how create admin login on php website ?

Question

0.00/5 (No votes)

See more:

Hi Guys

My registration page and login form is working fine. If any member register and then login, user come to member.php page. member page has their profile information which is only for members. Now i want to create an admin login in which admin will redirect to admin.php page. This page has all information
like:
about how many user register (done)
all other admin task(done)

I have done my admin pages but i dont know how to authorise admin login and password, if i use those then it will take me to admin area.

Here is my code of login form

XML

<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
  <table width="700" border="0" align="center" cellpadding="2" cellspacing="0">
    <tr>
      <td width="112"><b>User id (Email-id)</b></td>
      <td width="188"><input name="user_email" type="text" class="textfield" id="login" /></td>
    </tr>
    <tr>
      <td><b>Password</b></td>
      <td><input name="password" type="password" class="textfield" id="password" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Login" /></td>
    </tr>
  </table>
</form>
</body>
</html>

code for login-exec.php

PHP

<?php
    //Start session
    session_start();

    //Include database connection details
    require_once('config.php');

    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Connect to mysql server
   
   

    //Select database
    ----something----

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values
    $user_email = clean($_POST['user_email']);
    $pwd = clean($_POST['password']);

    //Input Validations
    if($user_email == '') {
        $errmsg_arr[] = 'Login ID missing';
        $errflag = true;
    }
    if($pwd == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }

    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: login-form.php");
        exit();
    }

    //Create query
    $qry="SELECT * FROM customer WHERE user_email='$user_email' AND password='$pwd' ";

    if ($user_email= )

    $result=mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $customer = mysql_fetch_assoc($result);
            $_SESSION['SESS_id'] = $customer['id'];
            $_SESSION['SESS_fname'] = $customer['first_name'];
            $_SESSION['SESS_lname'] = $customer['last_name'];
            session_write_close();
            header("location: member-index.php");
            exit();
        }else {
            //Login failed
            header("location: login-failed.php");
            exit();
        }
    }else {
        die("Query failed");
    }
?>

Posted 5-Apr-12 1:52am

Peta2010

Updated 3-Feb-18 4:22am

Add a Solution

Comments

Peta2010 5-Apr-12 10:26am

any other link by which i can study how authorized an admin in php

Peta2010 5-Apr-12 11:22am

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

SamarRizvi · Accepted Answer · 2012-04-08T02:28:00

You need to have RBAC(Role Based Access Control). In the table of users in db, assign roles to them such as who is admin, who is editor,etc. Then, simply check the username, password, and role and then redirect the user to the respective page. Also in the admin page itself you should keep a check whether user is logged in and has the role of admin.

Hope this helps.