0

Hello, folks.

I am facing a really annoying problem here.

Well, basically I want my page to check if the user is an admin or not.

Whenever I log in and try to access that page i am recieving the error message "You are not admin, leave"

<?php
session_start();
error_reporting (E_ALL ^ E_NOTICE);  //error reporting
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<?php
ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);

$conn = mysql_connect("localhost", "root", "") or die("cannot connect"); 
mysql_select_db("IgotThis") or die (mysql_error());

$myusername = $_SESSION['gatekeepr'];
$mypassword = $_SESSION['password'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$num_rows = 0;
$errorMessage = "";



$sql = ("SELECT  * FROM sc_users WHERE username = '$myusername' and password = '$mypassword' and isadmin = 1 ;");
$result = mysql_query ($sql);







if  (mysql_num_rows($result)==0)
{
   echo "Not an admin, leave! ";
}
else
        
{
        echo "<center><h3>You are logged in as " . $_SESSION['gatekeeper'] . "</h3></center>";


?>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1" />

<title>Add a show</title>

</head>    
<body>



<h1>Add a new Film to the Database</h1>
<form method="post" action="addshowings.php">
<p>

Title of the movie     :    <input type="text" name="film"         size = "30"/>  <br />
Date of the showing :    <input type="text" name="date"           size = "30"/>  <br />
Time of the showing :    <input type="text" name="time"          size = "30"/>  <br />
Number of the screen   :       <input type="text" name="screen"         size = "30"/>  <br />
Max tickets avaliable  :     <input type="text" name="maxitickets"  size = "30"/>  <br />
<td>Certificate :</td>
<td>
<input type = "checkbox" name = "certificate" value = "U"  />  U
<input type = "checkbox" name = "certificate" value = "12" /> 12
<input type = "checkbox" name = "certificate" value = "15" /> 15
<input type = "checkbox" name = "certificate" value = "18" /> 18
</td>


<input type="submit" value="Send"/>
<input type="reset" value="Delete"/>
</p>
</form>
<a href="mainpage.php"> Go to Main Page</a>
</body>
</html>
<?php
}
?>
2
Contributors
3
Replies
5
Views
5 Years
Discussion Span
Last Post by bibiki
1

one of the three constituents of the criteria in the following sql query results to no query (at least one):

$sql = ("SELECT  * FROM sc_users WHERE username = '$myusername' and password = '$mypassword' and isadmin = 1 ;");

either you have no user with username gatekeepr (which I believe is the case, it very likely is gatekeeper)... or one of the other two... check for gatekeeper.

P.S. You have gatekeepr spelled wrong.

Edited by bibiki: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.