We Keep Coding

How to create multi user (Admin, Registered User, General Visitor) login system on Role Based in php?

I am trying to create 3 different section for Admin, Registered User and General Visitor(Non-registered User). I searched in many places but I did not find any information. Here I give my code for Non-registered user and Registered user.
would you please customize/edit my code for Admin section
Advance thanks
My Index Page:
<?php
require 'header.php';
require 'includes/dbh.inc.php';
?>
<link rel="stylesheet" type="text/css" href="css/index.css">
<title>Home Page</title>
<main>
<?php
if (isset($_SESSION['userId'])) {
echo '<p>You are Loged in!</p>';
}
else{
echo '<p>You are Loged out!</p>';
}
?>
</main>
<?php
require 'footer.php';
?>
My login.inc Page:
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)) {
header("Location: ../login.php?error=emptyfields");
exit();
}
else{
$sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../login.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../login.php?error=wrongpwd");
exit();
}
else if ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: ../index.php?login=success");
exit();
}
else{
header("Location: ../login.php?error=wrongpwd");
exit();
}
}
else{
header("Location: ../login.php?error=nouser");
exit();
}
}
}
}
else{
header("Location: ../login.php");
exit();
}

You have to add a col to your database with the role for every user and then, after the login check set another $_SESSION with the role value. Example:
$_SESSION['role'] = $row['role']
Then check this value every page you need it.

Checking user role and redirects them to different page

i am currently new to php and only know the basics and am trying to develop a website for my project. I am able to create a login system but i can't seem to redirect users to different page based on the role that they have. What i'm trying to do is when they log in, a script will pop showing a message saying 'welcome "user"' and then it redirects them to different pages according to their role.
This is my current code:
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../index.php?error=wrongpwd");
exit();
}
elseif ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
$_SESSION['userRole'] = $row['roleUsers'];
}
if ($_SESSION['userRole']==="1") {
header("Location: ../index.php?login=success");
exit();
}
elseif ($_SESSION['userRole']==="0") {
header("Location: ../adminhomepage.php?login=success");
exit();
}
}
else {
header("Location: ../index.php?error=nouser");
exit();
}

for checking true or false, you don't need to use elseif statement
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ( !$pwdCheck ) {
header("Location: ../index.php?error=wrongpwd");
exit();
}
else {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
$_SESSION['userRole'] = $row['roleUsers'];
}

how to check if the user is a normal user or an admin user PHP

I can log in to the website with the normal user and the admin user,
I would like to check if the user is a normal user or an admin user and then send them to a different page but it doesnt work when I tried the following i was unable to log in with any credentials.
I modify my db table to add a column for userType, 2 if it is an admin and 1 if it is a normal user
this is what a tried:
if($_SESSION['usertype'] == 2)
{
//do stuff here
}
if ($_SESSION['usertype'] == 1)
{
//do stuff here
}
This is my php file:
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.php';
$mail = $_POST['email'];
$password = $_POST['pwd'];
$sql = "SELECT * FROM user WHERE utepEmail=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: index.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $mail);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['Password']);
if ($pwdCheck == false) {
header("Location: index.php?error=wrongpwd");
exit();
} elseif ($pwdCheck == true) {
session_start();
$_SESSION['username'] = $row['Name'];
header("Location: index.php?success");
exit();
} else {
eader("Location: index.php?error=wrongpwd");
exit();
}
} else {
header("Location: login.php?error=noouser");
exit();
}
}
} else {
header("Location: index.php");
exit();
}

In the main PHP file, you probably need to set the session variable for the user type, so that when you later use that type, the value has been set.
The right place to do this is when the password is checked.
...
elseif ($pwdCheck == true) {
session_start();
$_SESSION['username'] = $row['Name'];
$_SESSION['usertype'] = $row['usertype']; // <- add user type to the session
header("Location: index.php?success");
exit();
}
...
When the 'success' page is loaded, it will pick up the usertype and your structure could then work.

