skip to Main Content

My problem per my instructions

You will need to add an additional field to the members table to specify who is an administrator. This will be manually populated by the database administrator (you)
In the login.php file, you already assigned a session id to members who successfully log in. You will want to write an if statement to determine if the user is an admin and if so, assign a session of admin_id for this user as well (follow the example for member_id)
The non-logged-in and logged-in nav bars are created in index.php. Since an administrator must be a logged-in user, you will add another link (Admin) after the View Profiles link for users who have a $_SESSION[‘admin_id’]. This link will open myadminpage.php (which you will create later).You already have a session_start() at the top of the index.php file, so you don’t have to start a new session.

I feel that i’m missing something and cant seem to get the Admin link to appear only when the admin is logged in.

the code below is my login.php

<?php
ob_start();
session_start();

if(isset($_SESSION['member_id']) != "") {
    // redirects to the home page
    header("Location: index.php");
}
if(isset($_SESSION['admin_id']) != "") {
    // redirects to the home page
    header("Location: index.php");
}
?><!DOCTYPE html>

<?php
// require the connection script, end if connection fails
require_once('_connect.php');

if(isset($_POST['login']) && ($_POST['login'] !== "")) {
    $email = $_POST['email'];
    $password = $_POST['password'];

    $select = "SELECT * FROM members WHERE email = '$email'";
    $query = mysqli_query($DBConnect, $select);

    if($query) {
        $row = mysqli_fetch_assoc($query);

        if(password_verify($password, $row['password'])) {
            if($row['admin_id'] == 1){
            $_SESSION['admin_id'] = $row['id'];
            }
            
            // Assign session Id to the unique primary key in the table row
            $_SESSION['member_id'] = $row['id'];

            $fname = $row['fname'];
            $lname = $row['lname'];
            $_SESSION['member_name'] = "$fname $lname";
            header("Location: index.php");
        }
        
        else {
            $errorMessage = "Incorrect email or password.";
        }
    }
}
?>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="description">
    <title>Chinese Zodiac Social Networking</title>
    <link href="css/bootstrap.min.css" rel="stylesheet">
    <style type="text/css">
        body {
            background-color: rgba(235,244,251,1);
        }
    </style>
</head>
<body>

<?php require('includes/_site_nav.php'); ?>

<section class="container">
    <div class="row">
        <div class="col-md-4 col-md-offset-4">
            <form role="form" action="login.php" method="post" name="login_form">
                <fieldset>
                    <legend>Login</legend>

                    <div class="form-group">
                        <label for="email">Email</label>
                        <input type="email" name="email" placeholder="Your Email" required class="form-control">
                    </div>

                    <div class="form-group">
                        <label for="password">Password</label>
                        <input type="password" name="password" placeholder="Your Password" required class="form-control">
                    </div>

                    <div class="form-group">
                        <input type="submit" name="login" value="Log In" class="btn btn-info">
                    </div>
                </fieldset>
            </form>
            <?php
            if(isset($errorMessage)) echo "<span class='text-danger'>$errorMessage</span>";
            ?>
        </div>
    </div>
    <div class="row">
        <div class="col-md-4 col-md-offset-4 text-center">
            <p>Need an account? <a href="register.php">Register here.</a></p>
        </div>
    </div>
</section> 
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
  crossorigin="anonymous"></script>
<script src="js.bootstrap.min.js"></script>  
</body>
</html>

the code below is my index.php

<?php session_start(); ?><!DOCTYPE html>
<?php
require_once('_connect.php'); 
require_once("includes/_functions.php")
?>

<html lang="en">
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
  <meta name="description" content="description">
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
  <title>Chinese Zodiac Social Networking</title>
  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/css/bootstrap.min.css" integrity="sha256-MfvZlkHCEqatNoGiOXveE8FIwMzZg4W85qfrfIFBfYc=" crossorigin="anonymous" />
  <style type="text/css">
    body {
      background-color: rgba(235,244,251, 1);
    }
  </style>
<body>

<?php require('includes/_site_nav.php'); ?>

<div class="container">
<!-- start of dynamic section -->
<?php
if (isset($_SESSION['member_id'])) {
switch($_GET['page']) {
case 'member_profile':
include "includes/_view_member_profile.php";
break;
case 'update_profile':
include "includes/_update_member_profile.php";
break;
case 'login':
include "includes/login.php";
break;
case 'change_password':
include "includes/inc_change_password.php";
break;
default:
include "includes/inc_welcome.php";
break;
} //ends switch
} //ends if
else
{
// If the session id is not set, then display the default page
include "includes/inc_home.php"; // the default page
} //ends else
?>
</div>

