Multi-user login trouble, also looking for good content on this topic

Violante

New Member
#1
so i'm having trouble and i really have no idea why i'm having this issue because all looks well. But basically i'm trying create multiple user levels for a web page i'm making. For some reason only the regular user role is working at the moment. Basically I want admins to be led to a different user interface. If anyone knows any good content on how to make certain pages only available when a session is started that would be very helpful because that would be my next step after I solve this, also how to create a difference in regular user sessions and admin sessions if that makes sence... But back to my real problem, please tell me why admins arent being led to my admin.php page.. I'm posting the code below.
Mã:
<?php
session_start();
include 'db.php';
mysqli_select_db($conn, 'users');

$user = $_POST ['user'];
$pass = $_POST ['pass'];
$reg = '0';
$admin = '1';
$hashedpassword = password_hash ($pass, PASSWORD_DEFAULT);

//this query is for admin users **dont forget to change active to 1 within
db
$qa = "select * from users where username ='$user' and active = '0' and admin = '$admin'";

//this query is for regular users
$q = "select * from users where username ='$user' and active = '0' and admin
= '$reg'";

//these will run the querys above (a = admin)
$resulta = mysqli_query($conn, $qa);
$result = mysqli_query($conn, $q);

//will count rows and verify admin users
$numa = mysqli_num_rows($resulta);
$rowa = mysqli_fetch_array($resulta, MYSQLI_ASSOC);

//will count rows and verify regular users
$num = mysqli_num_rows($result);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);


if(password_verify($pass,$row['password']))
{
if ($num == 1) {
$_SESSION['username'] = $user;
header('location:index.php');
}
else if (password_verify($pass,$rowa['password']))
{
if ($numa == 1) {
$_SESSION['username'] = $user;
header('location:admin.php');
}
}
}
echo mysqli_error($conn);
?>
 

Admin

Administrator
Thành viên BQT
#2
your code seems a little confusing to me, so I've sampled it down, instead of running two different queries, why not just one. Look at this code below, this will help you transfer to admin page when admin logs in, and redirects you to regular page in case of all others.

All I am doing is checking the row value, instead of checking the count again.

Mã:
 <?php
    session_start();
    include 'db.php';
    mysqli_select_db($conn, 'users');

    $user=mysqli_real_escape_string($conn,$_POST['username']);
    $pass=mysqli_real_escape_string($conn,$_POST['password']);
    $hashedpassword = password_hash ($pass, PASSWORD_DEFAULT);

    $sql="select * from users where username ='$user' and active = '0'";
    $result=mysqli_query($conn,$sql);
    $row=mysqli_fetch_array($result, MYSQLI_ASSOC);

    if(password_verify($mypassword, $row["pass"])) {
        $_SESSION['username']=$user;
        if($row["admin"] == "1")
            header("location: admin.php");

        else if($row["admin"]=="0")
            header("location: index.php");
    }
    else
        echo mysqli_error($conn);

?>
 
Top