Reputation: 111
PHP / MySQL — Checking to see if a user is regular or admin
I'm trying to check if a user is a regular user or an admin.
In my database, the last item is "usertype" and it is a 0 or 1.
0 for regular user and 1 for admin user.
For some reason this is not working. It always tells me I am a "regular user." Which I know cannot be true. I did set usertype as an int to 1.
Here is my admin.php page
<?php
include_once '../includes/db_connect.php';
include_once '../includes/functions.php';
sec_session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Dashboard</title>
<link rel="stylesheet" href="style.css" />
</head>
<body>
<?php
// Create connection
$con = mysqli_connect(HOST, USER, PASSWORD, DATABASE);
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM members");
$row = mysqli_fetch_row($result);
?>
<?php
if ($row["usertype"] == 1)
{
echo "You're an admin!";
}
else
{
echo "You're a regular user.";
}
?>
</body>
</html>
Upvotes: 0
Views: 1417
Answers (3)
Reputation: 138
For me, I think that I will need WHERE clause in the query for contrasting the data against the form fields you want to check. For example, If i want the users to log in, using email address and password, I will use the code like this:
$q = "SELECT * FROM members
WHERE (email = '$e' AND pass=SHA1('$p'))";
in which,
$e = mysqli_real_escape_string ($con, $_POST['email']); and $p = mysqli_real_escape_string ($con, $_POST['password']);
And SHA() is to decrypt the password that you might use in your registration process.
So, the next steps are that:
1/ You should check if you the usertype for admin username is 1 or not. I sometimes forget this too :-(
2/ You should replace your if ($row["usertype"] == 1) {...}else{...} with
if ($_SESSION['usertype'] == 1) {
echo "You're an admin!";
}else{ ...}
Upvotes: 0
Reputation: 26066
Here is your PHP code. I condensed it & combined it:
<?php
// Create connection
$con = mysqli_connect(HOST, USER, PASSWORD, DATABASE);
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM members");
$row = mysqli_fetch_row($result);
if ($row["usertype"] == 1) {
echo "You're an admin!";
}
else {
echo "You're a regular user.";
}
?>
Your query does not specify a user. It just blankly gets all values from members:
SELECT * FROM members
Then you run this:
$row = mysqli_fetch_row($result);
Which basically means it makes no matter if you have 1,2,3 or even 300 entries in members, you will always be grabbing the first result of members and acting on that. You need to alter your query to check for a specific username from the table members.
Also, for the field usertype do you have 1 or 0 set in your database as the number 1 or 0? Or is it a string value of 1 or 0? That too can cause issues.
Upvotes: 0
Reputation: 131
Do you have more than one user in your database? Because "SELECT * FROM members" isn't selecting any specific member.
You should really be supplying a username to select from the database like so "SELECT * FROM members WHERE username = '$username'"
Otherwise, check what you're storing usertype as (varchar/int/etc) and make sure you're comparing correctly.
Upvotes: 3
Related Questions
- I am trying to check whether the user is an admin or a standard user
- SQL Query and PHP checking if a user is an Admin
- Checking if an user is an admin
- How to check if normal user or admin user is logged in when using PHP and mysql?
- Check if user is admin or normal user? PHP $_session and MYSQL
- Checking if user is admin or not in PHP
- Check if user is admin when loggin in
- check if admin or not php
- Check if user is admin PHP
- mysql check account type to see if admin on login