PHP issue

[Anonymous]

for some reason this PHP code is functioning, but it makes the html elements disappear. Are there any errors in the code i might be missing?

    <title>Admin Panel Login</title>
    <meta charset="utf-8"/>

    <style type="text/css">
        body {
            text-align:center;
        }
    </style>

</head>
<body>

    <?php
    if(isset($_POST['submit'])) {
        $name = $_POST['name'];
        $pass = $_POST['password'];

        $result = mysql_query("SELECT * FROM users WHERE name='$name' AND pass='$pass'");
        $num = mysql_num_rows($result);
        if ($num == 0) {
            echo "Incorrect Password or username Kevin!!!";
        } else {
            session_start();
            $_SESSION['name'] = $name;
            header("Location: admin.php");
        }
    ?>

    <h1> Poverty To Profits Admin Panel Login</h1>
    <form action="login.php" method="post">
        Username: <input type="text" name="name"/><br/>
        Password: <input type="password" name="password"/><br/>
        <input type="submit" name="submit" value="Login!"/>
    </form>

    <?php
    }
    ?>
</body>

[__]

Your blocks are set up so the form will only be printed if $_POST['submit'] is truthy.

[Anonymous]

Thanks. I also have another question that i might as well post here. I’m working on the admin panel for my blog site and im not exactly sure how to secure it. I’m new to php and mysql and am not fully aware of how it works. I can login to my admin panel with a password and username and it redirects to the admin panel page if the password is correct. Although its kinda useless because i can just go to the admin panel directory without entering the password and username. For example i can just go to local/blog/admin_panel.php and there it is for everyone to see. So how exactly does one protect the admin panel from being used by others? maybe having the site require the password even when going directly to the directory.

Heres my login page php

<!DOCTYPE>

<?php
    include "../php/db_connect.php";

    session_start();
?>

<html>
    <head>

        <title>Poverty To Profits Admin Panel Login</title>
        <meta charset="utf-8"/>

        <link rel="stylesheet" type="text/css" href="admin_style.css"/>

    </head>
    <body>

        <h1> Poverty To Profits Admin Panel Login</h1>
        <form action="login.php" method="post">
            Username: <input type="text" name="username"/><br/>
            Password: <input type="password" name="pass"/><br/>
            <input type="submit" name="login" value="Login"/>
        </form>

    </body>
</html>

<?php
    include "../php/db_connect.php";

    if(isset($_POST['login'])) {
        $username = $_POST['username'];
        $pass = $_POST['pass'];

        $admin_query = "select * from admin_login where username='$username' AND pass='$pass'";

        $run = mysql_query($admin_query);

        if(mysql_num_rows($run)>0) {
            $_SESSION['username']=$username;

            echo "<script>window.open('admin_panel.php','_self')</script>";
        }
        else {
            echo "NOOO, ASI NO EEE";
        }
    }
?>

[__]

Instead of redirecting, you need to integrate the credentials check into the page in question.

Alternatively (and maybe more workable in the long run), use the login/check page to serve the restricted content (e.g., via include), and keep the page itself inaccessible (via mod_passwd, keep it outside the webroot, or similar).

[Anonymous]

So in my code above will i simply need to replace echo "<script>window.open('admin_panel.php','_self')</script>";

with the include function you mentioned that will include the admin page?

[__]

It would appear so, though of course I couldn’t be sure without knowing how your code is written. If your admin page relies on specific URLs or $_GET parameters, for example, you might need to rework some of it to accommodate the fact that you’re not actually “on” the admin page.

Give it a try.

[Anonymous]

Well my admin panel is nothing right now. Just this.

<?php
echo "test";
?>

So i need to make my admin_panel.php page check the specific url? i’m not sure what you meant by that. Why would checking the url matter?

[Alen]

<?php
if ($_SERVER['PHP_SELF'] == "/path-to-your-file/" . basename(__FILE__)){
    exit("Yo Take it easy!");
  }
  else {
    echo "Whazzzaaaaauupppp";
  }
?>

Or

<?php
if ( count(get_included_files() ) == 1) {
    exit("Yo Take it easy!");
}
else {
    echo "Whazzzaaaaauupppp";
}
?>

[__]

So i need to make my admin_panel.php page check the specific url? i’m not sure what you meant by that. Why would checking the url matter?

No, I wasn’t suggesting anything. (Just pointing out that I didn’t know how your admin page worked.)

To clarify, any potential problems would depend on how the admin script was written. If you haven’t written anything yet, there’s no reason you’d have any issues to sort out. Like I said, give it a try and see what happens.

[Author]

Posts