Add admin access to user page

Question

I Created two page. One for admin and for one user. But have there separate access on login. I wanted to give access to admin on the user page. I am not able to find the solution for that.

Now if I login in as admin and try to access the user page it will redirect me to the login page and the same case is for the user. That part is fine.

In my login form I check the role for the user and depending on that role I redirect them to their respective pages. In the admin and user page I check the role first of the user and if it is not the same it redirects them to the login page.

Now what I tried was in the user_page.php I added two roles user and administrator to check whether the login user is administrator or the user. But that part I am not able to figure out.

 <?php ob_start(); session_start(); include("db.php"); ?> <!DOCTYPE html> <html lang=""> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <style type="text/css"> .box { border: #666666 solid 1px; } label { font-weight: bold; width: 100px; font-size: 12px; } </style> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js"></script> </head> <body bgcolor="#FFFFFF"> <div align="center"> <div style="width:350px; border: solid 2px #333333; " align="left"> <div style="background-color:#333333; color:#FFFFFF; padding:4px;"><b>Login</b></div> <div style="margin:25px"> <form method="post" action=""> <?php if($_SERVER["REQUEST_METHOD"] == "POST") { $myusername1=mysqli_real_escape_string($con,$_POST['username']); $mypassword1=mysqli_real_escape_string($con,$_POST['password']); $mypassword=MD5($mypassword1); $sql="SELECT * FROM finforex_users WHERE username='$myusername1' and password='$mypassword1'"; $result=mysqli_query($con,$sql); $row=mysqli_fetch_array($result); $_SESSION['userid']=$row['userid']; $_SESSION['role']=$row['role']; $count=mysqli_num_rows($result); if($count==1) { if ($row['role']=="administrator") { header ("location: admin_page.php"); } else if ($row['role']=="user") { $_SESSION['role']=$row['role']; header ("location: user_page.php"); } } else { $error="Your Login Name or Password is invalid"; } } ?> <label>UserName :</label><input type="text" name="username" class="box" /><br /><br /> <label>Password :</label><br/><input type="password" name="password" class="box" /><br/><br /> <input type="submit" value=" Submit " /><br /> </form> <div style="font-size:11px; color:red; margin-top:100px"> <?php $error; ?> </div> </div> </div> </div> </body> </html> 

 <?php ob_start(); session_start(); include 'db.php'; if(isset($_SESSION['role'])=='administrator') { $query1= mysqli_query($con,"SELECT * FROM `finforex_users` WHERE `userid`='".$_SESSION['userid']."' AND `role`='administrator' "); $arr1 = mysqli_fetch_array($query1); $num1 = mysqli_num_rows($query1); if($num1==1) { ?> <html> <head> <style> body{ width:80%; margin: 0 auto; padding: 0; font-family: 'Open Sans', Tahoma, Arial, helvetica, sans-serif; } </style> </head> <body> <br> <h1 style="font-weight: 400;">Set Margins- Administrator</h1> <div style="float:right;"><a href="login.php">Logout</a></div> <a href="user_page.php">page 2</a> <?php } else { header ("location:login.php"); } } else header ("location:login.php"); ?> </body> </html> 

 <?php session_start(); include 'db.php'; if(isset($_SESSION['role'])=='user') { $query= mysqli_query($con,"SELECT * FROM `finforex_users` WHERE `userid`='".$_SESSION['userid']."' AND `role`='user' "); $arr = mysqli_fetch_array($query); $num = mysqli_num_rows($query); if($num==1) { ?> <style> { width:80%; margin: 0 auto; padding: 0; font-family: 'Open Sans', Tahoma, Arial, helvetica, sans-serif; } </style> <body> <h1 style="font-weight: 400;">Welcome User</h1> <div style="float:right;"><a href="logout.php">Logout</a></div> <?php } else { header ("location:login.php"); } } else header ("location:login.php"); ?> </body> 

Answer 1

Set the role condition like

if(isset($_SESSION['role'])=='user' || isset($_SESSION['role'])=='administrator'){
// User Page 
// ....code ....
}