I want to show different content if a user is admin(2), or noarmal user(1). Login works fine, but i don't know hot to check if a user have 'usertype' 1 or 2? I want to use PHP $_SESSION.
This is my login form:
<!-- Log in -->
<form method="post" action="authentication.php">
<input type="text" name="userid" placeholder="E-mail" required/>
<input type="password" name="password" placeholder="Password" required/><br>
<button type="submit" name="submit" class="btn">Log in</button>
</form>
This is my authentication.php:
session_start();
if(isset($_POST['userid']) && isset($_POST['password'])){
$userid = $_POST['userid'];
$password = $_POST['password'];
$dbc = mysqli_connect('localhost', 'root', '', 'news');
if(!$dbc){
echo "Cannot connect to database";
exit;
}
$query = "SELECT * FROM users_tbl WHERE email = '$userid' AND password = sha1('$password')";
$result = $dbc->query($query);
if($result->num_rows)
{
$_SESSION['valid_user'] = $userid;
}
$dbc->close();
}
if(isset($_SESSION['valid_user'])){
header("location:prefs.php");
}else{
header("location:login.php");
echo 'Error';
}
This is what i have tried:
<?php
mysql_connect('localhost', 'root', '');
mysql_select_db('news');
$sql = "SELECT users_tbl.usertype FROM users_tbl";
$result = mysql_query($sql);
$user = mysql_fetch_array($result);
$_SESSION['user'] = $user['user'];
$_SESSION['usertype'] = $user['usertype'];
if($_SESSION['user']['usertype'] == 2)
{?>
<h1>Only admin stuff</h1>
<$? }//Endif user is admin(2) ?>
Maybe instead of doing the query for everytime to check if a user is admin, i could save a $_SESSION['usertype'], and then use this to check if a user is 2, for admin, maybe when a user is loggin in? But i do not know how to do this. I'm quite new at this.
try this
if($_SESSION['usertype'] == 2)
{
//do stuff here
}
if ($_SESSION['usertype']) == 1)
{
//do stuff here
}
edit : if you dont want write so many stuff and you want just include admin stuff inside this one of users just do this
if ($_SESSION['usertype']) == 1 or $_SESSION['usertype']) == 2)
{
//do stuff here for them both admin and users
if($_SESSION['usertype'] == 2 )
{
//do extra stuff here for only admin
}
}
You can save your user type with session variable
Once logged in you need to check with db with the user type for 1 or 2 and store that variable with session variable like $_SESSION['user_type'].
So based on that you can track.
Try to add a column with user type to that table. Check the value of that column while fetching data from the table. If the value is admin, show the text otherwise not.
I realize that this is an old question, however I have spent the last week searching the internet looking for an answer to this question as I have had a similar issue. "echo_Me" had the answer, but I see some incorrect syntax. After toying around with it on a localserver, this is what I did.
if($_SESSION['usertype']) == 1 or $_SESSION['usertype']) ==2)
//> start end < end < < end
{
//do stuff here for them both admin and users
if($_SESSION['usertype'] == 2)
{
//Do other stuff for usertype 2
}
}
You have more End Parenthesis then you do start ones. I set all of the session variables I need when I run the login script for my website. So if I need a session variable, here is how I would handle it:
if($_SESSION['user']['usertype'] == 1 OR $_SESSION['user']['usertype'] == 2) { ?>
// Do Stuff for normal user and admin
<?php } if($_SESSION['user']['usertype'] == 2) { ?>
// DO Stuff for admin only
<?php } ?>
As you can see, the first if statement only has one set of parenthesis. And really, you can remove some of the php code, and just do regular html/css markup then the if statement for usertype of 2 for stuff for admin.
<!-- HTML Markup for both Admin and Regular Users Goes Here above if statement -->
<?php if($_SESSION['user']['usertype'] == 2 { ?>
// Markup for Admin only
<?php } ?>
Also, I would recommend not having the password set in the session variables. In that code, you may have it not do that, I am just unfamiliar with mysqli as I use PDO.