Hello, folks.

I am facing a really annoying problem here.

Well, basically I want my page to check if the user is an admin or not.

Whenever I log in and try to access that page i am recieving the error message "You are not admin, leave"

error_reporting (E_ALL ^ E_NOTICE);  //error reporting

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<html xmlns="http://www.w3.org/1999/xhtml">

$conn = mysql_connect("localhost", "root", "") or die("cannot connect"); 
mysql_select_db("IgotThis") or die (mysql_error());

$myusername = $_SESSION['gatekeepr'];
$mypassword = $_SESSION['password'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$num_rows = 0;
$errorMessage = "";

$sql = ("SELECT  * FROM sc_users WHERE username = '$myusername' and password = '$mypassword' and isadmin = 1 ;");
$result = mysql_query ($sql);

if  (mysql_num_rows($result)==0)
   echo "Not an admin, leave! ";
        echo "<center><h3>You are logged in as " . $_SESSION['gatekeeper'] . "</h3></center>";

<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1" />

<title>Add a show</title>


<h1>Add a new Film to the Database</h1>
<form method="post" action="addshowings.php">

Title of the movie     :    <input type="text" name="film"         size = "30"/>  <br />
Date of the showing :    <input type="text" name="date"           size = "30"/>  <br />
Time of the showing :    <input type="text" name="time"          size = "30"/>  <br />
Number of the screen   :       <input type="text" name="screen"         size = "30"/>  <br />
Max tickets avaliable  :     <input type="text" name="maxitickets"  size = "30"/>  <br />
<td>Certificate :</td>
<input type = "checkbox" name = "certificate" value = "U"  />  U
<input type = "checkbox" name = "certificate" value = "12" /> 12
<input type = "checkbox" name = "certificate" value = "15" /> 15
<input type = "checkbox" name = "certificate" value = "18" /> 18

<input type="submit" value="Send"/>
<input type="reset" value="Delete"/>
<a href="mainpage.php"> Go to Main Page</a>

Recommended Answers

All 3 Replies

one of the three constituents of the criteria in the following sql query results to no query (at least one):

$sql = ("SELECT  * FROM sc_users WHERE username = '$myusername' and password = '$mypassword' and isadmin = 1 ;");

either you have no user with username gatekeepr (which I believe is the case, it very likely is gatekeeper)... or one of the other two... check for gatekeeper.

P.S. You have gatekeepr spelled wrong.

Haha, it works, my bad. Thank you!

;) mark your thread solved then. glad I was of help.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.