<!--Start Bootstrap scripts--->
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js" integrity="sha256-Sk3nkD6mLTMOF0EOpNtsIry+s1CsaqQC1rVLTAy+0yc=" crossorigin="anonymous"></script>
<!--End Bootstrap scripts-->
</body> 


</head>
</html>

the code below is my _site_nav.php (inside my includes file)

<nav class="navbar navbar-default" role="navigation">
    <div class="container-fluid">
        <div class="navbar-header">
            <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#cz_navbar">
                <span class="sr-only">Toggle navigation</span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="navbar-brand" href="index.php">Chinese Zodiac Social Networking</a>
        </div>
        <div class="collapse navbar-collapse" id="cz_navbar">
            <ul class="nav navbar-nav navbar-right">
                <?php if (empty($_SESSION['member_id']) === FALSE && empty($_SESSION['member_name']) === FALSE) : ?>
                    <li class="navbar-text">Signed in as <?= $_SESSION['member_name']; ?></li>
                    <li><a href="logout.php">Log Out</a></li>
                    <li><a href="view_member_list.php">View Profiles
                        <?php elseif (empty($_SESSION['admin_id']) === FALSE) : ?>
                    <li><a href="myadminpage.php">Admin</a></li>
                <?php else : ?>
                    <li><a href="login.php">Login</a></li>
                    <li><a href="register.php">Register</a></li>
                    <li><a href="view_member_list.php">View Profiles</a></li>
                <?php endif; ?>
            </ul>
        </div>
    </div>
</nav>

the image of my DB
DB image

the output for the nav bar should display as:

 Signed in as [user signed in] Log Out View Profiles Admin

as stated above i’m having trouble to get the Admin to only show up when an admin is logged in. the current output i’m repeatedly getting is the regular members nav bar.

2

Answers


  1. Two major problems:

    1. login.php needs to check if the email was found. Change
        if(password_verify($password, $row['password'])) {
    

    to

        if($row && password_verify($password, $row['password'])) {
    
    1. index.php doesn’t show the admin page link because you only check $_SESSION['admin_id'] if $_SESSION['user_id'] is not set. But when the user is an admin, both variables are set. So change
    <?php elseif (empty($_SESSION['admin_id']) ===FALSE ): ?>
    

    to

    <?php if (isset($_SESSION['admin_id'])): ?>
    
    Login or Signup to reply.
  2. Check for this approach. I’ll assume the value in the admin column it’s a boolean to check if the user is an admin or not, being 1 for the admin, 0 to a normal user. When you perform a login, you can check for that value, and update the admin_id column with the user id:

        if(password_verify($password, $row['password'])) {
            if($row['admin'] == 1 && $row['admin_id'] == '0'){
                // I will not use prepared statements since i think you're doing a learning exercise, but this is not the way to do it, you'll learn after. 
                mysqli_query($DBConnect, "UPDATE members SET admin_id = {$row['id']} WHERE id = {$row['id']}");
                $_SESSION['admin_id'] = $row['id'];
            }
        
            // Assign session Id to the unique primary key in the table row
            $_SESSION['member_id'] = $row['id'];
        
            //Check if the admin_id row is set to different value than 0 and if not already set on the $_SESSION superglobal for the next time the user logs in again.
            if (!isset($_SESSION['admin_id']) && $row['admin_id'] != 0) {
                $_SESSION['admin_id'] = $row['admin_id'];
            }
        
            $fname = $row['fname'];
            $lname = $row['lname'];
            $_SESSION['member_name'] = $fname . " " . $lname; //Concatenate a space in middle of first name and last name for better readability.
            header("Location: index.php");
        } else {
            $errorMessage = "Incorrect email or password.";
        }
    

    then to display the link in your nav, you can do it this way:

    <ul class="nav navbar-nav navbar-right">
        <?php if (isset($_SESSION['member_id']) && isset($_SESSION['member_name'])) : ?>
            <li class="navbar-text">Signed in as <?= $_SESSION['member_name']; ?></li>
            <li><a href="logout.php">Log Out</a></li>
            <li><a href="view_member_list.php">View Profiles</a></li>
            <?php if (isset($_SESSION['admin_id']) && $_SESSION['admin_id'] != 0) : ?>
                <li><a href="myadminpage.php">Admin</a></li>
            <?php endif; ?>
        <?php else : ?>
            <li><a href="login.php">Login</a></li>
            <li><a href="register.php">Register</a></li>
            <li><a href="view_member_list.php">View Profiles</a></li>
        <?php endif; ?>
    </ul>
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search