how to add condition if user is admin route it to admin panel if other user route it to other panel after success login?

Question

I have two files one is controller.php and other is model.php.
controller.php

<?php
if (isset($_POST['btn_login_user']))
{
    $login_user=login_user($_POST['email'],$_POST['password']);
    if ($login_user){
        @$msg = '
        <div class="alert text-center alert-success alert-dismissible fade show" role="alert">
            You logged in!
            <button type="button" class="close" data-dismiss="alert" aria-label="Close">
            <span aria-hidden="true">&times;</span>
            </button>
        </div>
        <script>
            setTimeout(function() {
                window.location.href="dash_user.php";},5000);
        </script>';
    }else{
        @$msg = '
        <div class="alert text-center alert-warning alert-dismissible fade show" role="alert">
            Failed to login!
            <button type="button" class="close" data-dismiss="alert" aria-label="Close">
            <span aria-hidden="true">&times;</span>
            </button>
        </div>
        <script>
            setTimeout(function() {
                window.location.href="index.php";},20000);
        </script>';
    }
}

in here I have model.php model.php

<?php
    function login_user($email,$password)
{
    global $conn;
    $password = md5($password);
    $sql = ("SELECT * FROM `user` WHERE `us_name`=? AND `us_pwd`=?");
    $res = $conn->prepare($sql);
    $res->bindValue(1, $email);
    $res->bindValue(2, $password);
    $res->execute();
    if ($res->rowCount() >= 1) {
        {
            $row = $res->fetch(PDO::FETCH_ASSOC);
            $userSession = array(
                'us_id' => $row['us_id'],
                'rul_id' => $row['rul_id'],
                'us_pwd' => $row['us_pwd'],
                'us_name' => $row['us_name'],
            );
            $_SESSION['login_user'] = $userSession;
        }
        return true;
    }
    return false;
}
?>

would you please advice me how to where and how to add condition in these files to redirect by condition, like for Admin user if logged in redirect it to ad_index.php and for Normal user if logged in then redirect it to us_index.php

Answer 1

Method to set Role Base Authentication

i have hosted a website in heroku for testing i have use the below method for role base work

like admin , teacher, student

https://ipd-kiu.herokuapp.com/login

email and passwords for admin

admin@gmail.com
admin123

email and passwords for student

test@gmail.com
test123

email and passwords for instructor

naeem@gmail.com
naeem123

Step one i have Edit my users table and add additional column role.

Step two

i have edit my login method in controller as below

public function postLogin(Request $request ,  Exception $exception)
    {
        $request->validate([
            'email' => 'required',
            'password' => 'required',
        ]);

        $credentials = $request->only('email', 'password');
        if (Auth::attempt($credentials)) {
            return redirect()->intended('dashboard')
                        ->withSuccess('You have Successfully loggedin');
        }else{

           return "sorry their is an erro please try again ." . $exception ;

        }

        return redirect("login")->withSuccess('Oppes! You have entered invalid credentials');
    }

Step three

now i will redirect to the dashboard page after login success here i have to protect your data

like below

their are different users in my login table with different role like instructor , admin , student

in my case the auth work will be

{{-- works of admin  --}}
@if (Auth()->user()->role == 'admin')

//works of admin 

@endif

{{-- works of student--}}
@if (Auth()->user()->role == 'student')

//works of student

@endif

{{-- works of instructor--}}
@if (Auth()->user()->role == 'instructor')

//works of instructor

@endif

This is a general guide related to your question.

Answer 2

Here I tried another method and working smoothly: Model_login.php

<?php
//session login page
function login_user($email,$password)
{
    global $conn;
    $password = md5($password);
    $sql = ("SELECT * FROM `user` WHERE `us_name`=? AND `us_pwd`=?");
    $res = $conn->prepare($sql);
    $res->bindValue(1, $email);
    $res->bindValue(2, $password);
    $res->execute();
    if ($res->rowCount() >= 1) {
        {
            $row = $res->fetch(PDO::FETCH_ASSOC);
            $userSession = array(
                'us_id' => $row['us_id'],
                'rul_id' => $row['rul_id'],
                'us_pwd' => $row['us_pwd'],
                'us_name' => $row['us_name'],
            );
            $_SESSION['login_user'] = $userSession;
        }
        return true;
    }
    return false;
}
?>

Here I used case method in controller: controller_login.php

<?php
if (isset($_POST['btn_login_user']))
{
    $login_user=login_user($_POST['email'],$_POST['password']);
    if ($login_user){
        switch($_SESSION['login_user']['rul_id']) {
            case "1": // Admin user
                @$msg = '
        <div class="alert text-center alert-success alert-dismissible fade show" role="alert">
            You logged in successfully!
            <button type="button" class="close" data-dismiss="alert" aria-label="Close">
            <span aria-hidden="true">&times;</span>
            </button>
        </div>
        <script>
            setTimeout(function() {
                window.location.href="ad_index.php";},2000);
        </script>';
                break;
            case "2": // employee user
                @$msg = '
        <div class="alert text-center alert-success alert-dismissible fade show" role="alert">
            You logged in successfully!
            <button type="button" class="close" data-dismiss="alert" aria-label="Close">
            <span aria-hidden="true">&times;</span>
            </button>
        </div>
        <script>
            setTimeout(function() {
                window.location.href="us_index.php";},2000);
        </script>';
                break;
            case "3": // student user
                @$msg = '
        <div class="alert text-center alert-success alert-dismissible fade show" role="alert">
            You logged in successfully!
            <button type="button" class="close" data-dismiss="alert" aria-label="Close">
            <span aria-hidden="true">&times;</span>
            </button>
        </div>
        <script>
            setTimeout(function() {
                window.location.href="st_index.php";},2000);
        </script>';
                break;
        }
    }else{
        @$msg = '
        <div class="alert text-center alert-warning alert-dismissible fade show" role="alert">
            Failed to login!
            <button type="button" class="close" data-dismiss="alert" aria-label="Close">
            <span aria-hidden="true">&times;</span>
            </button>
        </div>
        <script>
            setTimeout(function() {
                window.location.href="index.php";},3000);
        </script>';
    }

}

as you can see if case=1 it is admin right and routing to ad_index.php, for case=2 it is employee right and routing to us_index.php and for case=3 it is routing to st_index.php. hope you enjoyed too.