I have two files one is controller.php and other is model.php.
controller.php
<?php
if (isset($_POST['btn_login_user']))
{
$login_user=login_user($_POST['email'],$_POST['password']);
if ($login_user){
@$msg = '
<div role="alert">
You logged in!
<button type="button" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="dash_user.php";},5000);
</script>';
}else{
@$msg = '
<div role="alert">
Failed to login!
<button type="button" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="index.php";},20000);
</script>';
}
}
in here I have model.php model.php
<?php
function login_user($email,$password)
{
global $conn;
$password = md5($password);
$sql = ("SELECT * FROM `user` WHERE `us_name`=? AND `us_pwd`=?");
$res = $conn->prepare($sql);
$res->bindValue(1, $email);
$res->bindValue(2, $password);
$res->execute();
if ($res->rowCount() >= 1) {
{
$row = $res->fetch(PDO::FETCH_ASSOC);
$userSession = array(
'us_id' => $row['us_id'],
'rul_id' => $row['rul_id'],
'us_pwd' => $row['us_pwd'],
'us_name' => $row['us_name'],
);
$_SESSION['login_user'] = $userSession;
}
return true;
}
return false;
}
?>
would you please advice me how to where and how to add condition in these files to redirect by condition, like for Admin user if logged in redirect it to ad_index.php and for Normal user if logged in then redirect it to us_index.php
CodePudding user response:
Method to set Role Base Authentication
i have hosted a website in heroku for testing i have use the below method for role base work
like admin , teacher, student
https://ipd-kiu.herokuapp.com/login
email and passwords for admin
[email protected]
admin123
email and passwords for student
[email protected]
test123
email and passwords for instructor
[email protected]
naeem123
Step one i have Edit my users table and add additional column role.
Step two
i have edit my login method in controller as below
public function postLogin(Request $request , Exception $exception)
{
$request->validate([
'email' => 'required',
'password' => 'required',
]);
$credentials = $request->only('email', 'password');
if (Auth::attempt($credentials)) {
return redirect()->intended('dashboard')
->withSuccess('You have Successfully loggedin');
}else{
return "sorry their is an erro please try again ." . $exception ;
}
return redirect("login")->withSuccess('Oppes! You have entered invalid credentials');
}
Step three
now i will redirect to the dashboard page after login success here i have to protect your data
like below
their are different users in my login table with different role like instructor , admin , student
in my case the auth work will be
{{-- works of admin --}}
@if (Auth()->user()->role == 'admin')
//works of admin
@endif
{{-- works of student--}}
@if (Auth()->user()->role == 'student')
//works of student
@endif
{{-- works of instructor--}}
@if (Auth()->user()->role == 'instructor')
//works of instructor
@endif
This is a general guide related to your question.
CodePudding user response:
Here I tried another method and working smoothly: Model_login.php
<?php
//session login page
function login_user($email,$password)
{
global $conn;
$password = md5($password);
$sql = ("SELECT * FROM `user` WHERE `us_name`=? AND `us_pwd`=?");
$res = $conn->prepare($sql);
$res->bindValue(1, $email);
$res->bindValue(2, $password);
$res->execute();
if ($res->rowCount() >= 1) {
{
$row = $res->fetch(PDO::FETCH_ASSOC);
$userSession = array(
'us_id' => $row['us_id'],
'rul_id' => $row['rul_id'],
'us_pwd' => $row['us_pwd'],
'us_name' => $row['us_name'],
);
$_SESSION['login_user'] = $userSession;
}
return true;
}
return false;
}
?>
Here I used case method in controller: controller_login.php
<?php
if (isset($_POST['btn_login_user']))
{
$login_user=login_user($_POST['email'],$_POST['password']);
if ($login_user){
switch($_SESSION['login_user']['rul_id']) {
case "1": // Admin user
@$msg = '
<div role="alert">
You logged in successfully!
<button type="button" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="ad_index.php";},2000);
</script>';
break;
case "2": // employee user
@$msg = '
<div role="alert">
You logged in successfully!
<button type="button" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="us_index.php";},2000);
</script>';
break;
case "3": // student user
@$msg = '
<div role="alert">
You logged in successfully!
<button type="button" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="st_index.php";},2000);
</script>';
break;
}
}else{
@$msg = '
<div role="alert">
Failed to login!
<button type="button" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<script>
setTimeout(function() {
window.location.href="index.php";},3000);
</script>';
}
}
as you can see if case=1 it is admin right and routing to ad_index.php, for case=2 it is employee right and routing to us_index.php and for case=3 it is routing to st_index.php. hope you enjoyed too.