Make a page only viewable when logged in – Blancer.com Tutorials and projects

i need help in making my dashboard only accessible when the admin is logged in.

Hello!.. I am creating a school website to improve my html skills. I’ve created home page, about us, and everything that will be in a normal school website. i have created the admin login page too and stored it in (/admin) folder. when the admin enters the correct username and password, he will be redirected to (/admin/dashboard). but the problem is i can still access the dashboard without logging in by visiting (/admin/dashboard). Now how can i make the dashboard only accessible when logged in? (btw im using XAMPP Apache Server, and phpMyAdmin)

My Login Page HTML Code (in case if needed):

<!DOCTYPE html>
<html>

<head>
      <title>Admin - Sri Swarna Vidhyashram</title>
      <link rel="stylesheet" href="css/style.css">
      <link rel="icon" type="image/x-icon" href="../assets/images/logo.png">
</head>

<body>
      <div class="main">
            <img src="../assets/images/ssv.png" height="110"><br>
            <form action="login.php" method="POST">
                  <label for="username">Username:</label>
                  <input type="text" 
                         id="username" 
                         name="username" 
                         placeholder="Enter your Username" required>

                  <label for="password">Password:</label>
                  <input type="password"
                         id="password" 
                         name="password"
                         placeholder="Enter your Password" required>

                  <div class="wrap">
                        <button type="submit">Submit</button>
                  </div>
            </form>
      </div>
</body>

</html>

And the PHP Script:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Database connection
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "login";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

echo "Connected successfully"; // Debugging message

// Retrieve username and password from the form
$username = $_POST['username'];
$password = $_POST['password'];

echo "Username: " . $username . "<br>"; // Debugging message
echo "Password: " . $password . "<br>"; // Debugging message

// Query to check if the provided credentials are correct
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    // If the user exists, display welcome message
    header("Location:dashboard.html");
} else {
    // If the user doesn't exist or the password is incorrect, show error message
    header("Location:error.html");
}

$conn->close();
?>

Thx in advance! 🙂