i don't know very how to say this but i'll try, let's see, i have the page admin.php and the page user.php, the posibility to log in with specific role for admin exist with:
<?php
session_start();
// conectare la baza de date
$db = mysqli_connect("localhost", "root", "", "inregistrare");
if (isset($_POST['login_btn'])) {
$username = mysqli_real_escape_string($db,$_POST['username']);
$password = mysqli_real_escape_string($db,$_POST['password']);
$password = md5($password); // parola cryptata
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($db, $sql);
if (mysqli_num_rows($result) == 1) {
$_SESSION['username'] = $username;
$user = mysqli_fetch_assoc($result);
if($user['role'] == 'admin'){
header("location: admin.php");
}else{
header("location: clasa.php");
}
}else{
$_SESSION['message'] = "Parola gresita!";
}
}
?>
my problem is i want the users/admins from admin.php to have posibility to edit the user.php to edit something a <p>, a <input> whatever to apply CSS and the normal user can't edit
答案 0 :(得分:0)
In your validation:
if($user['role'] == 'admin'){
header("location: admin.php");
}else{
header("location: clasa.php");
}
Add:
if($user['role'] == 'admin'){
$_SESSION['role']='admin';
header("location: admin.php");
}else{
$_SESSION['role']='user';
header("location: clasa.php");
}
Then in your user.php:
if($_SESSION['role']=='admin'){
//add admin features that allow editing
}else{
//add whatever else functions
}