CODEWITHSUNDEEP
php
Rudie Visser
Rudie Visser

Reputation: 580

Check if user is admin PHP

I have a users table with this structure:

id
username
password
dealer (admin)

Now I want to check on login if the user is a dealer, the dealer can hold a value of 0 (normal user) or 1 (admin), but I have no idea how to do this (I'm new to PHP).

This is the login form:

    <form action="index.php?action=login" method="post" style="width: 50%;">
        <input type="hidden" name="login" value="true" />

<?php if ( isset( $results['errorMessage'] ) ) { ?>
        <div class="errorMessage"><?php echo $results['errorMessage'] ?></div>
<?php } ?>

        <ul>

          <li>
            <label for="username">Username</label>
            <input type="text" name="username" id="username" placeholder="Uw gebruikersnaam" required autofocus maxlength="20" />
          </li>

          <li>
            <label for="password">Password</label>
            <input type="password" name="password" id="password" placeholder="Uw wachtwoord" required maxlength="20" />
          </li>

        </ul>

        <div class="buttons">
          <input type="submit" name="login" value="Login" />
        </div>

      </form>

And this is the login function:

    function login() {

  $results = array();
  $results['pageTitle'] = "Admin Login | Gemeente Urk";

  $host = "localhost";
  $mysqluser = "root";
  $mysqlpass = "usbw";
  $db = "wagenpark";

  mysql_connect($host, $mysqluser, $mysqlpass);
  mysql_select_db($db);

  if ( isset( $_POST['login'] ) ) {

      $gebruiker = $_POST['username'];
      $wachtwoord = $_POST['password'];
      $sql = "SELECT * FROM users WHERE username='".$gebruiker."' AND password='".$wachtwoord."' LIMIT 1";
      $res = mysql_query($sql) or die (mysql_error());
      if (mysql_num_rows($res) == 1) {
          $_SESSION['username'] = $gebruiker;
          header( "Location: index.php" );

    } else {

      // Login failed: display an error message to the user
      $results['errorMessage'] = "Incorrect username or password. Please try again.";
      require( TEMPLATE_PATH . "/admin/loginForm.php" );
    }

  } else {

    // User has not posted the login form yet: display the form
    require( TEMPLATE_PATH . "/admin/loginForm.php" );
  }

}

Thanks already.

Upvotes: 2

Views: 2927

Answers (1)

Max Rumpf
Max Rumpf

Reputation: 138

If I understand that right, you have a MySQL Database, where you save the Username, Id, Password and if he/she is Admin. In this part:

$res = mysql_query($sql) or die (mysql_error());
if (mysql_num_rows($res) == 1) {
      $_SESSION['username'] = $gebruiker;
      header( "Location: index.php" );

You could just get the Admin value of the result. It would propably look like this:

$res = mysql_query($sql) or die (mysql_error());
if (mysql_num_rows($res) == 1) {
      $_SESSION['username'] = $gebruiker;
      while($row = mysql_fetch_object($res))
      {
          $admin = $row->Admin;
      }
      if ($admin == 1) {Do something...}
      else {Do something if he is not Admin}
      header( "Location: index.php" );

And then you could save that into the $_SESSION.

I hop that helped, If it doesn't work, please tell me.

Upvotes: 1

Related Questions