登录-不同的用户角色

Question

I have users table with a role field that stores Admin and Customer.I want the user with admin role to redirect to admin and the other redirect to index.php.

I'm not sure how to do this because I have encrypted the password from the registration form and using the password_verify function to give the user access if both passwords matches.

 function login_user() {


if(isset($_POST['btnlogin'])) {

    global $connection;

    $email = $_POST['email'];
    $password = $_POST['password'];

    $login_query = "SELECT * from users where email = '{$email}'";

    $confirm = mysqli_query($connection, $login_query);




    while($row = mysqli_fetch_assoc($confirm)) {

        $db_pass = $row['password'];
        $first_name = $row['first_name'];
        $last_name = $row['last_name'];
        $contact_num = $row['mobile'];
        $email = $row['email'];
        $postcode = $row['postcode'];
        $role = $row['role'];

        $_SESSION['firstname'] = $first_name;
        $_SESSION['lastname'] = $last_name;
        $_SESSION['mob'] = $contact_num;
        $_SESSION['email'] = $email;
        $_SESSION['postcode'] = $postcode;


    }


    if(password_verify($password, $db_pass)) {

                  redirect("index.php");

             }
         }



}

Answer 1

Use a simple if-condition:

if (password_verify($password, $db_pass)) {
    if ($role == 'admin') {    // or how do you store role value
        redirect("admin.php");
    } else {
        redirect("index.php");
    }         
}

Going further you should add role to your $_SESSION too. Something like:

// code goes here
$_SESSION['postcode'] = $postcode;
$_SESSION['is_admin'] = $role == 'admin';

You need to do this so as to check if someone who directly accesses admin.php is admin or not.