/    Sign up×
Community /Pin to ProfileBookmark

Permissions in log-ins/sign-ups using PHP

I’m a newbie in PHP. I just want to ask how to redirect accounts that are ‘admins’ and ‘users’ to a specific page when they login.

  • When I login as an admin it will be directed to a page like “superuser.php” where I can create an account for “users” in the GUI of the website.

  • When the created “user” account is logged in it will be directed to a page like “user.php” with a different privilege.
  • The ‘user’ signup page is different from the ‘admin’ as it will be located at the admin’s homepage. that is where I’m stuck at the moment

    so far I did the ‘admin’ part.

    my php code:

    ‘<?php
    session_start();
    // variable declaration
    $username = “”;
    $errors = array();
    $_SESSION[‘success’] = “”;

    // connect to database
    $db = mysqli_connect(‘localhost’,’root’,”,’registration’);
    if (mysqli_connect_errno($db)) {
    echo “Failed to connect to MySQL:” . mysqli_connect_error();
    }

    // REGISTER USER
    if (isset($_POST[‘reg_user’])) {
    // receive all input values from the form
    $username = mysqli_real_escape_string($db, $_POST[‘username’]);
    $password_1 = mysqli_real_escape_string($db, $_POST[‘password_1’]);
    $password_2 = mysqli_real_escape_string($db, $_POST[‘password_2’]);

    // form validation: ensure that the form is correctly filled
    if (empty($username)) { array_push($errors, “Username is required”); }
    if (empty($password_1)) { array_push($errors, “Password is required”); }

    if ($password_1 != $password_2) {
    array_push($errors, “The two passwords do not match”);
    }

    // register user if there are no errors in the form
    if (count($errors) == 0) {
    $password = md5($password_1);//encrypt the password before saving in the database
    $query = “INSERT INTO users (username, password)
    VALUES(‘$username’, ‘$password’)”;
    mysqli_query($db, $query);

    $_SESSION[‘username’] = $username;
    $_SESSION[‘success’] = “You are now logged in”;
    header(‘location: login.php’);
    }

    }

    // …

    // LOGIN USER
    if (isset($_POST[‘login_user’])) {
    $username = mysqli_real_escape_string($db, $_POST[‘username’]);
    $password = mysqli_real_escape_string($db, $_POST[‘password’]);

    if (empty($username)) {
    array_push($errors, “Username is required”);
    }
    if (empty($password)) {
    array_push($errors, “Password is required”);
    }

    if (count($errors) == 0) {
    $password = md5($password);
    $query = “SELECT * FROM users WHERE username=’$username’ AND password=’$password'”;
    $results = mysqli_query($db, $query);

    if (mysqli_num_rows($results) == 1) {
    $_SESSION[‘username’] = $username;
    $_SESSION[‘success’] = “You are now logged in”;
    header(‘location: home.html’);
    }else {
    array_push($errors, “Wrong username or password combination”);
    }
    }
    }

    ?>’

    to post a comment
    PHP

    14 Comments(s)

    Copy linkTweet thisAlerts:
    @ginerjmApr 07.2020 — I would set a flag in the users table so that when you log them in you can check the flag to see what kind of user they are. Then I would use that to change the scriptname in the Header call that I make after that. You are already making the header calls this just helps you decide where to go.
    Copy linkTweet thisAlerts:
    @frncsknauthorApr 07.2020 — @ginerjm#1617120 can you provide an example for that? thank you so much
    Copy linkTweet thisAlerts:
    @ginerjmApr 07.2020 — Modify the structure of your users table to add the flag. Then add that flag name to your query that verifies the log in. When you check the query results grab that flag value and when you are ready to "go" somewhere use and if statement to determine what type of user he is and call the header() function with the appropriate script name in it, like you are already doing.
    Copy linkTweet thisAlerts:
    @NogDogApr 07.2020 — Yeah, you definitely need to add some additional field (e.g. user_type or such), that could just be an integer: 1 represents normal user, 2 represents admin, etc. Then when you do your login DB query, retrieve that value and store it in your $_SESSION data. Then you can check it whenever you need to decide what access the user should have, e.g.:
    <i>
    </i>if($_SESSION['user_type'] == 2) {
    $redirectPage = 'admin';
    } else {
    $redirectPage = 'user';
    }
    header("Location: https://example.com/$redirectPage.php");
    exit;

