Member Avatar for Herminia CS

I'm a newbie in php and I want to create a single login page for Admin and user.When admin log in it should go to an admin page and when user log it shoult go to index page.I want help with my code, it works fine login normal users but i try it addind the admin part and it doesn't seem to work .Please help and Thanks in advance ..
This is my validation code for the login 

<?php

if(!empty($_POST)){
if(isset($_POST["username"]) &&isset($_POST["password"])){
    if($_POST["username"]!=""&&$_POST["password"]!=""){
        include "conexion.php";
        $user_=null;
        $sql1= "select * from user where (username=\"$_POST[username]\" or email=\"$_POST[username]\") and password=\"$_POST[password]\" ";
        $query = $con->query($sql1);
        while ($r=$query->fetch_array()) {
            $user_fullname=$r["fullname"];
                            $_SESSION['user']=array();

        }
        if($user_fullname==null){
            print "<script>alert(\"User or password incorrect.\");window.location='../login.php';</script>";
        }else{
            session_start();
            $_SESSION["user_fullname"]=$user_fullname;
            print "<script>window.location='../index.php';</script>";               
        }

}
}
}
?>
  • 5 Contributors
  • 6 Replies
  • 9K Views
  • 2 Months Discussion Span
  • Latest Post Latest Post by alan.davies

Recommended Answers

All 6 Replies

Member Avatar for rproffitt

I don't see any code that tests for your admin login. You may have to add code to do that. It should be about line 20 from what I see with another if (admin) do the admin thing else what is on line 20.

In parting it appears you are breaking some basic security concepts as well. Never store user passwords in the clear. There are many tutorials and articles about this so no need for me to do more than note it now. Often folk learn to do these logins incorrectly and are doomed to create leaky and bad login systems for decades.

Member Avatar for essential

Hi,
An old thread, but might help someone who needs it.
You can detect any level of access by getting their username.

<?php
// Let's assume that you have set your database connection @ $conn OBJECT.
// you might wanna use token keys to secure the access.
$username = isset($_POST['username']) && ! empty($_POST['username']) ? filter_var($_POST['username'], FILTER_SANITIZE_STRING) : NULL;
$tables = array('admin', 'guest');
if ($username) {
    try {
        foreach($tables as $table) {
            $stmt = $conn->prepare("
                SELECT * FROM `$table` WHERE username = :username
            ");
            $stmt->execute(["username" => $username ]);
            if ($user = $stmt->fetch()) {
                $stmt = NULL;
                if ( ! password_verify($password, $user['password'])) throw new PDOException("invalid password", 0); 
                // ... the rest of your code
                continue;
            } $stmt = NULL;
        } throw new PDOException("no found user", 0);
    } catch(PDOException $e) {

        echo $e->getMessage();
        exit;

    }
} exit;
Edited by essential because: revised my code
Member Avatar for alan.davies

Your code has users across two tables for some reason. Not the way to do it. Also, there is nothing in the code to differentiate between admin and guest, even though you have a loop.

Member Avatar for essential

Hi,
i totally understand how your point goes and based on what herminia wanted to happen. And pressumed that both tables have identical columns. as you can identify each user with a token.

Member Avatar for Odelia_1 
    if(isset($_POST['username']) && isset($_POST['password']) ){
     $username=$_POST['username'];
     $password=$_POST['password'];
    $sql5 = "select * FROM users where username='$username' AND password='$password'";
    $stat5 = $conn->prepare($sql5);
$stat5->execute();

$type=$row5['type'];
    if($row5 = $stat5->fetch())
{   
$type=$row5['type'];
        if($type=='admin')
        {

        header("Location:admin2.php");

    }
    else
    {

    header("Location:admin2.php");
        }
    }
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.