Code PHP and Mysql for login admin and users

Question

Herminia CS 0 Newbie Poster

6 Years Ago

I'm a newbie in php and I want to create a single login page for Admin and user.When admin log in it should go to an admin page and when user log it shoult go to index page.I want help with my code, it works fine login normal users but i try it addind the admin part and it doesn't seem to work .Please help and Thanks in advance ..
This is my validation code for the login

<?php

if(!empty($_POST)){
if(isset($_POST["username"]) &&isset($_POST["password"])){
    if($_POST["username"]!=""&&$_POST["password"]!=""){
        include "conexion.php";
        $user_=null;
        $sql1= "select * from user where (username=\"$_POST[username]\" or email=\"$_POST[username]\") and password=\"$_POST[password]\" ";
        $query = $con->query($sql1);
        while ($r=$query->fetch_array()) {
            $user_fullname=$r["fullname"];
                            $_SESSION['user']=array();

        }
        if($user_fullname==null){
            print "<script>alert(\"User or password incorrect.\");window.location='../login.php';</script>";
        }else{
            session_start();
            $_SESSION["user_fullname"]=$user_fullname;
            print "<script>window.location='../index.php';</script>";               
        }

}
}
}
?>

javascript mysql php sql

5 Contributors
6 Replies
9K Views
2 Months Discussion Span
Latest Post 6 Years Ago Latest Post by alan.davies

rproffitt 2,662 "Nothing to see here."

6 Years Ago

I don't see any code that tests for your admin login. You may have to add code to do that. It should be about line 20 from what I see with another if (admin) do the admin thing else what is on line 20.

In parting it appears you are breaking some basic security concepts as well. Never store user passwords in the clear. There are many tutorials and articles about this so no need for me to do more than note it now. Often folk learn to do these logins incorrectly and are doomed to create leaky and bad login systems for decades.

essential 84 Posting Shark

6 Years Ago

Hi,
An old thread, but might help someone who needs it.
You can detect any level of access by getting their username.

<?php
// Let's assume that you have set your database connection @ $conn OBJECT.
// you might wanna use token keys to secure the access.
$username = isset($_POST['username']) && ! empty($_POST['username']) ? filter_var($_POST['username'], FILTER_SANITIZE_STRING) : NULL;
$tables = array('admin', 'guest');
if ($username) {
    try {
        foreach($tables as $table) {
            $stmt = $conn->prepare("
                SELECT * FROM `$table` WHERE username = :username
            ");
            $stmt->execute(["username" => $username ]);
            if ($user = $stmt->fetch()) {
                $stmt = NULL;
                if ( ! password_verify($password, $user['password'])) throw new PDOException("invalid password", 0); 
                // ... the rest of your code
                continue;
            } $stmt = NULL;
        } throw new PDOException("no found user", 0);
    } catch(PDOException $e) {

        echo $e->getMessage();
        exit;

    }
} exit;

Edited 6 Years Ago by essential because: revised my code

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

alan.davies 185 What's this? · Answer 1 · 2018-09-08T09:11:11+00:00

Your code has users across two tables for some reason. Not the way to do it. Also, there is nothing in the code to differentiate between admin and guest, even though you have a loop.

essential 84 Posting Shark Featured Poster · Answer 2 · 2018-09-09T08:34:51+00:00

Hi,
i totally understand how your point goes and based on what herminia wanted to happen. And pressumed that both tables have identical columns. as you can identify each user with a token.

Odelia_1 0 Newbie Poster · Answer 3 · 2018-09-12T07:54:47+00:00

    if(isset($_POST['username']) && isset($_POST['password']) ){
     $username=$_POST['username'];
     $password=$_POST['password'];
    $sql5 = "select * FROM users where username='$username' AND password='$password'";
    $stat5 = $conn->prepare($sql5);
$stat5->execute();

$type=$row5['type'];
    if($row5 = $stat5->fetch())
{   
$type=$row5['type'];
        if($type=='admin')
        {

        header("Location:admin2.php");

    }
    else
    {

    header("Location:admin2.php");
        }
    }

alan.davies 185 What's this? · Answer 4 · 2018-09-12T17:17:23+00:00

Do not use the above code as it is open to sql injection.

I wrote a simple login here...

https://www.daniweb.com/programming/web-development/tutorials/499320/common-issues-with-mysql-and-php

See item #11