The login script should fetch the user record based on the username, then verify the hashed password using PHP’s built-in password_verify() function.
// Inside your login processing script if (password_verify($password, $hashed_password)) session_start(); $_SESSION['username'] = $username; $_SESSION['user_type'] = $row['user_type']; if ($_SESSION['user_type'] == 'admin') header("location: admin_dashboard.php"); else header("location: user_home.php"); Use code with caution. 4. Protecting Admin Pages admin and user login php code download
Using or MySQLi with prepared statements is critical to prevent SQL injection attacks. config.php The login script should fetch the user record
Creating a secure admin and user login system is a fundamental skill for any PHP developer. This guide provides a complete roadmap for building a multi-role authentication system, including database setup, secure password handling, and role-based redirection. 1. Database Configuration Protecting Admin Pages Using or MySQLi with prepared
CREATE TABLE users ( id INT(11) UNSIGNED AUTO_INCREMENT PRIMARY KEY, username VARCHAR(50) NOT NULL, email VARCHAR(100) NOT NULL UNIQUE, password VARCHAR(255) NOT NULL, user_type ENUM('admin', 'user') DEFAULT 'user' ); Use code with caution. 2. Secure Database Connection