CODEWITHSUNDEEP
phphtmlmysqlvalidation
laurence albano
laurence albano

Reputation: 23

How to check if normal user or admin user is logged in when using PHP and mysql?

I have this example code for logging in two users namely 'user' and 'admin'. How do you validate each two when logging in so that after successful logged in it will redirect them to their respective pages.

HTML Code

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title>Login</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" href="stylelogin.css">
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
    <!-- Latest compiled and minified CSS -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
    <!-- Optional theme -->
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
  </head>
  <body>
    <!-- Navigation Bar -->
    <nav class="navbar navbar-inverse">
      <div class="container-fluid">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#myNavbar">
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="index.html">Welcome</a>
        </div>
        <div class="collapse navbar-collapse" id="myNavbar">
          <ul class="nav navbar-nav navbar-right">
            <li><a href="index.html"><span class="glyphicon glyphicon-step-backward"></span>Back</a></li>
          </ul>
        </div>
      </div>
    </nav>


    <div class="container">
      <div id="login-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
              <div class="modal-dialog">
                    <div class="loginmodal-container">
                        <h1>Login to Your Account</h1><br>
                      <form action="Model/loginbackend.php" method="post">
                            <input type="text" name="username" placeholder="Username" autofocus required>
                            <input type="password" name="password" placeholder="Password" required>
                            <input type="submit" name="login" class="login loginmodal-submit" value="Login">
                      </form>

                      <div class="login-help">
                        No account? Register <a href="signup.html">Here</a>
                      </div>
                    </div>
                </div>
              </div>
    </div>
  </body>
  <!-- Latest compiled and minified JavaScript -->
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
</html>

I have this sample php code.

PHP Code

<?php
include "connection.php";
session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if (!empty($username) && !empty($password)) {

  $sql = "select * from users where username = '$username' and password = '$password'";
  $result = mysqli_query($conn, $sql);

  $row = mysqli_fetch_assoc($result);

  if($row){
      $_SESSION["user_id"] = $row["userid"];
      header('Location: /laurence/FirstDayTraining/Model/users.php');
  }
  else
  {

    $sql = "select * from admin where adminusername = '$username' and adminpassword = '$password'";

    $result = mysqli_query($conn, $sql);

    $row = mysqli_fetch_assoc($result);
    $_SESSION["adminuser_id"] = $row["adminid"];
    header('Location: /laurence/FirstDayTraining/Model/admin.php');
  }

  mysqli_close($conn);
}

?>

In this condition

  if($row){
      $_SESSION["user_id"] = $row["userid"];
      header('Location: /laurence/FirstDayTraining/Model/users.php');
  }
  else
  {

    $sql = "select * from admin where adminusername = '$username' and adminpassword = '$password'";

    $result = mysqli_query($conn, $sql);

    $row = mysqli_fetch_assoc($result);
    $_SESSION["adminuser_id"] = $row["adminid"];
    header('Location: /laurence/FirstDayTraining/Model/admin.php');
  }

this will redirect to their respective pages. But when I put any input any my textbox username and password. Example I will input random text like : for username asdu : for password asoda. The inputs that I used was not mainly found in my database. But it still redirects me to the admin page. Is there any correct way to validate my form.. Please help, I'm quite new to php. Thanks in advance.

Upvotes: 1

Views: 2097

Answers (2)

lkdhruw
lkdhruw

Reputation: 582

You can add a role column in your database and assign each admins/ editors manually through script otherwise they will be a user by default. After that you can identify them easily 

if( $row['role'] == 'admin')
$_SESSION['user_role'] = $row['role'] ;

Upvotes: 1

DarkSideKillaz
DarkSideKillaz

Reputation: 138

You need to find out of mysqli has a result for you. You Can check it like this:

if ($result->num_rows) {
    $row = mysqli_fetch_assoc($result);
    $_SESSION["adminuser_id"] = $row["adminid"];
    header('Location: /laurence/FirstDayTraining/Model/admin.php');
}
//this will check if something is returned by your query if not then dont redirect

Upvotes: 1

Related Questions