Hi I'm a student and noob on programming. I just want this code to be able to redirect to my user index.php if the userlevel that has been logged in is not an admin. Currently it goes to my admin dashboard which I copied from a site and it works. Here's my sample code:
<?php
// Initialize the session
session_start();
// Check if the user is already logged in, if yes then redirect him to welcome page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
header("location: dashboard.php");
exit;
}
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Check if username is empty
if(empty(trim($_POST["username"]))){
$username_err = "Please enter username.";
} else{
$username = trim($_POST["username"]);
}
// Check if password is empty
if(empty(trim($_POST["password"]))){
$password_err = "Please enter your password.";
} else{
$password = trim($_POST["password"]);
}
// Validate credentials
if(empty($username_err) && empty($password_err)){
// Prepare a select statement
$sql = "SELECT user_id, username, password FROM users WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
mysqli_stmt_bind_result($stmt, $user_id, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)){
if(password_verify($password, $hashed_password)){
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["user_id"] = $user_id;
$_SESSION["username"] = $username;
// Redirect user to welcome page
header("location: admin/dashboard.php");
} else{
// Display an error message if password is not valid
$password_err = "Invalid username or password. Please try again.";
}
}
} else{
// Display an error message if username doesn't exist
$password_err = "Invalid username or password. Please try again.";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>Login</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style type="text/css">
body{ font: 14px sans-serif; background-image: url("bg.png");
background-color: #cccccc;}
.wrapper{ width: 400px; padding: 20px; margin: 0 auto; background-color: black; color: white; margin-top: 80px;}
.center { display: block; margin-left: auto; margin-right: auto; width: 60%;}
</style>
</head>
<body>
<div class="wrapper">
<br>
<img alt="logo" src="logo.png" class="center"/>
<h2 align="center">Secret Cafe Billing System</h2>
<p align="center">Please fill in your credentials to login.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<label>Username</label>
<input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>Password</label>
<input type="password" name="password" class="form-control">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<br>
<div align="center" class="form-group">
<input type="submit" class="btn btn-primary" value="Login">
</div>
<br><br>
</form>
</div>
</body>
</html>
I just edited the error message both on username and password if entered an invalid credentials because our adviser wanted to have a general error on both and not specified on which input the user got the wrong credentials. Tweaked it and thankfully it worked. Please help.
OK I figured it out thankfully. Here's my answer.
<?php
// Initialize the session
session_start();
// Check if the user is already logged in, if yes then redirect him to welcome page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
header("location: dashboard.php");
exit;
}
// Include config file
require_once "config.php";
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Check if username is empty
if(empty(trim($_POST["username"]))){
$username_err = "Please enter username.";
} else{
$username = trim($_POST["username"]);
}
// Check if password is empty
if(empty(trim($_POST["password"]))){
$password_err = "Please enter your password.";
} else{
$password = trim($_POST["password"]);
}
// Validate credentials
if(empty($username_err) && empty($password_err)){
// Prepare a select statement
$sql = "SELECT user_id, userlvl, username, password FROM users WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
mysqli_stmt_bind_result($stmt, $user_id, $userlvl, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)){
if(password_verify($password, $hashed_password)){
// Password is correct, so start a new session
session_start();
if ($userlvl == 'Admin') {
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["user_id"] = $user_id;
$_SESSION["username"] = $username;
// Redirect user to welcome page
header("location: admin/dashboard.php");
} else {
$_SESSION["loggedin"] = true;
$_SESSION["user_id"] = $user_id;
$_SESSION["username"] = $username;
// Redirect user to welcome page
header("location: admin/billing.php");
}
} else{
// Display an error message if password is not valid
$password_err = "Invalid username or password. Please try again.";
}
}
} else{
// Display an error message if username doesn't exist
$password_err = "Invalid username or password. Please try again.";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<title>Login</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style type="text/css">
body{ font: 14px sans-serif; background-image: url("bg.png");
background-color: #cccccc;}
.wrapper{ width: 400px; padding: 20px; margin: 0 auto; background-color: black; color: white; margin-top: 80px;}
.center { display: block; margin-left: auto; margin-right: auto; width: 60%;}
</style>
</head>
<body>
<div class="wrapper">
<br>
<img alt="logo" src="logo.png" class="center"/>
<h2 align="center">Secret Cafe Billing System</h2>
<p align="center">Please fill in your credentials to login.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<label>Username</label>
<input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>Password</label>
<input type="password" name="password" class="form-control">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<br>
<div align="center" class="form-group">
<input type="submit" class="btn btn-primary" value="Login">
</div>
<br><br>
</form>
</div>
</body>
</html>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.