Som jeg forstår det så vil det der resultere i at der er noget data som kun den bruger der er logged ind der kan se det.?? det som jeg skal bruge er følgende: jeg har 2 brugere i en sql database (admin & user) og der er så nogle data (fx. et billede) som kun admin må kunne se - men som en logged ind "user" ikke på kunne se. min login.php ser sådan ud, hvis det hjælper: <?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index.php");
exit;
}
if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['username'] || !$_POST['password'])
$err[] = '<center><label class="alert">All the fields must be filled in!</label></center>';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// Escaping all input data
$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr'])
{
// If everything is OK login
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('tzRemember',$_POST['rememberMe']);
header("Location: index.php");
exit;
}
else $err[]='<center><label class="alert">Wrong username and/or password!</label></center><br />';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: login.php");
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="
http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</head>
<body>
<div id="header">
<div class="tablewidth">
<div id="malibur"><a href="
http://www.malibur.dk">malibur</a></div> </div>
</div>
<div class="tablewidth2">
<div class="centering"></div>
</div>
<div id="top" class="tablewidth">
<div id="maliburlogo"></div>
<div id="websitename">mcisland.dk</div>
</div>
<div id="logincontainer" class="tablewidth">
<!-- Login Form -->
<form action="" method="post" class="logstyle">
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<p>
<label for="username" class="titlestyle">Username:</label>
<input type="text" class="inputstyle" name="username" id="username" value="" />
</p>
<p>
<label for="password" class="titlestyle">Password:</label>
<input type="password" class="inputstyle" name="password" id="password"/>
</p>
<p>
<label class="rememberme"><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<input type="submit" class="buttonstyle" name="submit" value="Login" />
</p>
</form>
<br/>
</div>
</body>
