Hey guys ,
i am working on a login page that will only allow an admin login , if the user is part of a trade account or is classed as a customer i would like them to be redirected.
<?php
session_start();
if (isset($_SESSION["superUser"])){
header("location: index.php");
exit();
}
?>
<?php
if (isset($_POST["username"]) &&isset ($_POST["password"])) {
$superUser = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', md5($_POST["password"]));
//connect to sql data
include "../storescripts/mysql.php";
$sql= mysql_query("SELECT userID FROM user WHERE username='$superUser' AND password='$password' AND userTypeId = 1 LIMIT 1");
if(!$_POST['username'] | !$_POST['password']) {
die('You did not fill in a required Username or Password field. <a href=admin_login.php>Click Here to Try Again</a>');
exit();
}
//MAKE SURE USER EXISTS
$existCount = mysql_num_rows($sql); //Counts the number of rows
if($existCount==1){
while($row = mysql_fetch_array($sql)){
$userID = $row["userID"];
}
$_SESSION["userID"]= $userID;
$_SESSION["superUser"] = $superUser;
$_SESSION["password"] = $password;
header("location: index.php");
exit ();
}else{
echo("You have either entered an incorrect Username or Password <a href=admin_login.php>Click Here to Try Again</a>");
exit();
}
}
?>
As you can see below , the code only selects the user with the userTypeId of 1 which is the id linked to the admins.
include "../storescripts/mysql.php";
$sql= mysql_query("SELECT userID FROM user WHERE username='$superUser' AND password='$password' AND userTypeId = 1 LIMIT 1");
If i enter a customer account details into the system it recognises that it is a customer however it just posts the echo from this.
}else{
echo("You have either entered an incorrect Username or Password <a href=admin_login.php>Click Here to Try Again</a>");
exit();
if the admin info is correct then the admin is redirected to an index.php . code is below
<?php
session_start();
if(!isset($_SESSION["superUser"])){
header("location:admin_login.php");
exit();
}
//be sure to check that this superUser SESSION is in the database
$superUserID = preg_replace('#[^0-9]#i','', $_SESSION["userID"]);
$superUser = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["superUser"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', ($_SESSION["password"]));
//connect to sql data
include "../storescripts/mysql.php";
$sql= mysql_query("SELECT * FROM user WHERE userID='$superUserID' AND username='$superUser' AND password='$password' LIMIT 1");
//MAKE SURE USER EXISTS
$existCount = mysql_num_rows($sql); //Counts the number of rows
if($existCount==0){
echo "false details";
exit();
}
?>
What i would like to do is if a customer or trade account try logging into the backend of the system then they get redirected to say access.php. Within this access page just to echo out " Access Denied . Click here....."
Thank you for your time