How create admin login on php website?
My registration page and login form is working fine. If any member register and then login, user come to member.php page. member page has their profile information which is only for members. Now i want to create an admin login in which admin will redirect to admin.php page. This page has all information like: about how many user register (done) all other admin task(done)
I have done my admin pages but i dont know how to authorise admin login and password, if i use those then it will take me to admin area.
Here is my code of login form
<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
<table width="700" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td width="112"><b>User id (Email-id)</b></td>
<td width="188"><input name="user_email" type="text" class="textfield" id="login" /></td>
</tr>
<tr>
<td><b>Password</b></td>
<td><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Login" /></td>
</tr>
</table>
</form>
</body>
</html>
code for login-exec.php
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
//Select database
----something----
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$user_email = clean($_POST['user_email']);
$pwd = clean($_POST['password']);
//Input Validations
if($user_email == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($pwd == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}
//Create query
$qry="SELECT * FROM customer WHERE user_email='$user_email' AND password='$pwd' ";
if ($user_email= )
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$customer = mysql_fetch_assoc($result);
$_SESSION['SESS_id'] = $customer['id'];
$_SESSION['SESS_fname'] = $customer['first_name'];
$_SESSION['SESS_lname'] = $customer['last_name'];
session_write_close();
header("location: member-index.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
?>
Answer
You can have an extra field in your database for all members including admin to set user permission to store user permissions. If that field is admin you can have admin area for that user else if it is member than you can go for member area.