Jump to content
Larry Ullman's Book Forums
sorin

Redirect Non-Administrators On Add_Page.php

Recommended Posts

Hello Larry,

 

I changed in phpmyadmin one username and I put ''admin" but when I login with the email and pass from admin I am still redirected and I can't get in.

If I comment this line

redirect_invalid_user('user_admin');

I can enter, but with that line I can't.

I don't know where is the error. I will put here the page code. Please give an idea.

<?php
require_once ('includes/config.inc.php');
require ('includes/form_functions.inc.php');

// Redirect non-administrators:
//redirect_invalid_user('user_admin');

$page_title = 'Add a Site Content Page';
include ('includes/header.html');

// Require the database connection:
require(MYSQL);

// Create an array for storing errors:
$add_page_errors = array( );

// Validate the page title:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	if (!empty($_POST['title'])) {
		$t = mysqli_real_escape_string($dbc, strip_tags($_POST['title']));
	} else {
		$add_page_errors['title'] = 'Please enter the title!';
	}
	
	// Validate the category:
	if (filter_var($_POST['category'], FILTER_VALIDATE_INT, array('min_range' => 1))) {
		$cat = $_POST['category'];
	} else {
		$add_page_errors['category'] = 'Please select a category!';
	}
	
	// Validate the description:
	if (!empty($_POST['description'])) {
		$d = mysqli_real_escape_string($dbc, strip_tags($_POST['description']));
	} else {
		$add_page_errors['description'] = 'Please enter the description!';
	}
	
	// Validate the content:
	if (!empty($_POST['content'])) {
		$allowed = '<div><p><span><br><a><img><h1><h2><h3><h4><ul><ol><li><blockquote>';
		$c = mysqli_real_escape_string($dbc, strip_tags($_POST['content'], $allowed));
	} else {
		$add_page_errors['content'] = 'Please enter the content!';
	}
	
	// If there are no errors, add the record to the database:
	if (empty($add_page_errors)) { // If everything's OK.
		$q = "INSERT INTO pages (category_id, title, description, content) VALUES ($cat, '$t', '$d', '$c')";
		$r = mysqli_query ($dbc, $q);
		if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
			echo '<h4>The page has been added!</h4>';
			$_POST = array( );
		} else { // If it did not run OK.
		trigger_error('The page could not be added due to a system error. We apologize for any inconvenience.');
		}
	} // End of $add_page_errors IF.
} // End of the main form submission conditional.
?>



<form action="add_page.php" method="post" accept-charset="utf-8">
    <fieldset><legend>Fill out the form to add a page of content:</legend>
        <p><label for="first_name"><strong>Title</strong>
        </label><br /><?php create_form_input('title', 'text',
        $add_page_errors); ?></p>
        
        <p><label for="category"><strong>Category</strong></label><br />
        <select name="category"<?php if (array_key_exists('category',
        $add_page_errors)) echo ' class="error"'; ?>>
        <option>Select One</option>
        <?php // Retrieve all the categories and add to the pull-down menu:
        $q = "SELECT id, category FROM categories ORDER BY category ASC";
        $r = mysqli_query ($dbc, $q);
        while ($row = mysqli_fetch_array ($r, MYSQLI_NUM)) {
			echo "<option value=\"$row[0]\"";
			// Check for stickyness:
			if (isset($_POST['category']) && ($_POST['category'] == $row[0]) )
			echo ' selected="selected"';
			echo ">$row[1]</option>\n";
        }
        ?>
        </select><?php if (array_key_exists('category', $add_page_errors))
        echo ' <span class="error">' . $add_page_errors['category'] .
        '</span>'; ?></p>
        
        <p><label for="description"><strong>Description</strong>
        </label><br /><?php create_form_input('description', 'textarea',
        $add_page_errors); ?></p>
        
        <p><label for="content"><strong>Content</strong></label>
        <br /><?php create_form_input('content', 'textarea',
        $add_page_errors); ?></p>
        
        <p><input type="submit" name="submit_button" value="Add This
        Page" id="submit_button" class="formbutton" /></p>
    </fieldset>
</form>



<?php
include('includes/footer.html');
?>



Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...