My problem per my instructions
You will need to add an additional field to the members table to specify who is an administrator. This will be manually populated by the database administrator (you)
In the login.php file, you already assigned a session id to members who successfully log in. You will want to write an if statement to determine if the user is an admin and if so, assign a session of admin_id for this user as well (follow the example for member_id)
The non-logged-in and logged-in nav bars are created in index.php. Since an administrator must be a logged-in user, you will add another link (Admin) after the View Profiles link for users who have a $_SESSION[‘admin_id’]. This link will open myadminpage.php (which you will create later).You already have a session_start() at the top of the index.php file, so you don’t have to start a new session.
I feel that i’m missing something and cant seem to get the Admin link to appear only when the admin is logged in.
the code below is my login.php
<?php
ob_start();
session_start();
if(isset($_SESSION['member_id']) != "") {
// redirects to the home page
header("Location: index.php");
}
if(isset($_SESSION['admin_id']) != "") {
// redirects to the home page
header("Location: index.php");
}
?><!DOCTYPE html>
<?php
// require the connection script, end if connection fails
require_once('_connect.php');
if(isset($_POST['login']) && ($_POST['login'] !== "")) {
$email = $_POST['email'];
$password = $_POST['password'];
$select = "SELECT * FROM members WHERE email = '$email'";
$query = mysqli_query($DBConnect, $select);
if($query) {
$row = mysqli_fetch_assoc($query);
if(password_verify($password, $row['password'])) {
if($row['admin_id'] == 1){
$_SESSION['admin_id'] = $row['id'];
}
// Assign session Id to the unique primary key in the table row
$_SESSION['member_id'] = $row['id'];
$fname = $row['fname'];
$lname = $row['lname'];
$_SESSION['member_name'] = "$fname $lname";
header("Location: index.php");
}
else {
$errorMessage = "Incorrect email or password.";
}
}
}
?>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="description">
<title>Chinese Zodiac Social Networking</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<style type="text/css">
body {
background-color: rgba(235,244,251,1);
}
</style>
</head>
<body>
<?php require('includes/_site_nav.php'); ?>
<section class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<form role="form" action="login.php" method="post" name="login_form">
<fieldset>
<legend>Login</legend>
<div class="form-group">
<label for="email">Email</label>
<input type="email" name="email" placeholder="Your Email" required class="form-control">
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" name="password" placeholder="Your Password" required class="form-control">
</div>
<div class="form-group">
<input type="submit" name="login" value="Log In" class="btn btn-info">
</div>
</fieldset>
</form>
<?php
if(isset($errorMessage)) echo "<span class='text-danger'>$errorMessage</span>";
?>
</div>
</div>
<div class="row">
<div class="col-md-4 col-md-offset-4 text-center">
<p>Need an account? <a href="register.php">Register here.</a></p>
</div>
</div>
</section>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous"></script>
<script src="js.bootstrap.min.js"></script>
</body>
</html>
the code below is my index.php
<?php session_start(); ?><!DOCTYPE html>
<?php
require_once('_connect.php');
require_once("includes/_functions.php")
?>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
<meta name="description" content="description">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<title>Chinese Zodiac Social Networking</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/css/bootstrap.min.css" integrity="sha256-MfvZlkHCEqatNoGiOXveE8FIwMzZg4W85qfrfIFBfYc=" crossorigin="anonymous" />
<style type="text/css">
body {
background-color: rgba(235,244,251, 1);
}
</style>
<body>
<?php require('includes/_site_nav.php'); ?>
<div class="container">
<!-- start of dynamic section -->
<?php
if (isset($_SESSION['member_id'])) {
switch($_GET['page']) {
case 'member_profile':
include "includes/_view_member_profile.php";
break;
case 'update_profile':
include "includes/_update_member_profile.php";
break;
case 'login':
include "includes/login.php";
break;
case 'change_password':
include "includes/inc_change_password.php";
break;
default:
include "includes/inc_welcome.php";
break;
} //ends switch
} //ends if
else
{
// If the session id is not set, then display the default page
include "includes/inc_home.php"; // the default page
} //ends else
?>
</div>
<!--Start Bootstrap scripts--->
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js" integrity="sha256-Sk3nkD6mLTMOF0EOpNtsIry+s1CsaqQC1rVLTAy+0yc=" crossorigin="anonymous"></script>
<!--End Bootstrap scripts-->
</body>
</head>
</html>
the code below is my _site_nav.php (inside my includes file)
<nav class="navbar navbar-default" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#cz_navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="index.php">Chinese Zodiac Social Networking</a>
</div>
<div class="collapse navbar-collapse" id="cz_navbar">
<ul class="nav navbar-nav navbar-right">
<?php if (empty($_SESSION['member_id']) === FALSE && empty($_SESSION['member_name']) === FALSE) : ?>
<li class="navbar-text">Signed in as <?= $_SESSION['member_name']; ?></li>
<li><a href="logout.php">Log Out</a></li>
<li><a href="view_member_list.php">View Profiles
<?php elseif (empty($_SESSION['admin_id']) === FALSE) : ?>
<li><a href="myadminpage.php">Admin</a></li>
<?php else : ?>
<li><a href="login.php">Login</a></li>
<li><a href="register.php">Register</a></li>
<li><a href="view_member_list.php">View Profiles</a></li>
<?php endif; ?>
</ul>
</div>
</div>
</nav>
the image of my DB
DB image
the output for the nav bar should display as:
Signed in as [user signed in] Log Out View Profiles Admin
as stated above i’m having trouble to get the Admin to only show up when an admin is logged in. the current output i’m repeatedly getting is the regular members nav bar.
2
Answers
Two major problems:
login.php
needs to check if the email was found. Changeto
index.php
doesn’t show the admin page link because you only check$_SESSION['admin_id']
if$_SESSION['user_id']
is not set. But when the user is an admin, both variables are set. So changeto
Check for this approach. I’ll assume the value in the
admin
column it’s a boolean to check if the user is an admin or not, being1
for the admin,0
to a normal user. When you perform a login, you can check for that value, and update theadmin_id
column with the userid
:then to display the link in your nav, you can do it this way: