# Admin Database Setup Guide ## 📋 Overview You now have a complete admin system with: - Admin user management - Admin activity logging - Admin permissions system - Admin dashboard - Secure admin login --- ## 🚀 Quick Start - 3 Steps ### Step 1: Import SQL Database 1. Open **phpMyAdmin** → `http://localhost/phpmyadmin/` 2. Select your database: **`mywebsite_db`** 3. Go to **Import** tab 4. Click **Choose File** → Select **`admin_database.sql`** from your WEBSITE folder 5. Click **Import** button ✅ **Result:** 4 new admin tables created with default admin user --- ### Step 2: Access Admin Login 1. Go to your website login page → `http://localhost/WEBSITE/login.php` 2. Click **"Admin Login"** tab (new feature added) --- ### Step 3: Login with Default Credentials ``` Username: admin Password: admin123 ``` ✅ You'll be redirected to **Admin Dashboard** --- ## 📁 Files Created | File | Purpose | |------|---------| | `admin_database.sql` | SQL script to set up admin tables | | `admin_login.php` | Admin authentication functions | | `admin_dashboard.php` | Admin control panel & dashboard | ## 📝 Updated Files | File | Changes | |------|---------| | `login.php` | Added "Admin Login" tab for separate admin authentication | --- ## 🗄️ Database Tables Created ### 1. **admin_users** Stores admin credentials and information ``` - id (Primary Key) - username (Unique) - email (Unique) - password (hashed with bcrypt) - full_name - role (super_admin, admin, moderator) - status (active, inactive) - last_login - created_at, updated_at ``` ### 2. **admin_logs** Tracks all admin activities ``` - id (Primary Key) - admin_id (Foreign Key to admin_users) - action (LOGIN, LOGOUT, etc.) - description - ip_address - user_agent - created_at ``` ### 3. **admin_settings** Stores configuration settings ``` - id (Primary Key) - setting_key (Unique) - setting_value - description - updated_at ``` ### 4. **admin_permissions** Manages granular permissions per admin ``` - id (Primary Key) - admin_id (Foreign Key) - permission - granted (Boolean) ``` --- ## 🔐 Default Admin Account After importing the database, you get: - **Username:** `admin` - **Password:** `admin123` - **Email:** `admin@website.com` - **Role:** `super_admin` ⚠️ **IMPORTANT:** Change the password immediately after first login! --- ## 🛠️ How to Add New Admin Users ### Via phpMyAdmin: 1. Open **phpMyAdmin** 2. Go to **admin_users** table 3. Click **Insert** 4. Fill in the fields: - username - email - password (use this PHP code to hash): ```php echo password_hash('desired_password', PASSWORD_BCRYPT); ``` - full_name - role (select from dropdown) - status (active/inactive) ### Via PHP Function (if needed): ```php require_once 'admin_login.php'; $username = 'newadmin'; $email = 'newadmin@website.com'; $password = password_hash('secure_password', PASSWORD_BCRYPT); $full_name = 'Admin Name'; $role = 'admin'; $sql = "INSERT INTO admin_users (username, email, password, full_name, role) VALUES ('$username', '$email', '$password', '$full_name', '$role')"; $conn->query($sql); ``` --- ## 🔑 Key Functions in admin_login.php ### `admin_login($username, $password)` Authenticates an admin user ```php if (admin_login('admin', 'password123')) { echo "Login successful!"; } ``` ### `is_admin_logged_in()` Check if admin is currently logged in ```php if (is_admin_logged_in()) { echo "Admin is logged in: " . $_SESSION['admin_username']; } ``` ### `log_admin_action($admin_id, $action, $description)` Log admin activities ```php log_admin_action(1, 'DELETE_USER', 'Deleted user ID 5'); ``` ### `check_admin_permission($permission)` Verify if admin has specific permission ```php if (check_admin_permission('manage_users')) { // Allow user management } ``` ### `admin_logout()` Logout current admin ```php admin_logout(); // Has two parameters: redirect_url (optional), message (optional) ``` --- ## 🎯 Admin Dashboard Features Once logged in, admins can see: - ✅ Admin role & status - ✅ Email address - ✅ Last login time - ✅ Recent activity log - ✅ Quick navigation to Products, Users, Settings --- ## 🔄 Session Variables for Admins After admin login, these session variables are set: ```php $_SESSION['admin_id'] // Admin user ID $_SESSION['admin_username'] // Admin username $_SESSION['admin_role'] // Admin role (super_admin, admin, etc.) $_SESSION['admin_loggedin'] // Boolean true ``` --- ## 🛡️ Security Features Included ✅ **Password Hashing:** bcrypt hashing for secure passwords ✅ **SQL Injection Prevention:** Prepared statements ✅ **Activity Logging:** All admin actions are logged ✅ **IP Tracking:** Admin logins tracked by IP ✅ **User Agent Tracking:** Browser information logged ✅ **Session Management:** Secure session variables --- ## 📝 Using the Admin System in Your Pages Protect admin pages with: ```php ``` --- ## 🐛 Troubleshooting **Q: Import says "No database selected"** A: Make sure you select your database (mywebsite_db) BEFORE importing **Q: "Table already exists" error** A: The tables are already created. Run this instead: ```sql DROP TABLE IF EXISTS admin_permissions; DROP TABLE IF EXISTS admin_logs; DROP TABLE IF EXISTS admin_settings; DROP TABLE IF EXISTS admin_users; ``` Then import the SQL file again. **Q: Admin login not working** A: - Check that admin_users table exists in phpMyAdmin - Verify default admin record exists - Check password: default is `admin123` - Make sure status is set to 'active' **Q: Lost admin password** A: In phpMyAdmin, run this query to reset to default: ```sql UPDATE admin_users SET password = '$2y$10$dXJ3SVNNRFlFQmZDM213Ze52yBCC7tIVW9.P16XbVxZLEU8/m2uZm' WHERE username = 'admin'; -- Password will be reset to: admin123 ``` --- ## ✨ Next Steps 1. ✅ Import admin_database.sql 2. ✅ Test admin login at login.php 3. ✅ Create strong new admin password 4. ✅ Add more admin users as needed 5. ✅ Integrate admin functions into your pages --- **Need help?** Check the code comments in admin_login.php and admin_dashboard.php Happy admin-ing! 🎉