6 Replies - 2233 Views - Last Post: 17 September 2014 - 10:03 AM Rate Topic: -----

#1 stowie  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 10-September 14

Admin and User Login form

Posted 17 September 2014 - 12:57 AM

I want to make a login form with user and admin. Is there anybody who can help me? here is my current working code for the user.

 <?php 
	session_start();

	if(isset($_SESSION['valid'])){
		header("Location:home.php");
	}
?>
<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8">
	<title>Grade Information System</title>
	<link rel="stylesheet" media="screen" href="login.css" >
</head>
<body>
<form class="contact_form" action="verify.php" method="post" name="contact_form">
    <ul>
        <li>
             <h2>PLease Login</h2>
             <span class="required_notification">* Denotes Required Field</span>
        </li>
        <li>
            <label for="name">User Name:</label>
            <input type="text"  placeholder="Joe" required  name="name"/>
	    <span class="form_hint">Proper format "Joe"</span>
        </li>
	 <li>
            <label for="name">Password:</label>
            <input type="password"  placeholder="Dinagat" required  name="name"/>
	    <span class="form_hint">Proper format "xxxxxxx"</span>
        </li>
        <li>
        	<button class="submit" type="submit">Login</button>
        </li>
    </ul>

</form>
</body>
</html>


login.php

<?php
session_start();
$errmsg_arr = array();
$errflag = false;
// configuration
$dbhost 	= "localhost";
$dbname		= "sample";
$dbuser		= "root";
$dbpass		= "";
 
// database connection
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
 
// new data
 
$username = $_POST['username'];
$password = $_POST['password'];
 
if($username == '') {
	$errmsg_arr[] = 'You must enter your Username';
	$errflag = true;
}
if($password == '') {
	$errmsg_arr[] = 'You must enter your Password';
	$errflag = true;
}
 
// query
$result = $conn->prepare("SELECT * FROM applicant WHERE username= :hjhjhjh AND password= :asas");
$result->bindParam(':hjhjhjh', $username);
$result->bindParam(':asas', $password);
$result->execute();
$rows = $result->fetch(PDO::FETCH_NUM);
if($rows > 0) {
header("location: home.php");
}
else{
	$errmsg_arr[] = 'Username and Password are not found';
	$errflag = true;
}
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: online.php");
	exit();
}
 
?>



Is This A Good Question/Topic? 0
  • +

Replies To: Admin and User Login form

#2 AppelPeer  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 17-September 14

Re: Admin and User Login form

Posted 17 September 2014 - 01:26 AM

You can create a new field in the database with for example the name "permissions".
So you check first if there is any record with the entered username and password.
And after that you can check which permission the user has from the "permissions" field.
Was This Post Helpful? 0
  • +
  • -

#3 Slice  Icon User is offline

  • sudo pacman -S moneyz


Reputation: 253
  • View blog
  • Posts: 761
  • Joined: 24-November 08

Re: Admin and User Login form

Posted 17 September 2014 - 02:12 AM

Try and post a little more detail otherwise it's difficult for anyone to give you any useful advice. What have you tried? Are there any errors? Whats it's current behaviour? What is its desired behaviour?
Was This Post Helpful? 0
  • +
  • -

#4 stowie  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 10-September 14

Re: Admin and User Login form

Posted 17 September 2014 - 02:43 AM

There is only one login form that should be able user and admin login from, I try too much to solve this problem, but all my solution does not work.In MySQL database I have two tables, one for users and one for Admin. The codes posted above is for the users side.
Was This Post Helpful? 0
  • +
  • -

#5 chris98  Icon User is offline

  • D.I.C Lover

Reputation: 40
  • View blog
  • Posts: 1,100
  • Joined: 06-July 13

Re: Admin and User Login form

Posted 17 September 2014 - 07:11 AM

A couple of things with the current code:

  • After header() you must use exit()
  • Why do you define an array of errors, send it into a session and not use it?
  • You define $errorflag as true IF there are errors - why not just use if (count($errmsg_arr))?

Was This Post Helpful? 0
  • +
  • -

#6 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1836
  • View blog
  • Posts: 5,783
  • Joined: 15-January 14

Re: Admin and User Login form

Posted 17 September 2014 - 09:56 AM

A couple other issues:

It looks like you are storing your passwords in plain text in the database. That's a bad idea, you need to hash and salt passwords before storing them in the database.

If your select query returns records, you don't do anything except redirect. You don't store the user's username in the session, for example.

If you want to check for different kinds of users in different tables, you need to add another query. If a user was not found in the regular user table, then check the admin table to see if they're in that one.
Was This Post Helpful? 0
  • +
  • -

#7 chris98  Icon User is offline

  • D.I.C Lover

Reputation: 40
  • View blog
  • Posts: 1,100
  • Joined: 06-July 13

Re: Admin and User Login form

Posted 17 September 2014 - 10:03 AM

Quote

If a user was not found in the regular user table, then check the admin table to see if they're in that one.


Or, a more flexible approach would be to add a column called 'group_id' into the users table, create a groups table and then check the group id of the current user - this would be more work though.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1