Hello coders!

I am currently developing a Student Management System using PHP and MySql where an admin (principal) can log in to the dashboard to manage accounts of students and staffs, update results, add new student, etc. Students can also log in to view their profile and results.

I have been able to create the dashboard and student login system using session , but the problem is If a user goes to 'dashboard.php', they will be able to view all the dashboard settings, I want only the admin to be able to view this page.

Please how can I achieve this.

Codedreamer:
Hello coders!

I am currently developing a Student Management System using PHP and MySql where an admin (principal) can log in to the dashboard to manage accounts of students and staffs, update results, add new student, etc. Students can also log in to view their profile and results.

I have been able to create the dashboard and student login system using session , but the problem is If a user goes to 'dashboard.php', they will be able to view all the dashboard settings, I want only the admin to be able to view this page.

Please how can I achieve this.

Am guessing you are storing the user id or user name of logged in user in a session variable. So, go to your users table in db and create a column is_admin with default value of 0. 0 indicates not admin while 1 indicates admin.
So in the page you want to restrict, grab the user I'd from session, run a query to check if is_admin, proceed if so or redirect if necessary.

Codedreamer:
Hello coders!

I am currently developing a Student Management System using PHP and MySql where an admin (principal) can log in to the dashboard to manage accounts of students and staffs, update results, add new student, etc. Students can also log in to view their profile and results.

I have been able to create the dashboard and student login system using session , but the problem is If a user goes to 'dashboard.php', they will be able to view all the dashboard settings, I want only the admin to be able to view this page.

Please how can I achieve this.

Another way to go about it is to create a user_type column in the users table. user_type will be an enum data type with options like (user, admin, moderator, site_owner...).


So you'll check, if $user->user_type === "admin".

Preferably, the check should be in a middleware.

404Dev:

Am guessing you are storing the user id or user name of logged in user in a session variable. So, go to your users table in db and create a column is_admin with default value of 0. 0 indicates not admin while 1 indicates admin.
So in the page you want to restrict, grab the user I'd from session, run a query to check if is_admin, proceed if so or redirect if necessary.

Thanks for your reply. From your write-up, it seems i will have to write all my dashboard.php contents inside a condition. Currently, all my dashboard.php HTML codes are written in plain HTML (can i write plain html inside a php condition) or Do I have to echo them all.

For example: if ($_SESSION['username'] == $admin) {
echo "all dashboard HTML code";
}
else {
redirect to another page
}

Karleb:


Another way to go about it is to create a user_type column in the users table. user_type will be an enum data type with options like (user, admin, moderator, site_owner...).


So you'll check, if $user->user_type === "admin".

Preferably, the check should be in a middleware.

Thanks for your reply. That means all my dashboard.php HTML codes will have to be inside a condition and they will all be echoed. Currently, they are written in plain HTML. I'm still learning!

If (condition) {
echo " all HTML codes ";
}
else {
echo " Only admin can access this page";
}

Codedreamer:
Hello coders!

I am currently developing a Student Management System using PHP and MySql where an admin (principal) can log in to the dashboard to manage accounts of students and staffs, update results, add new student, etc. Students can also log in to view their profile and results.

I have been able to create the dashboard and student login system using session , but the problem is If a user goes to 'dashboard.php', they will be able to view all the dashboard settings, I want only the admin to be able to view this page.

Please how can I achieve this.

Hello simply add a user role field and store as student admin or anything you like
Simply check the role and then give access

Codedreamer:
Thanks for your reply. That means all my dashboard.php HTML codes will have to be inside a condition and they will all be echoed. Currently, they are written in plain HTML. I'm still learning!

If (condition) {
echo " all HTML codes ";
}
else {
echo " Only admin can access this page";
}

This should do it. It seems you are not working with routes, middlewares and the likes.

It's better you check for the opposite though.
Something like...

If (! $admin){
//redirect to other page
}

Then you continue with the dashboard.php codes. The check should be the first thing in the dashboard.php file.



A friendly advice.

If you need to combine html and Php codes for any reason, especially for a project, consider using php templates. They are specifically made for this reason.

Karleb:


This should do it. It seems you are not working with routes, middlewares and the likes.

It's better you check for the opposite though.
Something like...

If (! $admin){
//redirect to other page
}

Then you continue with the dashboard.php codes. The check should be the first thing in the dashboard.php file.



A friendly advice.

If you need to combine html and Php codes for any reason, especially for a project, consider using php templates. They are specifically made for this reason.

Thanks very much for the help.

Codedreamer:
Hello coders!

I am currently developing a Student Management System using PHP and MySql where an admin (principal) can log in to the dashboard to manage accounts of students and staffs, update results, add new student, etc. Students can also log in to view their profile and results.

I have been able to create the dashboard and student login system using session , but the problem is If a user goes to 'dashboard.php', they will be able to view all the dashboard settings, I want only the admin to be able to view this page.

Please how can I achieve this.

Google and read up on Role based access control, just my little Cent

Karleb:


Another way to go about it is to create a user_type column in the users table. user_type will be an enum data type with options like (user, admin, moderator, site_owner...).


So you'll check, if $user->user_type === "admin".

Preferably, the check should be in a middleware.

This seems like an approach I'll rather use though. Nice. The answer before this can do this too but I prefer this instead sha.

Codedreamer:
Thanks for your reply. That means all my dashboard.php HTML codes will have to be inside a condition and they will all be echoed. Currently, they are written in plain HTML. I'm still learning!

If (condition) {
echo " all HTML codes ";
}
else {
echo " Only admin can access this page";
}

Tendency of loading only the else condition when you have like three user role... like Admin, Manager, Cashier... is high


in your case you would have student, parents, teachers... so it's better to use $_SESSION['role']. ..


And For security purposes, so even if a user types in the web address direct on the browser it would end $_SESSION immediately
$_SESSION['role']