I think this is what you want:
include 'connection.php';
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM Register
WHERE username= '" . $connection->real_escape_string($username) . "'
AND Password = '" . $connection->real_escape_string($password) . "'";
$result = mysqli_query($connection, $query) or exit("Error in the query: $query. " . mysqli_error());
$row = mysqli_fetch_assoc($result);
if ($row) {
$_SESSION['username'] = $username;
$_SESSION['user_id'] = $row['user_id'];
if ($row['user_id'] == 1) {
header('Location: AdminPage.php');
} else {
header('Location: ProtectedPage.php');
}
} else {
$_SESSION['error'] = 'User not recognised';
echo 'user not recognised';
header('location:Login.php');
}
In AdminPage.php
, you should check that the user is an admin with:
if (isset($_SESSION['user_id']) && $_SESSION['user_id'] == 1)
ProtectedPage.php
just needs to check that the user is logged in:
if (isset($_SESSION['user_id']))