- This topic is empty.
-
AuthorPosts
-
October 29, 2013 at 8:45 pm #154560AnonymousInactive
for some reason this PHP code is functioning, but it makes the html elements disappear. Are there any errors in the code i might be missing?
<title>Admin Panel Login</title> <meta charset="utf-8"/> <style type="text/css"> body { text-align:center; } </style> </head> <body> <?php if(isset($_POST['submit'])) { $name = $_POST['name']; $pass = $_POST['password']; $result = mysql_query("SELECT * FROM users WHERE name='$name' AND pass='$pass'"); $num = mysql_num_rows($result); if ($num == 0) { echo "Incorrect Password or username Kevin!!!"; } else { session_start(); $_SESSION['name'] = $name; header("Location: admin.php"); } ?> <h1> Poverty To Profits Admin Panel Login</h1> <form action="login.php" method="post"> Username: <input type="text" name="name"/><br/> Password: <input type="password" name="password"/><br/> <input type="submit" name="submit" value="Login!"/> </form> <?php } ?> </body>
October 29, 2013 at 10:14 pm #154565__ParticipantYour blocks are set up so the form will only be printed if
$_POST['submit']
is truthy.October 30, 2013 at 12:15 am #154570AnonymousInactiveThanks. I also have another question that i might as well post here. I’m working on the admin panel for my blog site and im not exactly sure how to secure it. I’m new to php and mysql and am not fully aware of how it works. I can login to my admin panel with a password and username and it redirects to the admin panel page if the password is correct. Although its kinda useless because i can just go to the admin panel directory without entering the password and username. For example i can just go to local/blog/admin_panel.php and there it is for everyone to see. So how exactly does one protect the admin panel from being used by others? maybe having the site require the password even when going directly to the directory.
Heres my login page php
<!DOCTYPE> <?php include "../php/db_connect.php"; session_start(); ?> <html> <head> <title>Poverty To Profits Admin Panel Login</title> <meta charset="utf-8"/> <link rel="stylesheet" type="text/css" href="admin_style.css"/> </head> <body> <h1> Poverty To Profits Admin Panel Login</h1> <form action="login.php" method="post"> Username: <input type="text" name="username"/><br/> Password: <input type="password" name="pass"/><br/> <input type="submit" name="login" value="Login"/> </form> </body> </html> <?php include "../php/db_connect.php"; if(isset($_POST['login'])) { $username = $_POST['username']; $pass = $_POST['pass']; $admin_query = "select * from admin_login where username='$username' AND pass='$pass'"; $run = mysql_query($admin_query); if(mysql_num_rows($run)>0) { $_SESSION['username']=$username; echo "<script>window.open('admin_panel.php','_self')</script>"; } else { echo "NOOO, ASI NO EEE"; } } ?>
October 30, 2013 at 12:20 am #154571__ParticipantInstead of redirecting, you need to integrate the credentials check into the page in question.
Alternatively (and maybe more workable in the long run), use the login/check page to serve the restricted content (e.g., via
include
), and keep the page itself inaccessible (via mod_passwd, keep it outside the webroot, or similar).October 30, 2013 at 12:30 pm #154640AnonymousInactiveSo in my code above will i simply need to replace
echo "<script>window.open('admin_panel.php','_self')</script>";
with the include function you mentioned that will include the admin page?
October 30, 2013 at 2:54 pm #154659__ParticipantIt would appear so, though of course I couldn’t be sure without knowing how your code is written. If your admin page relies on specific URLs or
$_GET
parameters, for example, you might need to rework some of it to accommodate the fact that you’re not actually “on” the admin page.Give it a try.
October 30, 2013 at 3:32 pm #154665AnonymousInactiveWell my admin panel is nothing right now. Just this.
<?php
echo "test";
?>So i need to make my admin_panel.php page check the specific url? i’m not sure what you meant by that. Why would checking the url matter?
October 30, 2013 at 4:39 pm #154672AlenParticipant<?php if ($_SERVER['PHP_SELF'] == "/path-to-your-file/" . basename(__FILE__)){ exit("Yo Take it easy!"); } else { echo "Whazzzaaaaauupppp"; } ?>
Or
<?php if ( count(get_included_files() ) == 1) { exit("Yo Take it easy!"); } else { echo "Whazzzaaaaauupppp"; } ?>
October 30, 2013 at 5:35 pm #154676__ParticipantSo i need to make my admin_panel.php page check the specific url? i’m not sure what you meant by that. Why would checking the url matter?
No, I wasn’t suggesting anything. (Just pointing out that I didn’t know how your admin page worked.)
To clarify, any potential problems would depend on how the admin script was written. If you haven’t written anything yet, there’s no reason you’d have any issues to sort out. Like I said, give it a try and see what happens.
-
AuthorPosts
- The forum ‘Back End’ is closed to new topics and replies.