0

Hey guys this is my php file named login.php. so whats my question. I want to have 2 user members: 1 admin and 1 user. admin and user must have different pages. In my code i have only user and if you will type normal users username and password it will lead you to the users page, but i cant do same on admins username and password it shows nothing.Help me guys to make admins login too.

<?php

    $host = "localhost";
    $user = "root";
    $pass = "";
    $db = "test";
    $tbl_name = "users";
    $tbl_name1 = "admins";

    mysql_connect($host, $user, $pass) or die (mysql_error());
    mysql_select_db($db) or die (mysql_error());

    if(isset($_POST['username'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];
        $sql = "SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1 ";
        $res = mysql_query($sql);


        if(mysql_num_rows($res) == 1) {
            header("location:update.php");
            echo "You have successfuly logged in.";
            exit();
        } else {
            // session_register("username");
            // session_register("password");
            echo "Invalid logind information. Please return to the previous page";
            header("location:login.php");

            exit();
        }

    }

    ?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
brithwulf
  • 538
  • 10
  • 35
  • 2
    Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[a Kitten is strangled somewhere in the world](http://2.bp.blogspot.com/-zCT6jizimfI/UjJ5UTb_BeI/AAAAAAAACgg/AS6XCd6aNdg/s1600/luna_getting_strangled.jpg)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Feb 09 '17 at 21:28
  • 1
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Feb 09 '17 at 21:28
  • 1
    Dont store plain text passwords! PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) – RiggsFolly Feb 09 '17 at 21:28
  • ___but i cant do same on admins username and password___ thats because you have not even tried to – RiggsFolly Feb 09 '17 at 21:30

1 Answers1

0

Firstly, get rid of mysql, and use mysqli. mysql is deprecated and has been removed in PHP 7.

Secondly, assuming you have switched to mysqli, you can store groups inside your user database in a new column that you can check for.

if($row["group"] == 'admin') {
//Display admin webpage
} else {
//Display user webpage
}
George Jones
  • 245
  • 2
  • 11