stackoom
  简体   繁体   中英

Admin and User PHP Database login

 原文  2018-11-10 01:59:16       php/ mysql/ database/ forms/ session

Question

I am pretty new to php coding and I have setup a working signup/signin system for a website, but now I want to create an admin user which can edit/upload pictures to the website. I just have no idea how to do it, so far I have just added a column to phpmyadmin which is usertype and its an enum with two variables which are admin and users, and I have set the default to user so when someone signs up they are defaulted as a user. so any help would be greatly appreciated.

This is my login php

if (isset($_POST['login-submit'])) {
    #
require 'dbh.inc.php';

$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];

if (empty($mailuid) || empty($password)) {
    header("Location: ../index.php?error=emptyfields");
    exit();

}else {
    $sql = "SELECT * FROM users WHERE uidUsers=?;";
    $stmt = mysqli_stmt_init($conn);
    if (!mysqli_stmt_prepare($stmt, $sql)) {
        header("Location: ../index.php?error=sqlerror");
        exit();
    }else{

        mysqli_stmt_bind_param($stmt, "s", $mailuid);
        mysqli_stmt_execute($stmt);
        $result = mysqli_stmt_get_result($stmt);
        if ($row = mysqli_fetch_assoc($result)) {
            $pwdCheck = password_verify($password, $row['pwdUsers']);
            if ($pwdCheck == false) {
                header("Location: ../index.php?error=wrongpassword");
        exit();
            }elseif ($pwdCheck == true) {
                session_start();
                $_SESSION['userId'] = $row['idUsers'];
                $_SESSION['userUid'] = $row['uidUsers'];

                header("Location: ../index.php?login=success");
                exit();

            }
        }
        else {
            header("Location: ../index.php?error=nouser");
        exit();
        }
    }

    }



}else {
    header("Location: ../index.php");
    exit();
}

This is my signup php

<?php
if (isset($_POST['signup-sumbit'])) {

    require 'dbh.inc.php';


    $username = $_POST['uid'];
    $email = $_POST['mail'];
    $password = $_POST['pwd'];
    $passwordRepeat = $_POST['pwd-repeat'];

    if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
        header("Location: ../signup.php?error=emptyfields&uid=".$username."&mail=".$email);
        exit();
    }elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
        header("Location: ../signup.php?error=invaildmailuid");
        exit();
    }elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        header("Location: ../signup.php?error=invaildmail&uid=".$username);
        exit();
    }elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
        header("Location: ../signup.php?error=invailduid&mail=".$email);
        exit();
    }elseif ($password !== $passwordRepeat) {
        header("Location: ../signup.php?error=passwordcheck&uid=".$username."&mail=".$email);
        exit(); 
    }else{
        $sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
        $stmt = mysqli_stmt_init($conn);
        if (!mysqli_stmt_prepare($stmt, $sql)) {
            header("Location: ../signup.php?error=sqlerror1");
            exit();
        } else {
            mysqli_stmt_bind_param($stmt, "s", $username);
            mysqli_stmt_execute($stmt);
            mysqli_stmt_store_result($stmt);
            $resultCheck = mysqli_stmt_num_rows($stmt);
            if ($resultCheck > 0) {
                header("Location: ../signup.php?error=usertaken&mail=".$email);
                exit();
            } else {
                $sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
                $stmt = mysqli_stmt_init($conn);
                if (!mysqli_stmt_prepare($stmt, $sql)) {
                    header("Location: ../signup.php?error=sqlerror");
                    exit();
                    } else {
                        $hashedPwd = password_hash($password, PASSWORD_DEFAULT);


                        mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
                        mysqli_stmt_execute($stmt);
                        header("Location: ../signup.php?signup=success");
                        exit();
                    }




            }


        }



    }
    mysqli_stmt_close($stmt);
    mysqli_close($conn);


}else {
    header("Location: ../signup.php");
    exit();

}

This is a picture of the new column I added Picture of phpmyadmin

1 answers

solution1
 1  2018-11-10 02:18:20

This is the code where you are checking if user has admin privileges and store in session

if($row['user_type'] == 'Admin'){
          $_SESSION['isAdmin'] = true;
}else{
          $_SESSION['isAdmin'] = false;
}

later you can use $_SESSION['isAdmin'] to give privileges as you wish

if($_SESSION['isAdmin']){
//code for uploading pictuers ..
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question User/Admin login via PHP Differentiate between admin login and user login in php admin and user login php mysql form How to make login form with admin and user in php Creating Admin/User login system in PHP Send an email to admin when user login in PHP Trying to create a login for Admin/User PHP Admin and normal user login system PHP MYSQL How to make a separated login for the admin and user in PHP? How to create a Login using user and admin in php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM