login - different user roles
Question
I have users table with a role field that stores Admin and Customer.I want the user with admin role to redirect to admin and the other redirect to index.php.
I'm not sure how to do this because I have encrypted the password from the registration form and using the password_verify function to give the user access if both passwords matches.
function login_user() {
if(isset($_POST['btnlogin'])) {
global $connection;
$email = $_POST['email'];
$password = $_POST['password'];
$login_query = "SELECT * from users where email = '{$email}'";
$confirm = mysqli_query($connection, $login_query);
while($row = mysqli_fetch_assoc($confirm)) {
$db_pass = $row['password'];
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$contact_num = $row['mobile'];
$email = $row['email'];
$postcode = $row['postcode'];
$role = $row['role'];
$_SESSION['firstname'] = $first_name;
$_SESSION['lastname'] = $last_name;
$_SESSION['mob'] = $contact_num;
$_SESSION['email'] = $email;
$_SESSION['postcode'] = $postcode;
}
if(password_verify($password, $db_pass)) {
redirect("index.php");
}
}
}
1 answers
solution1
1 2016-12-01 19:34:57
Use a simple if-condition:
if (password_verify($password, $db_pass)) {
if ($role == 'admin') { // or how do you store role value
redirect("admin.php");
} else {
redirect("index.php");
}
}
Going further you should add role to your $_SESSION too. Something like:
// code goes here
$_SESSION['postcode'] = $postcode;
$_SESSION['is_admin'] = $role == 'admin';
You need to do this so as to check if someone who directly accesses admin.php is admin or not.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.