Jump to content
Larry Ullman's Book Forums

Redirect Non-Administrators On Add_Page.php


Recommended Posts

Hello Larry,

 

I changed in phpmyadmin one username and I put ''admin" but when I login with the email and pass from admin I am still redirected and I can't get in.

If I comment this line

redirect_invalid_user('user_admin');

I can enter, but with that line I can't.

I don't know where is the error. I will put here the page code. Please give an idea.

<?php
require_once ('includes/config.inc.php');
require ('includes/form_functions.inc.php');

// Redirect non-administrators:
//redirect_invalid_user('user_admin');

$page_title = 'Add a Site Content Page';
include ('includes/header.html');

// Require the database connection:
require(MYSQL);

// Create an array for storing errors:
$add_page_errors = array( );

// Validate the page title:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	if (!empty($_POST['title'])) {
		$t = mysqli_real_escape_string($dbc, strip_tags($_POST['title']));
	} else {
		$add_page_errors['title'] = 'Please enter the title!';
	}
	
	// Validate the category:
	if (filter_var($_POST['category'], FILTER_VALIDATE_INT, array('min_range' => 1))) {
		$cat = $_POST['category'];
	} else {
		$add_page_errors['category'] = 'Please select a category!';
	}
	
	// Validate the description:
	if (!empty($_POST['description'])) {
		$d = mysqli_real_escape_string($dbc, strip_tags($_POST['description']));
	} else {
		$add_page_errors['description'] = 'Please enter the description!';
	}
	
	// Validate the content:
	if (!empty($_POST['content'])) {
		$allowed = '<div><p><span><br><a><img><h1><h2><h3><h4><ul><ol><li><blockquote>';
		$c = mysqli_real_escape_string($dbc, strip_tags($_POST['content'], $allowed));
	} else {
		$add_page_errors['content'] = 'Please enter the content!';
	}
	
	// If there are no errors, add the record to the database:
	if (empty($add_page_errors)) { // If everything's OK.
		$q = "INSERT INTO pages (category_id, title, description, content) VALUES ($cat, '$t', '$d', '$c')";
		$r = mysqli_query ($dbc, $q);
		if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
			echo '<h4>The page has been added!</h4>';
			$_POST = array( );
		} else { // If it did not run OK.
		trigger_error('The page could not be added due to a system error. We apologize for any inconvenience.');
		}
	} // End of $add_page_errors IF.
} // End of the main form submission conditional.
?>



<form action="add_page.php" method="post" accept-charset="utf-8">
    <fieldset><legend>Fill out the form to add a page of content:</legend>
        <p><label for="first_name"><strong>Title</strong>
        </label><br /><?php create_form_input('title', 'text',
        $add_page_errors); ?></p>
        
        <p><label for="category"><strong>Category</strong></label><br />
        <select name="category"<?php if (array_key_exists('category',
        $add_page_errors)) echo ' class="error"'; ?>>
        <option>Select One</option>
        <?php // Retrieve all the categories and add to the pull-down menu:
        $q = "SELECT id, category FROM categories ORDER BY category ASC";
        $r = mysqli_query ($dbc, $q);
        while ($row = mysqli_fetch_array ($r, MYSQLI_NUM)) {
			echo "<option value=\"$row[0]\"";
			// Check for stickyness:
			if (isset($_POST['category']) && ($_POST['category'] == $row[0]) )
			echo ' selected="selected"';
			echo ">$row[1]</option>\n";
        }
        ?>
        </select><?php if (array_key_exists('category', $add_page_errors))
        echo ' <span class="error">' . $add_page_errors['category'] .
        '</span>'; ?></p>
        
        <p><label for="description"><strong>Description</strong>
        </label><br /><?php create_form_input('description', 'textarea',
        $add_page_errors); ?></p>
        
        <p><label for="content"><strong>Content</strong></label>
        <br /><?php create_form_input('content', 'textarea',
        $add_page_errors); ?></p>
        
        <p><input type="submit" name="submit_button" value="Add This
        Page" id="submit_button" class="formbutton" /></p>
    </fieldset>
</form>



<?php
include('includes/footer.html');
?>



Link to comment
Share on other sites

 Share

×
×
  • Create New...