lfc78 Posted October 18, 2018 Share Posted October 18, 2018 Hi how can I create a single login form for different users. For example: I have two users such as ’admin’ and ’user’, so the pages accessed by them will be different. How should I do? I hope someone wants to help me here is my file CREATE TABLE `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `first_name` varchar(255) DEFAULT NULL, `last_name` varchar(255) DEFAULT NULL, `email` varchar(255) DEFAULT NULL, `username` varchar(255) DEFAULT NULL, `hashed_password` varchar(255) DEFAULT NULL, `type` enum('admin','user') NOT NULL, PRIMARY KEY (`id`), KEY `index_username` (`username`) ); login_functions.php <?php function log_in_users($users) { session_regenerate_id(); $_SESSION['id'] = $users['id']; $_SESSION['last_login'] = time(); $_SESSION['username'] = $users['username']; $_SESSION['first_name'] = $users['first_name']; $_SESSION['type'] = $users['type']; return true; } function log_out_users() { unset($_SESSION['id']); unset($_SESSION['last_login']); unset($_SESSION['username']); return true; } return isset($_SESSION['id']); } function require_login() { if(!is_logged_in()) { redirect_to(url_for('login.php')); } else { } } ?> query_funktion.php <?php function find_users_by_type($type) { global $db; $sql = "SELECT * FROM users "; $sql .= "WHERE type='" . db_escape($db, $type_user) . "' "; $sql .= "LIMIT 1"; $result = mysqli_query($db, $sql); confirm_result_set($result); $users = mysqli_fetch_assoc($result); // find first mysqli_free_result($result); return $users; // returns an assoc. array } function find_users_by_username($username) { global $db; $sql = "SELECT * FROM users "; $sql .= "WHERE username='" . db_escape($db, $username) . "' "; $sql .= "LIMIT 1"; $result = mysqli_query($db, $sql); confirm_result_set($result); $users = mysqli_fetch_assoc($result); // find first mysqli_free_result($result); return $users; // returns an assoc. array } ?> Login.php <?php require_once('includes/initialize.php'); $errors = []; $type = ''; $username = ''; $password = ''; if(is_post_request()) { $type = $_POST['type'] $username = $_POST['username'] ?? ''; $password = $_POST['password'] ?? ''; if(is_blank($username)) { $errors[] = "Username cannot be blank."; } if(is_blank($password)) { $errors[] = "Password cannot be blank."; } $users= find_users_by_type($type_user); if($users) { if(password_verify($password, $users,['hashed_password'])) { log_in_users($type_user); redirect_to('admin/index.php'); } elseif { log_in_users($users); redirect_to('index.php'); } else { $errors[] = $login_failure_msg; } } if(empty($errors)) { // Using one variable ensures that msg is the same $login_failure_msg = "Log in was unsuccessful."; $users = find_users_by_username($username); if($users) { if(password_verify($password, $users['hashed_password'])) { log_in_users($users); redirect_to('index.php'); } else { $errors[] = $login_failure_msg; } } else { $errors[] = $login_failure_msg; } } } ?> lfc78 Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 18, 2018 Share Posted October 18, 2018 (edited) I think you should start with re-examining your logic. There are many problems with the code. Pay particular attention to the error handling. And what the heck is is_post_request and is_blank? Edited October 18, 2018 by benanamen Quote Link to comment Share on other sites More sharing options...
requinix Posted October 18, 2018 Share Posted October 18, 2018 Make all the login and logout stuff work the same for everyone. There's really no reason why it has to be different. When they log in you can decide where to send them next based on their user type. And individual pages will check that user type to see if the user is allowed. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 19, 2018 Share Posted October 19, 2018 As Requinix said. Use your database record to assign "values" to a user's session once he/she is authenticated. Same login for everyone, just different responses from the logon query. Assign a token that determines if a user is logged on for all of your later scripts check for, as well as a "status" or something to identify the level of access that the user has. Session vars would be good for this. I use a secondary table that assigns multiple values to a user (one record for each value all with the same user id). When a user logs in the process verifies the uid and password and if successful, it returns an array of all of the assigned security values. In my later processes I have an assigned value for each page/script and when the user attempts to access that page/script I compare the page's security value (all stored in another 'page table') to the user's array of codes to see if he/she has that one. As for the code you posted.... Too many unknowns for us to diagnose. Really. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.