php - how to add condition if user is admin route it to admin panel if other user route it to other panel after success login?
I have two files one is controller.php and other is model.php.
controller.php
<?php
if (isset($_POST['btn_login_user']))
{
$login_user=login_user($_POST['email'],$_POST['password']);
if ($login_user){
@$msg = '
<div class="alert text-center alert-success alert-dismissible fade show" role="alert">
You logged in!
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="dash_user.php";},5000);
</script>';
}else{
@$msg = '
<div class="alert text-center alert-warning alert-dismissible fade show" role="alert">
Failed to login!
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="index.php";},20000);
</script>';
}
}
in here I have model.php model.php
<?php
function login_user($email,$password)
{
global $conn;
$password = md5($password);
$sql = ("SELECT * FROM `user` WHERE `us_name`=? AND `us_pwd`=?");
$res = $conn->prepare($sql);
$res->bindValue(1, $email);
$res->bindValue(2, $password);
$res->execute();
if ($res->rowCount() >= 1) {
{
$row = $res->fetch(PDO::FETCH_ASSOC);
$userSession = array(
'us_id' => $row['us_id'],
'rul_id' => $row['rul_id'],
'us_pwd' => $row['us_pwd'],
'us_name' => $row['us_name'],
);
$_SESSION['login_user'] = $userSession;
}
return true;
}
return false;
}
?>
would you please advice me how to where and how to add condition in these files to redirect by condition, like for Admin user if logged in redirect it to ad_index.php and for Normal user if logged in then redirect it to us_index.php
Answer
Solution:
Method to set Role Base Authentication
i have hosted a website in heroku for testing i have use the below method for role base work
like admin , teacher, student
https://ipd-kiu.herokuapp.com/login
email and passwords for admin
admin@gmail.com
admin123
email and passwords for student
test@gmail.com
test123
email and passwords for instructor
naeem@gmail.com
naeem123
Step one i have Edit my users table and add additional column role.
Step two
i have edit my login method in controller as below
public function postLogin(Request $request , Exception $exception)
{
$request->validate([
'email' => 'required',
'password' => 'required',
]);
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
return redirect()->intended('dashboard')
->withSuccess('You have Successfully loggedin');
}else{
return "sorry their is an erro please try again ." . $exception ;
}
return redirect("login")->withSuccess('Oppes! You have entered invalid credentials');
}
Step three
now i will redirect to the dashboard page after login success here i have to protect your data
like below
their are different users in my login table with different role like instructor , admin , student
in my case the auth work will be
{{-- works of admin --}}
@if (Auth()->user()->role == 'admin')
//works of admin
@endif
{{-- works of student--}}
@if (Auth()->user()->role == 'student')
//works of student
@endif
{{-- works of instructor--}}
@if (Auth()->user()->role == 'instructor')
//works of instructor
@endif
This is a general guide related to your question.
Answer
Solution:
Here I tried another method and working smoothly: Model_login.php
<?php
//session login page
function login_user($email,$password)
{
global $conn;
$password = md5($password);
$sql = ("SELECT * FROM `user` WHERE `us_name`=? AND `us_pwd`=?");
$res = $conn->prepare($sql);
$res->bindValue(1, $email);
$res->bindValue(2, $password);
$res->execute();
if ($res->rowCount() >= 1) {
{
$row = $res->fetch(PDO::FETCH_ASSOC);
$userSession = array(
'us_id' => $row['us_id'],
'rul_id' => $row['rul_id'],
'us_pwd' => $row['us_pwd'],
'us_name' => $row['us_name'],
);
$_SESSION['login_user'] = $userSession;
}
return true;
}
return false;
}
?>
Here I used case method in controller: controller_login.php
<?php
if (isset($_POST['btn_login_user']))
{
$login_user=login_user($_POST['email'],$_POST['password']);
if ($login_user){
switch($_SESSION['login_user']['rul_id']) {
case "1": // Admin user
@$msg = '
<div class="alert text-center alert-success alert-dismissible fade show" role="alert">
You logged in successfully!
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="ad_index.php";},2000);
</script>';
break;
case "2": // employee user
@$msg = '
<div class="alert text-center alert-success alert-dismissible fade show" role="alert">
You logged in successfully!
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="us_index.php";},2000);
</script>';
break;
case "3": // student user
@$msg = '
<div class="alert text-center alert-success alert-dismissible fade show" role="alert">
You logged in successfully!
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="st_index.php";},2000);
</script>';
break;
}
}else{
@$msg = '
<div class="alert text-center alert-warning alert-dismissible fade show" role="alert">
Failed to login!
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="index.php";},3000);
</script>';
}
}
as you can see if case=1 it is admin right and routing to ad_index.php, for case=2 it is employee right and routing to us_index.php and for case=3 it is routing to st_index.php. hope you enjoyed too.
Source