How can I make a login system that excepts only two people with sessions in PHP?
I want to make a login system that only two users could log into. I really don't want to use databases for my own reasons.The real problem is that there are multiple logins on the website and if you login with another account on another part of the website and go here into the "Admin panel" the admin panel will open and let any user create new users with admin access.
My code:
index.php
<?php
session_start();
define('DS', TRUE);
define('USERNAME', $_SESSION['username']);
define('SELF', $_SERVER['PHP_SELF'] );
$userx = $_SESSION['username'];
if (!USERNAME or isset($_GET['logout']))
include('login/login.php');
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>ADMIN PANEL</title>
<meta name="author" content="INTmAker" />
<meta name="author" content="Leonx">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
</head>
<body>
You are logged in as <?php echo($userx); ?> | <a href="?logout=1">Logout</a>
<br>
<?php
if($userx != "Leonx" || $userx != "INT"){
echo 'You are not an Admin.';
return false;
} else {
echo ' <div>
<input type="text" id="username" name="username" placeholder="Username" value=""/>
<input type="password" id="password" name="password" placeholder="Password" value=""/>
<input type="submit" id="postform" onclick="post()" value="Submit">
</div>
<input type="checkbox" onclick="admin()">Admin access?
<input type="checkbox" onclick="password()">Pokaži lozinku';
}
?>
<script>
function post() {
var username = $('#username').val();
var password = $('#password').val();
$.post('multipass.php', {postuser:username, postpass:password},
function(data)
{
alert("Uspjesno dodan korisnik!");
});
}
function post2() {
var username = $('#username').val();
var password = $('#password').val();
$.post('adminpass.php', {postuser:username, postpass:password},
function(data)
{
alert("Uspjesno dodan admin!");
});
}
function password() {
var x = document.getElementById("password");
if (x.type === "password") {
x.type = "text";
} else {
x.type = "password";
}
}
function admin(){
document.getElementById('postform').setAttribute('onclick','post2()');
}
</script>
</body>
</html>
login.php
<?php defined('DS') OR die('No direct access allowed.');
include('users.php');
if(isset($_GET['logout'])) {
$_SESSION['username'] = '';
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(isset($_POST['username'])) {
if($users[$_POST['username']] !== NULL && $users[$_POST['username']] == $_POST['password']) {
$_SESSION['username'] = $_POST['username'];
header('Location: ' . $_SERVER['PHP_SELF']);
}else {
//invalid login
echo "<p>Korisničko ime ili lozinka su krivi!</p>";
}
}
echo '<!DOCTYPE html>
<html>
<head>
<title>EDITOR LOGIN</title>
<link rel="stylesheet" type="text/css" href="login/style.css">
</head>
<body>
<div class="header">
<h2>Admin</h2>
</div>
<form method="post" action="'.SELF.'">
<div class="input-group">
<label for="username">Korisničko ime</label> <input type="text" id="username" name="username" value=""/>
</div>
<div class="input-group">
<label for="password">Lozinka</label> <input type="password" id="password" name="password" value="" />
</div>
<input type="submit" class="btn" name="submit" value="Login" class="button"/>
</form>
</body>
</html>';
exit;
?>
My expectation: If the logged in user's name is not Leonx or INT then I would like the user to just get a message saying "You are not an Admin." and If the username is Leonx or INT then I would want to have the input fields of the from be displayed.
