Logging in administrator account into single login page

Enigmatic

Hi everyone,

I want to try and log in as an administrator, but instead of logging into the default page I want to log into another one while using the same login.php that I've created for all users. I've tried using ' if ($_SESSION['admin'] = 0) { ' et al, but it didn't work. Mind you, I've gone about doing things a little complicated, I've created a php file for mysql_connect, sessions etc, I've named the default "default.php", and the username I want to log in is called "admin" and send the logged-in to "admin.php":

SESSION.PHP

<?php
	session_start();

function logged_in() 
{
	return isset($_SESSION['users_id']);
}

function confirm_logged_in() 
{
	if (!logged_in()) {
		redirect_to("login.php");
	}else if ($_SESSION['access'] == 0){
		redirect_to("../index.php");
	}
}

function admin_logged_in() 
{
	if ($_SESSION['access'] == 2 || $_SESSION['access'] == 3)
	{
		return true;

	}
}


?>

LOGIN.PHP

<?php require_once("includes/session.php")?>
<?php require_once("includes/mysql_connect.php")?>
<?php
if (logged_in()) {
	if($_SESSION['access'] != 0)
	{
		redirect_to("default.php");
	}else{
		redirect_to("index.php");
	}
}
// START FORM PROCESSING
if (isset($POST['submit'])) // Form has been submitted.
{
$username = $POST['username'];
$password = $_POST['password'];
//$random = '^#$%6345'; // add correct password salting and sha later
//$hashed_password = sha1($random.$username.$password); // add correct password salting and sha later
	// Check database to see if username and the password exist there.
	$query = "SELECT users_id, username, access 
			FROM users 
			WHERE username = '{$username}' 
			AND password = '{$password}' LIMIT 1";

	$result_set = mysqli_query ($dbc, $query);
	check_qry($result_set);

	if (mysqli_num_rows($result_set) == 1) 
            {

		// username/password authenticated
		// and only 1 match
		$found_user = mysqli_fetch_array($result_set);
		$_SESSION['users_id'] = $found_user['users_id']; // will use for author id
		$_SESSION['username'] = $found_user['username'];
		$_SESSION['access'] = $found_user['access'];


		if($_SESSION['access'] != 0)
		{
			redirect_to("insert.php");
		}else{
			redirect_to("index.php");
		}
	} else {
		// username/password combo was not found in the database
		$message = "Username/password combination incorrect.<br />Please make sure your caps lock key is off and try again.";
	} 

} else { // Form has not been submitted.
	if (isset($_GET['logout']) && $_GET['logout'] == 1) {
		if (isset($_GET['username']))
		{
			$message = "You are now logged out ".$_GET['username'].".";
		}else{
			$message = "You are now logged out.";
		}
	} 
	$username = "";
	$password = "";
}
?>

<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>

<div class="loginbox">
<div class="loginform">
<form action="login.php" method="post">
<h2>Login</h2>
<label>Username</label><br />
<input type="text" name="username" maxlength="30" /><br />
<label>Password</label><br />
<input type="password" name="password" maxlength="30" /><br />
<input type="submit" name="submit" value="Login" />
</form>
</div>
</div>

Any suggestions on how I should do this?:bemused:

sneakyimp

Is it working? I did notice that you don't bother to check if your query is successful:

$result_set = mysqli_query ($dbc, $query);

Sometimes queries don't work so you should check for an error condition.