PHP how to make an admin panel

Learn how to create an admin panel with PHP, step-by-step tutorial with example code included.

Creating an Admin Panel in PHP

Creating an admin panel in PHP is a great way to manage a website or application. It allows you to set up the user roles, control access levels and create a secure environment for users to access and manage data. In this tutorial, we'll show you how to create an admin panel in PHP. We'll cover the basics of setting up the admin panel, setting up user roles and access levels and securing the admin panel.

Step 1: Setting Up the Admin Panel

The first step to creating an admin panel in PHP is to set up the panel. This involves creating the necessary files and folders and setting up the database.

Creating the Files and Folders

To begin, create the following files and folders:
  • config.php - This file will contain the configuration settings for the admin panel.
  • includes - This folder will contain the files and functions that are used by the admin panel.
  • templates - This folder will contain the HTML and CSS for the admin panel.
  • login.php - This file will be used for logging into the admin panel.

Setting Up the Database

The next step is to set up the database. This involves creating the necessary tables and fields for the admin panel.

// Connect to the database
$db = new mysqli('localhost','username','password','database');

// Create the users table
$db->query('CREATE TABLE users (
  id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
  username VARCHAR(255) NOT NULL,
  password VARCHAR(255) NOT NULL
)');

// Create the roles table
$db->query('CREATE TABLE roles (
  id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
  name VARCHAR(255) NOT NULL
)');

// Create the access levels table
$db->query('CREATE TABLE access_levels (
  id INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
  role_id INT NOT NULL,
  page VARCHAR(255) NOT NULL,
  access_level INT NOT NULL
)');
Once the database is set up, we can move on to setting up the user roles and access levels.

Step 2: Setting Up User Roles and Access Levels

The next step is to set up the user roles and access levels. This involves creating the necessary roles and access levels in the database, and then assigning the roles and access levels to users.

Creating the Roles

The first step is to create the necessary roles in the database. This can be done by inserting records into the roles table:

// Insert the admin role
$db->query('INSERT INTO roles (name) VALUES ("admin")');

// Insert the user role
$db->query('INSERT INTO roles (name) VALUES ("user")');

Assigning Roles to Users

Once the roles have been created, we can assign them to users. This can be done by inserting records into the users table:

// Insert the admin user
$db->query('INSERT INTO users (username,password,role_id) 
  VALUES ("admin","password",1)');

// Insert the user
$db->query('INSERT INTO users (username,password,role_id) 
  VALUES ("user","password",2)');

Setting Up Access Levels

The next step is to set up the access levels. This involves creating records in the access levels table and assigning access levels to each page.

// Insert the admin access level
$db->query('INSERT INTO access_levels (role_id,page,access_level) 
  VALUES (1,"admin",1)');

// Insert the user access level
$db->query('INSERT INTO access_levels (role_id,page,access_level) 
  VALUES (2,"admin",0)');
Once the user roles and access levels have been set up, we can move on to securing the admin panel.

Step 3: Securing the Admin Panel

The last step is to secure the admin panel. This involves creating a login system, validating user credentials and restricting access to certain pages.

Creating a Login System

The first step is to create a login system. This can be done by creating a login page (login.php) and a logout page (logout.php). The login page should contain a form for entering the username and password, and the logout page should delete the user's session.

Validating User Credentials

The next step is to validate the user credentials. This can be done by creating a function that checks the username and password against the database. If the credentials are valid, the function should create a session for the user and redirect them to the admin panel.

function validate_user($username,$password) {
  global $db;
  
  // Get the user record from the database
  $result = $db->query('SELECT * FROM users WHERE username = "'.$username.'" AND password = "'.$password.'"');
  
  // Check if a valid user was found
  if($result->num_rows == 1) {
    // Fetch the user record
    $user = $result->fetch_assoc();
    
    // Create a session for the user
    $_SESSION['user_id'] = $user['id'];
    $_SESSION['role_id'] = $user['role_id'];
    
    // Redirect to the admin panel
    header('Location: admin.php');
    
    return true;
  }
  
  return false;
}

Restricting Access to Certain Pages

The last step is to restrict access to certain pages. This can be done by creating a function that checks the user's access level for each page. If the user has the required access level, they will be allowed to access the page.

function check_access_level($page) {
  global $db;
  
  // Get the user's role
  $role_id = $_SESSION['role_id'];
  
  // Get the required access level for the page
  $result = $db->query('SELECT access_level FROM access_levels WHERE role_id = "'.$role_id.'" AND page = "'.$page.'"');
  
  // Check if the user has the required access level
  if($result->num_rows == 1) {
    // Fetch the access level
    $level = $result->fetch_assoc();
    
    // Check if the user has the required access level
    if($level['access_level'] > 0) {
      return true;
    }
  }
  
  return false;
}
And that's it! We've now created an admin panel in PHP. We've set up the admin panel, set up user roles and access levels and secured the admin panel.

Answers (0)