    Likewise, the admin page itself would check that the user is an admin by looking at that $_SESSION value, throwing up an error or redirecting them to the login page if not.
    Copy linkTweet thisAlerts:
    @frncsknauthorApr 08.2020 — @NogDog#1617129 how does the php script know what is the admin account and user account?
    Copy linkTweet thisAlerts:
    @OvOApr 08.2020 — $_SESSION is a array there you can store data as array. example

    $_SESSION['account_role'] = 'admin'

    but you need always session_start() at the beginning of your php script. You can make an if clause that checks if the user has role admin or user.

    example code

    session_start();<br/>
    if($_SESSION["account_role"] == "admin")<br/>
    echo('Youre an admin!');
    Copy linkTweet thisAlerts:
    @frncsknauthorApr 08.2020 — @OvO#1617156 I have the session_start() at the beginning of my script. The problem is everytime I create an account through the signup form it shows that the created account is user. I want to create an admin account first
    Copy linkTweet thisAlerts:
    @OvOApr 08.2020 — @frncskn#1617157 can you please send your script here and i can look for you
    Copy linkTweet thisAlerts:
    @frncsknauthorApr 08.2020 — @OvO#1617156 Do I need to create a separate db for users and admin?
    Copy linkTweet thisAlerts:
    @frncsknauthorApr 08.2020 — @OvO#1617158 The script is posted above :)
    Copy linkTweet thisAlerts:
    @OvOApr 08.2020 — No just add an collum with user_role as vchar or number do it like you want in your users table
    Copy linkTweet thisAlerts:
    @frncsknauthorApr 08.2020 — @OvO#1617161

    for what its worth. this is the db that I'm trying to use

    CREATE TABLE users (
    id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
    username varchar(100) NOT NULL,
    password varchar(100) NOT NULL,
    user_type varchar(20) NOT NULL,<br/>
    index(user_type)<br/>
    ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
    Copy linkTweet thisAlerts:
    @ginerjmApr 08.2020 — That is a table, not a db. Simply add a new column for "user_type" of 1 char and create some codes for the different types of users you will have. Create a brand new table to store these codes and their titles for lookup when you need to do that.

    Once you have this new user_type column in the user table just add that name to the select query you use to verify their login. Check the value to decide how to handle them after that. If you need to, save the user_type in the $_SESSION array along with the userid (if you are doing that).

    This isn't rocket science. Just a new field in a table you are already familiar with.

    PS This field should not be a key field.
    Copy linkTweet thisAlerts:
    @zaekaleemApr 18.2020 — you have this new user_type column [url=https://showbox.bio/][color=#000000]Showbox[/color][/url] [url=https://jfi.uno/jiofilocalhtml][color=#000000] jiofi.local.html[/color][/url] [url=https://adminlogin.co/tplinklogin/][color=#000000]tplinklogin[/color][/url] in the user table just add that name to the select query you use to verify their login.
    ×

    Success!

    Help @frncskn spread the word by sharing this article on Twitter...

    Tweet This
    Sign in
    Forgot password?
    Sign in with TwitchSign in with GithubCreate Account
    about: ({
    version: 0.1.9 BETA 3.28,
    whats_new: community page,
    up_next: more Davinci•003 tasks,
    coming_soon: events calendar,
    social: @webDeveloperHQ
    });

    legal: ({
    terms: of use,
    privacy: policy
    });
    changelog: (
    version: 0.1.9,
    notes: added community page

    version: 0.1.8,
    notes: added Davinci•003

    version: 0.1.7,
    notes: upvote answers to bounties

    version: 0.1.6,
    notes: article editor refresh
    )...
    recent_tips: (
    tipper: @darkwebsites540,
    tipped: article
    amount: 10 SATS,

    tipper: @Samric24,
    tipped: article
    amount: 1000 SATS,

    tipper: Anonymous,
    tipped: article
    amount: 10 SATS,
    )...