Jump to content


New Members
  • Posts

  • Joined

  • Last visited

Everything posted by eamaan

  1. i got this to work but now i dont know how to put user roles like admin and user and if its an admin access dashboard.php like i dont know how to provide authorization for roles. In my db there is a $role field of VARCHAR how to access it and give authorization ? ex. if role = user then go to userdashboard.php or else if role = admin go to admindashboard.php <?php // initializing variables $username = ""; $email = ""; $errors = array(); // connect to the database $db = mysqli_connect('localhost', 'root', '', 'homerepair'); // REGISTER USER if (isset($_POST['reg_user'])) { // receive all input values from the form $username = mysqli_real_escape_string($db, $_POST['username']); $email = mysqli_real_escape_string($db, $_POST['email']); $password_1 = mysqli_real_escape_string($db, $_POST['password_1']); $password_2 = mysqli_real_escape_string($db, $_POST['password_2']); // form validation: ensure that the form is correctly filled ... // by adding (array_push()) corresponding error unto $errors array if (empty($username)) { array_push($errors, "Username is required"); } if (empty($email)) { array_push($errors, "Email is required"); } if (empty($password_1)) { array_push($errors, "Password is required"); } if ($password_1 != $password_2) { array_push($errors, "The two passwords do not match"); } // first check the database to make sure // a user does not already exist with the same username and/or email $user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1"; $result = mysqli_query($db, $user_check_query); $user = mysqli_fetch_assoc($result); if ($user) { // if user exists if ($user['username'] === $username) { array_push($errors, "Username already exists"); } if ($user['email'] === $email) { array_push($errors, "email already exists"); } } // Finally, register user if there are no errors in the form if (count($errors) == 0) { $password = md5($password_1);//encrypt the password before saving in the database $query = "INSERT INTO users (username, email, password) VALUES('$username', '$email', '$password')"; mysqli_query($db, $query); $_SESSION['username'] = $username; $_SESSION['success'] = "You are now logged in"; header('location: index.php'); } } if (isset($_POST['login_user'])) { $username = mysqli_real_escape_string($db, $_POST['username']); $password = mysqli_real_escape_string($db, $_POST['password']); if (empty($username)) { array_push($errors, "Username is required"); } if (empty($password)) { array_push($errors, "Password is required"); } if (count($errors) == 0) { $password = md5($password); $query = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $results = mysqli_query($db, $query); if (mysqli_num_rows($results) == 1) { $_SESSION['username'] = $username; $_SESSION['success'] = "You are now logged in"; header('location: index.php'); }else { array_push($errors, "Wrong username/password combination"); } } } ?> <!DOCTYPE html> <html> <head> <title>Registration system PHP and MySQL</title> <link rel="stylesheet" type="text/css" href="user/login.css"> </head> <body> <div class="header"> <h2>Login</h2> </div> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <?php include('errors.php'); ?> <div class="input-group"> <label>Username</label> <input type="text" name="username" > </div> <div class="input-group"> <label>Password</label> <input type="password" name="password"> </div> <div class="input-group"> <button type="submit" class="btn" name="login_user">Login</button> </div> <p> Not yet a member? <a href="register.php">Sign up</a> </p> </form> </body> </html>
  2. <?php session_start(); include('server.php'); if(isset($_POST['login_user'])) { $username = mysqli_real_escape_string($conn, $_POST['username']); $password = mysqli_real_escape_string($conn, $_POST['password']); $login_query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1"; $login_query_run = mysqli_query($conn, $login_query); if(mysqli_num_rows($login_query_run) > 0) { foreach($login_query_run as $data){ $user_id = $data['id']; $user_username = $data['username']; $user_email = $data['email']; $role = $data['role']; } $_SESSION['auth'] = true; $_SESSION['auth_role'] = "$role"; $_SESSION['auth_username'] = [ 'user_id'=>$user_id, 'user_username'=>$user_username, 'user_email'=>$user_email, ]; if($_SESSION['auth_role'] == 'admin') { $_SESSION['message'] = "welcome to admin dashboard"; header("location: admindashboard.php"); exit(0); } elseif($_SESSION['auth_role'] == 'user') { $_SESSION['message'] = "welcome to dashboard"; header("location: userdashboard.php"); exit(0); } } else { $_SESSION['message'] = "Invalid email or pass"; header("location: login2.php"); exit(0); } } else { $_SESSION['message'] = "You are not allowed"; header("location: login2.php"); exit(0); } ?> The user and admin roles auth is not working for the following code it just redirects to the button pressed page (ex: index.php)
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.