From 7c658e28f9ec26ec6818f9f665a42dcab039da67 Mon Sep 17 00:00:00 2001
From: Walter Hupfeld <Walter.Hupfeld@gmx.de>
Date: Thu, 22 Feb 2024 17:07:36 +0100
Subject: [PATCH] role

---
 admin/login.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/admin/login.php b/admin/login.php
index db66f54..e721be0 100644
--- a/admin/login.php
+++ b/admin/login.php
@@ -24,14 +24,14 @@ $boolLogin=true;
     if (isset($_POST['login']) && isset($_POST['password'])) {
         $strUser         = trim($_POST['login']);
         $strPassword     = trim($_POST['password']);
-        $strSQL = "SELECT username,passwordhash,district FROM user WHERE username='$strUser'";
+        $strSQL = "SELECT username,passwordhash,district,role FROM user WHERE username='$strUser'";
         $result = $db->query($strSQL);
         if ($row=$result->fetch(PDO::FETCH_ASSOC))  {
-            $boolOk = $strDistrict==$row['district'] || $row['username']=="admin";
+            $boolOk = $strDistrict==$row['district'] || $row['role']=="admin";
             if (password_verify($strPassword,$row['passwordhash']) && $boolOk) {
                 $_SESSION['user']=$strUser;
                 $_SESSION['csrf_token'] = uniqid('', true);
-                $_SESSION['superadmin'] = $row['username']=="admin";
+                $_SESSION['superadmin'] = $row['role']=="admin";
                 header ("Location: index.php");
             } else {
                 $boolLogin=false;