How can I correct the error with password verify in my code

I'm trying to make a log in form. But every time that I try to login it always give a error message that my password is incorrect. Im using md5 to hash my password in the database.
I've tried to remove the hash and password_verify to my code but it automatically login the user with incorrect passowrd
<?php
if (isset($_POST['login-submit'])) {
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)){
header("Location: ../systemlogintut/index1.php?error=emptyfields");
exit();
}
else {
$sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../systemlogintut/index1.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt, "ss", $mailuid, $password);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../systemlogintut/index1.php?error=wrongpwd");
exit();
}
else if ($pwdCheck == true) {
session_start();
$_SERVER['userId'] = $row['idUsers'];
$_SERVER['userUid'] = $row['uidUsers'];
header("Location: ../systemlogintut/index1.php?login=success");
exit();
}
else {
header("Location: ../systemlogintut/index1.php?error=wrongpwd");
exit();
}
}
else {
header("Location: ../systemlogintut/index1.php?error=nouser");
exit();
}
}
}
}
else {
header("Location: ../systemlogintut/index1.php");
exit();
}

You are automatically logging in the user, change the redirect code in this line
if ($row = mysqli_fetch_assoc($result))
{
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../systemlogintut/index1.php?error=wrongpwd"); // change the redirection here
exit();
}

try it
$password = md5($_POST['pwd']);

I just change it to:
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
instead of using:
$hashedPwd = mb5($password, PASSWORD_DEFAULT);

Admin and User PHP Database login

I am pretty new to php coding and I have setup a working signup/signin system for a website, but now I want to create an admin user which can edit/upload pictures to the website. I just have no idea how to do it, so far I have just added a column to phpmyadmin which is usertype and its an enum with two variables which are admin and users, and I have set the default to user so when someone signs up they are defaulted as a user. so any help would be greatly appreciated.
This is my login php
if (isset($_POST['login-submit'])) {
#
require 'dbh.inc.php';
$mailuid = $_POST['mailuid'];
$password = $_POST['pwd'];
if (empty($mailuid) || empty($password)) {
header("Location: ../index.php?error=emptyfields");
exit();
}else {
$sql = "SELECT * FROM users WHERE uidUsers=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../index.php?error=sqlerror");
exit();
}else{
mysqli_stmt_bind_param($stmt, "s", $mailuid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if ($row = mysqli_fetch_assoc($result)) {
$pwdCheck = password_verify($password, $row['pwdUsers']);
if ($pwdCheck == false) {
header("Location: ../index.php?error=wrongpassword");
exit();
}elseif ($pwdCheck == true) {
session_start();
$_SESSION['userId'] = $row['idUsers'];
$_SESSION['userUid'] = $row['uidUsers'];
header("Location: ../index.php?login=success");
exit();
}
}
else {
header("Location: ../index.php?error=nouser");
exit();
}
}
}
}else {
header("Location: ../index.php");
exit();
}
This is my signup php
<?php
if (isset($_POST['signup-sumbit'])) {
require 'dbh.inc.php';
$username = $_POST['uid'];
$email = $_POST['mail'];
$password = $_POST['pwd'];
$passwordRepeat = $_POST['pwd-repeat'];
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) {
header("Location: ../signup.php?error=emptyfields&uid=".$username."&mail=".$email);
exit();
}elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invaildmailuid");
exit();
}elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../signup.php?error=invaildmail&uid=".$username);
exit();
}elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../signup.php?error=invailduid&mail=".$email);
exit();
}elseif ($password !== $passwordRepeat) {
header("Location: ../signup.php?error=passwordcheck&uid=".$username."&mail=".$email);
exit();
}else{
$sql = "SELECT uidUsers FROM users WHERE uidUsers=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror1");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../signup.php?error=usertaken&mail=".$email);
exit();
} else {
$sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../signup.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?signup=success");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}else {
header("Location: ../signup.php");
exit();
}
This is a picture of the new column I added
Picture of phpmyadmin

This is the code where you are checking if user has admin privileges and store in session
if($row['user_type'] == 'Admin'){
$_SESSION['isAdmin'] = true;
}else{
$_SESSION['isAdmin'] = false;
}
later you can use $_SESSION['isAdmin'] to give privileges as you wish
if($_SESSION['isAdmin']){
//code for uploading pictuers ..
}