Using my login script, is there an easy way to create an admin session?

Question

Hello please see below for my login script which I want to admin "isAdmin" too.

 <?php

    session_start();

    $username = "#####";
    $password = "#####";
    $hostname = "#####";

    $dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
    $selected = mysql_select_db("logindashboard", $dbhandle);

    $user = mysql_real_escape_string( $_POST['user'] );
    $pass = mysql_real_escape_string( $_POST['pass'] );

    $result = mysql_query("SELECT * FROM logindashboard.login WHERE user='".$user."' and pass='".$pass."'");
    if( mysql_num_rows($result) == 1 ) {
    $_SESSION['loggedIn'] = true;
    header('Location: index2.php');
        }else{
        echo 'Incorrect Username or Password';
        }
    mysql_close();
?>

In the database I have a field of each user called "admin" this is either 1 or 0.

Is there a way to create a specific session called "isAdmin" which on my homepage if it's detected I can display a div?

I tried using the another select in the IF statement, but it failed.

Many thanks.

Answer 1

if($row = mysql_fetch_array($result)){
  $_SESSION['loggedIn'] = true;
  $_SESSION['isAdmin'] = ($row['admin'])? true : false;
  header('Location: index2.php');
}else{
  echo 'Incorrect Username or Password';
}

mysql_ is now deprecated, you should use mysqli_ or PDO

Answer 2

$result = mysql_query("SELECT * FROM logindashboard.login WHERE user='".$user."' and pass='".$pass."'");
if( mysql_num_rows($result) == 1 ) {
    $row=mysql_fetch_row($result);
    $_SESSION['adminCheck']=$row['admin'];
    $_SESSION['loggedIn'] = true;
    header('Location: index2.php');
}else{
    echo 'Incorrect Username or Password';
}

and in displaying page

if($_SESSION['adminCheck']=='1'){
    //display div
}

Answer 3

Let we assume you have row to store admin value as isadmin *1 or 0*