE
#########################################
}
}
}
}
else
{
// if they have not submitted the form
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Language" content="en-us">
<meta name="language" content="en-us">
<title>Backstage V1 Administration Console</title>
<link rel="stylesheet" href="backstage.css" type="text/css" media="screen">
</head>
<body>
<div id=login>
<form method="POST" action="/mybackstage/backstage.php">
<h1>KOW Backstage</h1>
<p><label>Username:
<input type="text" name="username" id="log" tabindex="1"></label></p>
<p><label>Password:
<input type="password" name="password" id="pwd" tabindex="2"></label></p>
<p style="text-align: center;"><input type="submit" class="button" name="submit" id="submit" value="Login »" tabindex="4"></p>
</form>
</div>
</body>
</html>
<?php
}
?>
Disable html within defined tags
I have a mysql database that allows users to enter content with html, but I also want to have a tag that will disable the html between it for example:<a
Stats of viewers
Hello. I have a website in php and people can login. I want to make an admin control panel where u can see how many people are currently logged in and also how many people in total (including the ones
MFC GUI Programming
I am working on a project right now that requires me to create a MFC Windows GUI. Basically it needs to be able to pop up after hitting a button from another main application which would also be a
Detail Expenses Report by Cost Center
I would like to obtain a report out of SAP that shows a list of expenses by cost center that shows the vendor that the expense related to.
Navigation include for all site directories
Hi,I need a navigation include that can deal with directories at different levels on a site. All I can seem to find are the basic includes for files all in the same directory. This doesn't work for me
Format timestamp from mysql
When I tried this:Code: date("m/d/Y H:i A", $row['timestamp'])I got 12/31/1969 18:33 PM, so I know the time section is working at least. How can I get the mm/dd/yyyy section to work
upload only text files
hi guys i want to upload only text like like (pdf,note pad and ofiice files) so can any one please tell me how can i restrict that
Upload file!
Ok i have a form.. Code: <form name="form1" method="post" action=""> <p>Name: <input name="Name" type="text"
Help adding strtolower( to my in_array
strtolower i need to add it to this to work, iuno how.Code: $moderators = array('Admin', 'banana', 'orange');if (in_array("{$_SESSION['user_name']}", $moderators)) print('Found it!');i
Scheduler problems related to execution of a single BLT by many schedules
Hello all,