How to create Login for both admin and user
Posted: Mon Mar 01, 2010 5:58 am
I'm building an app for myself but im stuck in trying to create different sessions for admin and user at login stage.
Please can anyone help me to figure out how I can create login session for admin and user and assign different rights to them. I need help
Below is my code for admin login...
<?php
// process the script only if the form has been submitted
if(array_key_exists('login',$_POST)){
//start the session
session_start();
$uname = trim($_POST['uname']);
$password = trim($_POST['password']);
//connect to the database as a restricted user
include('database.php');
//prepare username for use in SQL query
$md5pass = md5($_POST['password']);
$uname = mysql_real_escape_string($uname);
//get the username's details from database
$sql = "SELECT userName
FROM admin_tbl WHERE userName= '$uname' AND
password = '$md5pass' AND
admin_activated ='2' ";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if($row != 0 ){
$_SESSION['admin'] = $uname;
}
//if no match, destroy the session and prepare error message
else{
$_SESSION = array();
session_destroy();
$error = array();
$error[] = 'Invalid username or password';
}
// if the session variable has been sent, redirect
if(isset($_SESSION['admin'])){
//get the time the session started
$_SESSION['start'] = time();
header('Location: index.php');
exit;
}
}
?>
Please can anyone help me to figure out how I can create login session for admin and user and assign different rights to them. I need help
Below is my code for admin login...
<?php
// process the script only if the form has been submitted
if(array_key_exists('login',$_POST)){
//start the session
session_start();
$uname = trim($_POST['uname']);
$password = trim($_POST['password']);
//connect to the database as a restricted user
include('database.php');
//prepare username for use in SQL query
$md5pass = md5($_POST['password']);
$uname = mysql_real_escape_string($uname);
//get the username's details from database
$sql = "SELECT userName
FROM admin_tbl WHERE userName= '$uname' AND
password = '$md5pass' AND
admin_activated ='2' ";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
if($row != 0 ){
$_SESSION['admin'] = $uname;
}
//if no match, destroy the session and prepare error message
else{
$_SESSION = array();
session_destroy();
$error = array();
$error[] = 'Invalid username or password';
}
// if the session variable has been sent, redirect
if(isset($_SESSION['admin'])){
//get the time the session started
$_SESSION['start'] = time();
header('Location: index.php');
exit;
}
}
?>