I am trying to create 3 different section for Admin, Registered User and General Visitor(Non-registered User). I searched in many places but I did not find any information. Here I give my code for Non-registered user and Registered user.
would you please customize/edit my code for Admin section
Advance thanks
My Index Page:
<?php
require 'header.php';
require 'includes/dbh.inc.php';
?>
<link rel="stylesheet" type="text/css" href="css/index.css">
<title>Home Page</title>
<main>
<?php
if (isset($_SESSION['userId'])) {
echo '<p>You are Loged in!</p>';
}
else{
echo '<p>You are Loged out!</p>';
}
?>
</main>
<?php
require 'footer.php';
?>
My login.inc Page:
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)) {
header("Location: ../login.php?error=emptyfields");
exit();
}
else{
$sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../login.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../login.php?error=wrongpwd");
exit();
}
else if ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: ../index.php?login=success");
exit();
}
else{
header("Location: ../login.php?error=wrongpwd");
exit();
}
}
else{
header("Location: ../login.php?error=nouser");
exit();
}
}
}
}
else{
header("Location: ../login.php");
exit();
}
You have to add a col to your database with the role for every user and then, after the login check set another $_SESSION with the role value. Example:
$_SESSION['role'] = $row['role']
Then check this value every page you need it.