User management in a web application

Hi there,

I am working on the user side of a new webapp. Am coding using php on netbeans. I have a situation as below:

Background:I like the first page (index.php) to have the login page (with link to recover the password if forgotten only). After successful login, user must be checked if is admin or not. If admin, user is given other pages like register and view users with links to edit or delete user accounts. If user is not admin, link is given to perform other normal activities on the app including managing their account (like password change only…)

My problems are below:
i) creating that initial admin account to be used to create the users (either admin or normal user) , whose details will be communicated to them (users) via some other means…(since the app is in-house).
ii) integrating the login on the first page (index.php), and after successful login, user is redirected to respective pages based on their rights and if not successful, user is returned to index.php to login (ofcourse with details of any encountered error).

Grateful for any idea.

Hi there,

You need to have a superadmin account first to use for initial login. With that information, you can then login and start creating new user accounts both for users and admins.

You may structure your table like this:

users(ID, fname, lname, email, password, user_level)

The value for user_level could be “admin” or “user”, which we’re going to use during login to redirect users to respective pages. Your login.php may look like this:
[PHP]
$email=$_POST[‘email’];
$password=$_POST[‘password’];

if(isset($email) && isset($password)){
$rs=mysql_query(“SELECT * FROM users WHERE email=’$email’ AND password=’$password’”) or die(mysql_error());
$row=mysql_fetch_assoc($rs);
if(mysql_num_rows($row)>0){
//login is valid
if($row[‘user_level’]==‘admin’){
//redirect to admin page
}
else{
//redirect to user page
}
}
else{
//invalid email or password
}
}
else{
//invalid login; redirect to error page
}
[/PHP]

Hope this helps…