Home/ Questions/Q 6785969
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T17:11:25+00:00

my website has separate tables for users and admin now i want to give

  • 0

my website has separate tables for users and admin

now i want to give the privilege to access admin area to some users

my problem is with admin and users table

i dont know if i should copy authentication data from user table to the admin table so they can login in to the admin are , or perform a query to search both tables for username and password and just use level column to verify their access?

something like this ? 

$sql = "select `password` , `level` from `admin` where `username` = '$username' UNION
(SELECT `password` , `level` FROM `users` where `username` = '$username') LIMIT 1 ";
$result = $db->query($sql);

while($row = mysql_fetch_assoc($result)){
if($password == $row['passwor'] && $row['level'] != 0)
echo 'welcom to admin area';
else
echo 'login faild';
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I see you are storing passwords in the clear in your database.
    This is a major security risk and should never be done.
    Passwords should always be stored as salted hashes using a secure hash function.
    I also fail to see the use for separate tables for admins and non-admins.

    I recommend you alter your table layout.

    table user
-------------
id unsigned integer auto_increment primary key,
username varchar(100) not null,
salt varchar(20) not null,
passhash varchar(48) not null,
isadmin boolean not null default false

    Query your table with:

    SELECT u.id, u.isadmin FROM user u
WHERE u.username = '$username' 
  AND passhash = SHA2(CONCAT(u.salt, '$password'),512)
  AND isadmin = 1

    When creating a user use:

    INSERT INTO user (username, salt, passhash, isadmin) 
   VALUES ('$username', '$salt', SHA2(CONCAT('$salt','$password'),512), '$isadmin')
    • 0