When I log in as an admin the login page just refreshes but when I log in as a regular user there is no problem,
This is my code, I need some help :
if($SERVER['REQUEST_METHOD'] == "POST")
{
//something was posted
$user_name = $POST['user_name'];
$password = $_POST['password'];


			  // check if the username and password are not empty
			  if(!empty($user_name) && !empty($password)) {
				// get the user data from the regular users table
				$query = "SELECT * FROM users WHERE user_name = '$user_name' AND password = '$password' LIMIT 1";
				$result = mysqli_query($con, $query);
				if($result && mysqli_num_rows($result) > 0) {
				  // login successful
				  $user_data = mysqli_fetch_assoc($result);
				  $_SESSION['user_id'] = $user_data['user_id'];
				  // redirect to the regular user page
				  header("Location: index.php");
				  exit;
				} else {
				  // check the admin users table
				  $query = "SELECT * FROM admin_users WHERE user_name = '$user_name' AND password = '$password' LIMIT 1";
				  $result = mysqli_query($con, $query);
				  if($result && mysqli_num_rows($result) > 0) {
					// login successful
					$user_data = mysqli_fetch_assoc($result);
					$_SESSION['user_id'] = $user_data['user_id'];
					// redirect to the admin dashboard page
					header("Location: admin_dashboard.php");
					exit;
				  } else {
					// login failed
					echo "Wrong username or password!";
				  }
				}
			  } else {
				// username or password is empty
				echo "Please enter a valid username and password!";
			  }
	}

Please I need some help!

    What value does $result have when a user and password are supplied, but they don't exist in the table?

    Also, you don't take any different steps when you find a user in the admin_users table versus the plain old users table. In both cases you just set $_SESSION['user_id']. You haven't shown us the code in admin_dashboard.php so we don't know what might be going on there.

    Lastly, your code is vulnerable to SQL injection and easily exploited.

      Write a Reply...