BetterPHP

Hey guys, with my project, I have seen that my "admin" page is accessible via a regular person's login credentials. Is possible and if so, how could I set the admin login page to only accept the login credentials of username "admin" and password "admin".

<?php
session_start();
$errorMessage = '';

if (isset($_POST['username']) && ($_POST['password'])) {
if ($_POST['username'] === 'username' && $_POST['password'] === 'username'){

$_SESSION['log_in_success'] = true;
header('Location: blog_post.php');
exit;
} else {
$errorMessage = 'Wrong Username and/or Password - Go <a href="admin.php">Back </a>';
}
}
?>

you can add another field in your users table and name it admin. set that to a boolean of 1 if it the user is admin and 0 if it is not, and then create a function that checks if the currently logged in user is set to admin = 1 in the database.

easy as pie.