Member Avatar for Izzah_1

I have a login page that uses email and password and also an admin checkbox. i have already created the coding for email and password login but not the coding if checkbox is checked it will direct admin.php coz well im not sure how. normal users will be directed to home.php

my login code:

<?php

if (isset($_POST['submit']))
{
    $email = mysql_real_escape_string(isset($_POST['email']) ? stripslashes($_POST['email']) : false);
    $password = mysql_real_escape_string(isset($_POST['password']) ? stripslashes($_POST['password']) : false);

    if ($email&&$password)
    {
        require "dbase.php";
        $query = mysql_query("SELECT * FROM signup WHERE email LIKE '$email'");     
        $numrows = mysql_num_rows($query);

        if (1 == $numrows)
        {   
            $rows = mysql_fetch_assoc($query);

            if ($email==$rows['email'] && $password==$rows['password'])
            {
                $_SESSION['email']=$rows['email'];
                $_SESSION['name']=$rows['name'];
                header("Location: home.php");
            }
            else 
            {
                echo "Incorrect Password";
                header("Location: LogIn.php");
            }
        }
        else 
        {
            echo ('<script type="text/javascript">alert("The Email Does Not Exist In Database");</script>');
            header("Location: LogIn.php");
        }
    }
    else 
    {
        echo ('<script type="text/javascript">alert("Please Enter An Email and/or Password");</script>');
        header("Location: LogIn.php");
    }

}

exit();
?>

thanks in advance.
ps: btw a side problem if you guys can help me out. the else statements won't run. even the incorrect and email does not exist. thanks in advance if you guys help me with this problem.

  • 2 Contributors
  • 4 Replies
  • 307 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by Izzah_1
Member Avatar for Lsmjudoka

For starters I would change your email statement a bit as currently it will result in you passing a boolean variable to mysql_real_escape_string(), which isn't really what that function is intended for. Try moving it to around stripslashes like this:

 $email = (isset($_POST['email']) ? mysql_real_escape_string(stripslashes($_POST['email'])) : false);    
 $password = (isset($_POST['password']) ? mysql_real_escape_string(stripslashes($_POST['password'])) : false);

Apart from that, changing where you redirect to is pretty much as simple as

if($_POST['admin']) {
    header("Location: admin.php");
}
else {
    header("Location: home.php");
}

Though assuming not all your users are admins you probably want to add a check to ensure the user who just logged in really does have the rights to view that page.

Edited by Lsmjudoka
Member Avatar for Izzah_1

how to check?

Member Avatar for Lsmjudoka

To check if the user is an admin? Assuming you have some field in your database like user_admin (0 or 1 depending on if they are or not) you just update the if statement like this:
if($_POST['admin'] && $rows['user_admin']) {

Member Avatar for Izzah_1

thank u for your help its working!!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.