php login form

hello guys, can someone here teach me how can i create a login form that will have different permissions between a user and admin.

here is my script...

<?

ini_set ('display_errors',1);
error_reporting (E_ALL & ~E_NOTICE);

ob_start();

include ('includes/hlogin.inc');

if (isset ($_POST['submit'])) {


$user = $_POST['username'];
$pwd = $_POST['password'];

if (!$user || !$pwd) {

echo "Sorry you didnt fill the fields";

} else {

$user = $_POST['username'];
$pwd = $_POST['password'];
$cookie = 0;

include ("dbconnection.php");

$user_result = mysql_query("SELECT * FROM userlevel WHERE username='$user' and password='$pwd'") or die ("Unable to get results<br /><a href=\"index.php\"><font color=\"#000000\" size=\"1\" face=\"Verdana, Arial, Helvetica, sans-serif\"><strong>Back to Login page</strong></font></a>");


$num = mysql_numrows($user_result) or die("<br /><br /><div align=\"center\"><font color=\"#FF0000\ size=\"1\" face=\"Arial, Helvetica, sans-serif\">&nbsp;&nbsp;&nbsp;&nbsp;<b><small><font color=red>ACCESS DENIED!</font><br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; You are not an authorized user $username!</small></b></font><br /><a href=\"index.php\"><font color=\"#000000\" size=\"1\" face=\"Verdana, Arial, Helvetica, sans-serif\"><br /><strong>Back to Login Page</strong></font> </div> "); //NO RESULT

if ($num == 1) {

setcookie('cookie_user', $user);
$cookie = 1;

if ($cookie) {

header ("Location:main.php");
exit();

}
}

}

}else{

print '<form name="form1" method="post" action="">
<div align="right"></div>
<table width="263" height="93" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="111" height="31"><div align="right"><span class="style3">USERNAME:</span></div></td>
<td width="152"><div align="right">
<input type="text" name="username">
</div></td>
</tr>
<tr>
<td height="32"><div align="right"><span class="style3">PASSWORD:</span></div></td>
<td><div align="right">
<input type="password" name="password">
</div></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><div align="center">
<input type="submit" name="submit" value="submit">
</div></td>
</tr>
</table>
</form>';



}

include ('includes/flogin.inc');

?>

The permissions are not given by the form itself.

You need to store an extra column per user that gives you an indication if this user is an admin.


$result = query("SELECT * FROM users WHERE username = {$username}");

$row = getRow($result);

if ($row['admin'] === 1) {
$admin = true;
} else {
$admin = false;
}