I have been trying to create an admin area using a bool of admin being 1 and user being 0.
However, when I login regardless if the user is admin or not, I am returned to the homepage instead of being directed to the admin page. Here is my code
function loginUser ($conn, $username, $password){
$usernameExists = usernameExists($conn, $username);
if ($usernameExists === false){
header("location: ../login.php?error=incorrectLogin");
exit();
}
$passwordHash = $usernameExists["password"];
$checkPassword = password_verify($password, $passwordHash);
if ($checkPassword === false){
header("location: ../login.php?error=incorrectPassword");
exit();
}
elseif ($checkPassword === true){
session_start();
$sql="select * from users where username='".$username."' AND password ='".$password."'";
$result=mysqli_query($conn, $sql);
$row = mysqli_fetch_array($result);
$_SESSION["id"] = $usernameExists["id"];
$_SESSION["username"] = $usernameExists["username"];
$_SESSION["is_admin"] = $usernameExists["is_admin"];
if($row['is_admin'] == 1){
header("location: ../adminArea/admin.php");
}
else {
header("location: ../Home.php?error=none");
echo "Welcome " . $_SESSION['username'];
exit();
}
}
}
Any help is greatly appreciated