2

I have a users table with this structure:

id
username
password
dealer (admin)

Now I want to check on login if the user is a dealer, the dealer can hold a value of 0 (normal user) or 1 (admin), but I have no idea how to do this (I'm new to PHP).

This is the login form:

    <form action="index.php?action=login" method="post" style="width: 50%;">
        <input type="hidden" name="login" value="true" />

<?php if ( isset( $results['errorMessage'] ) ) { ?>
        <div class="errorMessage"><?php echo $results['errorMessage'] ?></div>
<?php } ?>

        <ul>

          <li>
            <label for="username">Username</label>
            <input type="text" name="username" id="username" placeholder="Uw gebruikersnaam" required autofocus maxlength="20" />
          </li>

          <li>
            <label for="password">Password</label>
            <input type="password" name="password" id="password" placeholder="Uw wachtwoord" required maxlength="20" />
          </li>

        </ul>

        <div class="buttons">
          <input type="submit" name="login" value="Login" />
        </div>

      </form>

And this is the login function:

    function login() {

  $results = array();
  $results['pageTitle'] = "Admin Login | Gemeente Urk";

  $host = "localhost";
  $mysqluser = "root";
  $mysqlpass = "usbw";
  $db = "wagenpark";

  mysql_connect($host, $mysqluser, $mysqlpass);
  mysql_select_db($db);

  if ( isset( $_POST['login'] ) ) {

      $gebruiker = $_POST['username'];
      $wachtwoord = $_POST['password'];
      $sql = "SELECT * FROM users WHERE username='".$gebruiker."' AND password='".$wachtwoord."' LIMIT 1";
      $res = mysql_query($sql) or die (mysql_error());
      if (mysql_num_rows($res) == 1) {
          $_SESSION['username'] = $gebruiker;
          header( "Location: index.php" );

    } else {

      // Login failed: display an error message to the user
      $results['errorMessage'] = "Incorrect username or password. Please try again.";
      require( TEMPLATE_PATH . "/admin/loginForm.php" );
    }

  } else {

    // User has not posted the login form yet: display the form
    require( TEMPLATE_PATH . "/admin/loginForm.php" );
  }

}

Thanks already.

Improve this question
1

1 Answer 1

Reset to default
1

If I understand that right, you have a MySQL Database, where you save the Username, Id, Password and if he/she is Admin. In this part:

$res = mysql_query($sql) or die (mysql_error());
if (mysql_num_rows($res) == 1) {
      $_SESSION['username'] = $gebruiker;
      header( "Location: index.php" );

You could just get the Admin value of the result. It would propably look like this:

$res = mysql_query($sql) or die (mysql_error());
if (mysql_num_rows($res) == 1) {
      $_SESSION['username'] = $gebruiker;
      while($row = mysql_fetch_object($res))
      {
          $admin = $row->Admin;
      }
      if ($admin == 1) {Do something...}
      else {Do something if he is not Admin}
      header( "Location: index.php" );

And then you could save that into the $_SESSION.

I hop that helped, If it doesn't work, please tell me.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Can I fetch the admin value with the result of the query? I didn't inlcude the field in the query but can I still use it?
I tried it and I get this error: Notice: Trying to get property of non-object in C:\Users\Rudie\Documents\Wagenpark\root\index.php on line 55
Well, the query gets all Fields of your User's Row.
Just a security Tip: If you want to protect the passwords of your Users, you can use the md5() method. It generates a Hash that you can't reproduce. So if the User registers, you can save their password directly as a md5() Hash and if the log in, you turn the Password they submitted into a md5() Hash and check if the Hash of the password they submitted is the same as the one in the Database. These md5() Hashes always stay the same for the same Word. Some more on md5 Hashes: w3schools.com/php/func_string_md5.asp
Thanks, but this is just a private school project of mine, it's not going on a website. If I were doing that I'd make sure the passwords were protected :)
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.