0

This is my login.php code: (this is the page where the form will displayed asking the user to enter the 6 digit code. Once they input the correct code and press submit it will take the user to admin.php if code is correct

<?php
session_start();
include('connection.php');
?>
<!doctype html>
<html lang="en">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title></title>
    <link href="css/style.css" rel="stylesheet" type="text/css" />
    <link href="css/reset.css" rel="stylesheet" type="text/css" />
<div id="container">
<div id="authorise">
<form action="admin.php" method="POST" name="authorisation"><br>
<!--Product Comment Box--><br>
<p>Please enter your 4<br> digit authorisation code:<br> <br><input type="text" name="code"/></p><br>
<input type="submit" value="Log In"/>
</form>

<?php
if (isset($_POST['code']) && $_POST['code'] == '210392') {
    header("Location: https://www.google.co.uk");
    exit;
}
?>

</div>
</div>

This is my admin.php document (apologies for copying the whole thing)

<!doctype html>
<html lang="en">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title></title>
    <link href="css/style.css" rel="stylesheet" type="text/css" />
    <link href="css/reset.css" rel="stylesheet" type="text/css" />
    <style type="text/css">
        table {
            font-family: verdana,arial,sans-serif;
            font-size:11px;
            color:#333333;
            border-width: 1px;
            border-color: #999999;
            border-collapse: collapse;
        }
        table th {
            background:#b5cfd2;
            border-width: 1px;
            padding: 8px;
            border-style: solid;
            border-color: #999999;
        }
        table td {
            background:#dcddc0;
            border-width: 1px;
            padding: 8px;
            border-style: solid;
            border-color: #999999;
        }
    </style>    
</head>

<body>
<div id="container4">
<div id="adminpanel">
Admin Page 
<div id="showorders"><u>Orders</u></div>
<?php
include('connection.php');

$result = mysql_query("SELECT * FROM orderform");

echo "<table border='1' >
<tr>
<th><u>Date</th>
<th><u>Product</th>
<th><u>Product Comments</th>
<th><u>Name</th>
<th><u>Address</th>
<th><u>Age</th>
<th><u>Delivery</th>
</tr>";

while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['date'] . "</td>";
echo "<td>" . $row['product'] . "</td>";
echo "<td>" . $row['productcomments'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['address'] . "</td>";
echo "<td>" . $row['age'] . "</td>";
echo "<td>" . $row['delivery'] . "</td>";

echo "</tr>";
}
echo "</table>";

?>

<div id="showreviews"><u>Reviews</u></div>
<?php
include('connection.php');
$result = mysql_query("SELECT * FROM reviewform");

echo "<table border='1'>
<tr>
<th><u>Name</th>
<th><u>Product</th>
<th><u>Comment</th>
</tr>";

while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['product'] . "</td>";
echo "<td>" . $row['comment'] . "</td>";

echo "</tr>";
}
echo "</table>";

?>
</div>
</div>
</body>

This is the two files in question. Thanks for any help. Like I said previous I am a complete newbie to this

Improve this question
2
  • 1
    You have done $_POST['code'] is not equal to 210392 the != needs to be == :) Commented Mar 18, 2014 at 14:02
  • The file admin.php is your form's target, your if statement should be in that file or should be in the same file (that would NOT be clean, but that'd work) but you should display the form OR, provided that $_POST is populated correctly, execute your logic. Unless you've merged the two files in one for your example, this is not done the way it should. And of course, your if statement is NOT correct. Plus, where is the body tag gone ? Commented Mar 18, 2014 at 14:06

2 Answers 2

Reset to default
2

Move this to the top of the file:

if (isset($_POST['code']) && $_POST['code'] == '210392') {
    header("Location: https://www.google.co.uk");
    exit;
}
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

<?php session_start(); include('connection.php'); ?> <?php if (isset($_POST['code']) && $_POST['code'] == '210392') { header("Location: google.co.uk"); exit; } ?> So it looks like that?
<?php if (isset($_POST['code']) && $_POST['code'] == '210392') { header("Location: google.co.uk"); exit; } session_start(); include('connection.php'); ?> ...
That still allows me to click submit and view admin.php without having to input the correct code
Oh, now I see. In this case you should move that part of code to the beginning of admin.php.
Removed the line from login.php and put it at very start of admin.php and it still allows me to press submit without having to put correct details in
|
0

The if you did is unnecessary, you dont have to check if its set. Its enough if you check the code on its own:

if($_POST['code'] != 210392) {
    echo "https://www.google.co.uk";
}

That just by the way, its not an error what you did. The problem you have is not located in this file, but in admin.php Move the if condition above in there and everything should work fine, at least it did for me when i tried it.

Improve this answer

10 Comments

If you remove the isset($_POST['code']), the visitor will get an undefined offset error. (unless you disabled display_errors etc..)
error_reporting should be disabled on every public site. Its only for development purposes, so as soon as you go "online", its time to disable it.
Oh.. well.. thats a completely valid reason to create errors in your code then.. </sarcasm>
Where abouts in admin.php should I put the if statement. And do I put it in both admin.php and the current file or just admin? Thanks
As long as its running and not vulnerable to bugs, i dont really care about warnings. Call me a bad programmer, but i've got better things to do than catching warnings all over my code with if conditions.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.