Member Avatar for FakeTales

Hey guys ,

i am working on a login page that will only allow an admin login , if the user is part of a trade account or is classed as a customer i would like them to be redirected.

<?php

session_start();
if (isset($_SESSION["superUser"])){
	header("location: index.php");
	exit();
	
}
?>
<?php

if (isset($_POST["username"]) &&isset ($_POST["password"])) {
	$superUser = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
	$password = preg_replace('#[^A-Za-z0-9]#i', '', md5($_POST["password"]));

	

//connect to sql data

include "../storescripts/mysql.php";
$sql= mysql_query("SELECT userID FROM user WHERE username='$superUser'  AND password='$password' AND userTypeId = 1 LIMIT 1");

if(!$_POST['username'] | !$_POST['password']) {

 		die('You did not fill in a required Username or Password field. <a href=admin_login.php>Click Here to Try Again</a>');
		exit();
}

//MAKE SURE USER EXISTS

$existCount = mysql_num_rows($sql); //Counts the number of rows 
if($existCount==1){
	while($row = mysql_fetch_array($sql)){
		$userID = $row["userID"];
		
}

$_SESSION["userID"]= $userID;
$_SESSION["superUser"] = $superUser;
$_SESSION["password"] = $password;


header("location: index.php");


exit ();


	}else{
	
 	echo("You have either entered an incorrect Username or Password <a href=admin_login.php>Click Here to Try Again</a>");
	
	
	
	exit();
}
}



?>

As you can see below , the code only selects the user with the userTypeId of 1 which is the id linked to the admins.

include "../storescripts/mysql.php";
$sql= mysql_query("SELECT userID FROM user WHERE username='$superUser'  AND password='$password' AND userTypeId = 1 LIMIT 1");

If i enter a customer account details into the system it recognises that it is a customer however it just posts the echo from this.

}else{
	
 	echo("You have either entered an incorrect Username or Password <a href=admin_login.php>Click Here to Try Again</a>");
	
exit();

if the admin info is correct then the admin is redirected to an index.php . code is below

<?php

session_start();
if(!isset($_SESSION["superUser"])){
	header("location:admin_login.php");
	exit();
}

//be sure to check that this superUser SESSION is in the database
$superUserID = preg_replace('#[^0-9]#i','', $_SESSION["userID"]);
$superUser = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["superUser"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', ($_SESSION["password"]));

//connect to sql data

include "../storescripts/mysql.php";
$sql= mysql_query("SELECT * FROM user WHERE userID='$superUserID' AND username='$superUser' AND password='$password' LIMIT 1");

//MAKE SURE USER EXISTS

$existCount = mysql_num_rows($sql); //Counts the number of rows 
if($existCount==0){
	echo "false details";
	exit();
	
}

?>

What i would like to do is if a customer or trade account try logging into the backend of the system then they get redirected to say access.php. Within this access page just to echo out " Access Denied . Click here....."

Thank you for your time

All you would have to do is like your doing already, if you have a value that states the users type, then if not admin then echo something with a link. Or if the user account as you are only searching for admin users, then if the user is not found based on the credentials that have been passed to you then have a common redirect. Stating that your login failed, please try again.

Member Avatar for FakeTales

Thanks miku i added this code (shown below) and now it works

<?php

$sql1 = mysql_query("SELECT userID FROM user WHERE username='$superUser'  AND password='$password' AND userTypeId != 1 LIMIT 1");
$existcount1 = mysql_num_rows($sql1);
if($existcount1==1){
	while($row = mysql_fetch_array($sql1)){
		$userID = $row["userID"];
		
		}

		$_SESSION["userID"] = $userID;
		$_SESSION["superUser"] = $superUser;
		$_SESSION["password"] = $password;
	
	
	echo("ACCESS DENIED. <a href=admin_login.php>Click Here to Try Again</a>");
	exit();

	}else{
	
	echo ("You have enetered an incorrect Username or Password. <a href=admin_login.php>Click Here to Try Again</a>'");
	
	exit();
	}
	
}


?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.