Multi User Login

General PHP Help
#1

below is my login page code… i am trying to incorporate multi user login ( admin redirects to admin page, manager to manager page) i have tried absoloutley EVERYTHING and cannot get it done.
Can one of your very smart lovely people please PLEASE PLEASE help me!


<?php
session_start();
error_reporting(0);
include('include/dbconnection.php');

if(isset($_POST['login']))
  {
    $adminuser=$_POST['username'];
    $password=md5($_POST['password']);
    $query=mysqli_query($con,"select ID from tbladmin where  UserName='$adminuser' && Password='$password' ");
    $ret=mysqli_fetch_array($query);
    if($ret>0){
      $_SESSION['pdaid']=$ret['ID'];
     header('location:loading.php');
    }
    else{
    $msg="Invalid Details, Try again or contact site admin.";
    }
  }
  ?>
#2

Start editing your topic title since everybody calls for help out here

1 Like
#3

thanks bud will do …

#4

There aint no thing like multi user login. If you are looking to a way to distinguish different users then add a ROLE column to your user table and use a few different kind of roles like ADMIN or MANAGER. Then redirect the user based on the role he has.

Some advice:

  • during development enable error reporting
  • consider to use PDO instead of Mysqli_ functions. Or at least enable exceptions for mysqli functions during development
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
  • use prepared statements. your query could be injected with SQL. It can kill your whole database!
  • md5 algorithm is not secure anymore. Use a stronger one like BCRYPT or ARGON. Use the standard php password_hash and password_verify functions to hash and to verify your user passwords
  • use mysqli_fetch_assoc instead of mysqli_fetch_array. The latter uses double results
  • if($ret>0) What do you expect $ret to? In my opinion it should be an array containing the requested data or FALSE if an error occurs.
1 Like
#5

You do understand that you must still query to get the user’s current permissions on those two pages (every page request), then use those permissions to control what the user can do and see on those pages.

#6

i have no idea what any of that means, can somebody please help?

#7

You would need to ask specific question(s) to get further help.

Sponsor our Newsletter | Privacy Policy | Terms of Service