0

I have a login page that uses email and password and also an admin checkbox. i have already created the coding for email and password login but not the coding if checkbox is checked it will direct admin.php coz well im not sure how. normal users will be directed to home.php

my login code:

<?php

if (isset($_POST['submit']))
{
    $email = mysql_real_escape_string(isset($_POST['email']) ? stripslashes($_POST['email']) : false);
    $password = mysql_real_escape_string(isset($_POST['password']) ? stripslashes($_POST['password']) : false);

    if ($email&&$password)
    {
        require "dbase.php";
        $query = mysql_query("SELECT * FROM signup WHERE email LIKE '$email'");     
        $numrows = mysql_num_rows($query);

        if (1 == $numrows)
        {   
            $rows = mysql_fetch_assoc($query);

            if ($email==$rows['email'] && $password==$rows['password'])
            {
                $_SESSION['email']=$rows['email'];
                $_SESSION['name']=$rows['name'];
                header("Location: home.php");
            }
            else 
            {
                echo "Incorrect Password";
                header("Location: LogIn.php");
            }
        }
        else 
        {
            echo ('<script type="text/javascript">alert("The Email Does Not Exist In Database");</script>');
            header("Location: LogIn.php");
        }
    }
    else 
    {
        echo ('<script type="text/javascript">alert("Please Enter An Email and/or Password");</script>');
        header("Location: LogIn.php");
    }

}

exit();
?>

thanks in advance.
ps: btw a side problem if you guys can help me out. the else statements won't run. even the incorrect and email does not exist. thanks in advance if you guys help me with this problem.

2
Contributors
4
Replies
19
Views
3 Years
Discussion Span
Last Post by Izzah_1
0

For starters I would change your email statement a bit as currently it will result in you passing a boolean variable to mysql_real_escape_string(), which isn't really what that function is intended for. Try moving it to around stripslashes like this:

 $email = (isset($_POST['email']) ? mysql_real_escape_string(stripslashes($_POST['email'])) : false);    
 $password = (isset($_POST['password']) ? mysql_real_escape_string(stripslashes($_POST['password'])) : false);

Apart from that, changing where you redirect to is pretty much as simple as

if($_POST['admin']) {
    header("Location: admin.php");
}
else {
    header("Location: home.php");
}

Though assuming not all your users are admins you probably want to add a check to ensure the user who just logged in really does have the rights to view that page.

Edited by Lsmjudoka

0

To check if the user is an admin? Assuming you have some field in your database like user_admin (0 or 1 depending on if they are or not) you just update the if statement like this:
if($_POST['admin'] && $rows['user_admin']) {

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.