This is my code for a user login. It allows the user to login fine.

What do i need to add to the code to allow admin users to be able to login and then be redirected to another page?

In the database I have assigned 0 to the normal users and 1 to the admin users.

<!DOCTYPE html>
<meta charset="utf-8">
<link rel="stylesheet" href="style.css" />
    // When a form is submitted it will insert the values into my database.
    if (isset($_POST['username'])){
        $username = $_POST['username'];
        $password = $_POST['password'];
    //Checking is user existing in the database or not
        $query = "SELECT * FROM `Test` WHERE username='$username' and password='".md5($password)."'";
        $result = mysql_query($query) or die(mysql_error());
        $rows = mysql_num_rows($result);
            $_SESSION['username'] = $username;
            header("Location: index.php"); // This will redirect the user to index.php page. 
                echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
<div class="testbox">
<img src="MorleyWasteLogo.png" alt="Logo" align="middle" style="width:340px;height:90px;" >
<form action="" method="post" name="login">
<label id="icon" for="name"><i class="icon-user"></i></label>
<input type="text" name="username" id="name" placeholder="Username" required/>
<label id="icon" for="name"><i class="icon-shield"></i></label>
<input type="password" name="password" id="name" placeholder="Password" required/>
<input name="submit" type="submit" value="Login" />
<input type="reset" value="Reset"/>
<a href='registration.php'>Register Here</a>
<?php } ?>


after if($rows==1){ fetch the row and check the column value that defines the role, use an IF statement to define the session and redirect, something like:

    mysql_data_seek($result, 0);
    $row = mysql_fetch_assoc($result);

    # admin
    if($row['role'] == 1)
        $_SESSION['role'] = 1;
        header("Location: /admin/");

    # user
    $_SESSION['role'] = 0;
    header("Location: /");

Make sure, on admin side to check the session value, otherwise a simple user could access the restricted area.

Also, switch to MySQLi or PDO, the MySQL api is now removed in PHP 7:

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.