I have a LOGIN PAGE which has one table in my database which is members include ID, PASSWORD, USER_TYPE. I want my login page that when users enter their ID and password go to the website based on who they are. (If they are students go to student's page) (If they are organizer go to organizer's page).
I can't get the result from coding below:
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$user="admin";
$pass="neehahs";
$host="localhost";
$db="login";
$con=mysqli_connect($host,$user,$pass,$db);
if(mysqli_connect_errno($con)){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username=($_POST['username']);
$password=md5($_POST['password']);
$username = mysqli_real_escape_string($con,$username);
$password = mysqli_real_escape_string($con,$password);
$sql="SELECT * FROM members WHERE student_id='%$username%' AND student_pass='%$password%'";
$sqldata=mysqli_query($con,$sql)
or die ("error");
while ($row=mysqli_fetch_array($sqldata)){
if($row["user_type"]=='student'){
header('location: http://localhost/greenstudio/index.html');
}
elseif
($row["user_type"]=='organizer'){
header('location: http://localhost/greenstudio/index2.html');
}else {
echo"Sorry, your credentials are not valid, Please try again.";
}
}
exit();
}
?>
You should have a table similar to:
Table: users
--------+----------+----------+----------
user_id | username | password | user_type
--------+----------+----------+----------
1 | admin | neehahs | organizer
2 | student1 | mypass | student
And then you can write a query like:
SELECT
user_type
FROM
users
WHERE
BINARY username='$username' AND
BINARY password='$password'
Then your if:else if:else statement would just redirect on whether the return was student or organizer; and no returned rows would equal invalid log in.
Note: use BINARY comparisons with log ins to ensure that usernames are entered case sensitive and you should use some kind of encryption on your password field md5 at the very least but stronger encryption is highly recommended
Edit: here is how I would write this logic:
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST"){
$user="admin";
$pass="neehahs";
$host="localhost";
$db="login";
$con=mysqli_connect($host,$user,$pass,$db);
if(mysqli_connect_errno($con)){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username=($_POST['username']);
$password=md5($_POST['password']);
$username = mysqli_real_escape_string($con,$username);
$password = mysqli_real_escape_string($con,$password);
$sql="SELECT user_type FROM members WHERE BINARY student_id='$username' AND BINARY student_pass='$password'";
$sqldata=mysqli_query($con,$sql) or die ("error");
$row = mysqli_fetch_array($sqldata);
if(is_null($row) || mysqli_num_rows($sqldata)!=1){
echo "Sorry, your credentials are not valid or matches more than 1 user, Please try again.";
} else if(isset($row["user_type"])){
if($row["user_type"]=='student'){
header('location: http://localhost/greenstudio/index.html');
} else if($row["user_type"]=='organizer'){
header('location: http://localhost/greenstudio/index2.html');
} else {
echo "User type was returned as not student nor organizer.";
}
} else {
echo "Sorry, user_type was not returned in the dataset retrieved from the database.";
}
}
?>