Click here to Skip to main content
14,695,505 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi Guys


My registration page and login form is working fine. If any member register and then login, user come to member.php page. member page has their profile information which is only for members. Now i want to create an admin login in which admin will redirect to admin.php page. This page has all information
like:
about how many user register (done)
all other admin task(done)

I have done my admin pages but i dont know how to authorise admin login and password, if i use those then it will take me to admin area.

Here is my code of login form
<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
  <table width="700" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
      <td width="112"><b>User id (Email-id)</b></td>
      <td width="188"><input name="user_email" type="text" class="textfield" id="login" /></td>
    </tr>
    <tr>
      <td><b>Password</b></td>
      <td><input name="password" type="password" class="textfield" id="password" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Login" /></td>
    </tr>
  </table>
</form>
</body>
</html>



code for login-exec.php
<?php
    //Start session
    session_start();

    //Include database connection details
    require_once('config.php');

    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Connect to mysql server
   
   

    //Select database
    ----something----

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values
    $user_email = clean($_POST['user_email']);
    $pwd = clean($_POST['password']);

    //Input Validations
    if($user_email == '') {
        $errmsg_arr[] = 'Login ID missing';
        $errflag = true;
    }
    if($pwd == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }

    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: login-form.php");
        exit();
    }

    //Create query
    $qry="SELECT * FROM customer WHERE user_email='$user_email' AND password='$pwd' ";

    if ($user_email= )

    $result=mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $customer = mysql_fetch_assoc($result);
            $_SESSION['SESS_id'] = $customer['id'];
            $_SESSION['SESS_fname'] = $customer['first_name'];
            $_SESSION['SESS_lname'] = $customer['last_name'];
            session_write_close();
            header("location: member-index.php");
            exit();
        }else {
            //Login failed
            header("location: login-failed.php");
            exit();
        }
    }else {
        die("Query failed");
    }
?>
Posted
Updated 3-Feb-18 5:22am
Comments
Peta2010 5-Apr-12 10:26am
   
any other link by which i can study how authorized an admin in php
Peta2010 5-Apr-12 11:22am
   

1 solution

You need to have RBAC(Role Based Access Control). In the table of users in db, assign roles to them such as who is admin, who is editor,etc. Then, simply check the username, password, and role and then redirect the user to the respective page. Also in the admin page itself you should keep a check whether user is logged in and has the role of admin.

Hope this helps.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900