Home/ Questions/Q 8769811
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T17:26:00+00:00

I made a login/logout page, but now I i’ll like to separate the admin

  • 0

I made a login/logout page, but now I i’ll like to separate the admin from regular users as they login. What I am trying to do is to have regular users just view available files, and the admins well of course they will be able to view and edit those files.

Now my set up:

Login.php

    <?php
session_start();
include("password.php");
require_once "config.php";

/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$JAVASCRIPT = array();
$mode = $_GET["mode"];
/* Template */

require_once $TEMPLATE_PATH."header.php";

if ($mode == "login") { /// do after login form is submitted
     if ($USERS[$_POST["username"]]==$_POST["password"]) { /// check if submitted username and password exist in $USERS array
          $_SESSION["login"]=$_POST["username"];
          header("location:index.php");
     } else {
          echo "Incorrect username/password. Please, try again.";
     };
} else if ($mode == "logout") {
      session_start();
      unset($_SESSION["login"],$USERS);
      header("location: login.php");
      exit(0);
};
echo <<< XHTML

    <h1>$TITLE</h1>
    <form id="form" method="post" action="{$LOGIN_URL}?mode=login">
        <label id="username_label" for="username" class="normal">Username</label> :<br />
        <input id="username" name="username" type="text" value="" class="half" /><br />
        <label id="password_label" for="password" class="normal">Password</label> :<br />
        <input id="password" name="password" type="password" value="" class="half" /><br />
        <input id="submits" type="submit" value="Login" />
    </form>

XHTML;

require_once $TEMPLATE_PATH . "footer.php";

?>

Password.php (verifies users and passwords)

<?php 
$USERS["drodrig1"] = "pwd1"; 
$USERS["jsutta"] = "pwd2"; 
$USERS["username3"] = "pwd3"; 

function check_logged(){ 
     global $_SESSION, $USERS; 
     if (!array_key_exists($_SESSION["login"],$USERS)) { 
          header("Location: login.php");
          exit(0);
     };
};
?>

Config.php 

<?php

$ASSETS_URL = "https://url-link/formationXX/assets/";
$ASSETS_PATH = "serverpath/formationXX/assets/";
$TEMPLATE_URL = "https://url-link/formationXX/assets/template/";
$TEMPLATE_PATH = "serverpath/formationXX/assets/template/";
$LOGIN_URL = "https://url-link/formationXX/login.php";
$LOGIN_PATH = "serverpath/formationXX/login.php";

?>

Index.php (After login, this is where I want to see admin differentiate from regular user. The admin should be able so see and edit the following: CSS, JS, Email, PDF and Spread Sheet. Meanwhile user can only view all except: CSS, JS)

<?php

require_once "config.php";
session_start(); /// initialize session
include("password.php"); 
check_logged(); /// function checks if visitor is logged.

/* Constants */
$TITLE = "Formation - User Login";
$CSS = array("assets/css/formation.css");
$JAVASCRIPT = array();
/* Template */

require_once $TEMPLATE_PATH."header.php";

echo <<< XHTML
        <form id="form" method="post" action="{$LOGIN_URL}?mode=login">
          <div class="full row column">
            <h1>{$TITLE}</h1>
          </div>
          <div class="full row column">
            <div class="half column small">
              <p>Logged in as: <strong>{$_SESSION["login"]}</strong> | <a href="{$LOGIN_URL}?mode=logout" class="small">Logout</a></p><br />
              Add Form | Delete Selected Form(s)
            </div>
          </div>
          <div class="full row column">
            <table id="formslist" cellpadding="0" cellspacing="0">
              <th>
                <tr>
                  <td class="form_select">
                    <input id="selectallforms" name="selectallforms" type="checkbox" value="Select All Forms" />
                  </td>
                  <td class="form_id">
                    ID
                  </td>
                  <td class="form_url">
                    URL
                  </td>
                  <td class="form_dates">
                    Launch Date
                  </td>
                  <td class="form_dates">
                    Expiration Date
                  </td>
                  <td class="form_autofill">
                    Autofill
                  </td>
                  <td class="form_save">
                    **CSS**
                  </td>
                  <td class="form_save">
                    **JS**
                  </td>
                  <td class="form_save">
                    Email
                  </td>
                  <td class="form_save">
                    PDF
                  </td>                  
                  <td class="form_dates">
                    Spread sheet
                  </td>
                </tr>
              </th>
            </table>
          </div>
        </form>
XHTML;

require_once $TEMPLATE_PATH . "footer.php";

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When user that is logged in tries to edit something you should check if that user has enough privileges to do so.

    For example, here is your users:

    $USERS["drodrig1"]['passw'] = "pwd1"; 
$USERS["jsutta"]['passw'] = "pwd2"; 
$USERS["username3"]['passw'] = "pwd3"; 

$USERS["drodrig1"]['level'] = 0; 
$USERS["jsutta"]['level'] = 1; 
$USERS["username3"]['level'] = 0;

    And here is how we check if user can or can’t do something:

    if ($_GET['action'] === 'edit' && $USERS[$_SESSION["login"]]['level'] === 1) {
    // Go to function where users changes gets saved to files or db:
    saveChanges($_POST);
} else {
    die("<h1>Sorry, you cant do that!</h1>");
}

    Btw, there is many problems in your code but still it is good for learning PHP.

    • 0