Hello fellow programmers and coders. I am developing an enhanced login script based on the already great login script by zubrag.
What i am trying to achieve: If the user is an admin, he will be logged in. If the user is a regular user, he will not be logged in.
What happens: The user gets logged in, even if he is not an admin.
Here is a snippet of the code:
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $users)
|| (USE_USERNAME && ( !array_key_exists($login, $users) || $users[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect username or password.");
}
The Part that i am having trouble with:
elseif (array_key_exists($login, $admins)) {
showLoginPasswordProtect("User not an admin.");
}
Rest of the code:
else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
setcookie("user", $login, 0, '/');
// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}
Username and password array:
$users = array(
'username' => 'password',
'administrator' => 'administrator-password'
);
Admin array:
$admins = array(
'administrator'
);
Now picture all of that together, and what would the problem be? (It’s probably really easy, i’m just not a professtional coder.)
Are you sure that admins can login?
Here you are saying that if the username is in the admin array, deny the acces:
What you probably want to do is deny the acces for users not in the admin array: