I have the below script.
The logic is that it should check if any results are returned for each of the sql queries, if there is no results in any of them it should fire the final else clause, however currently it doesnt.
I guess something is just wrong with the logic but cant figurer out what.
<?php
// username and password sent from form
$MyUsername = $_POST['Username'];
$MyUsername = mysqli_real_escape_string($conn, $MyUsername);
$MyPassword = $_POST['Password'];
//check username in admin
$adminsql="SELECT * FROM Admin WHERE Email='$MyUsername'";
$adminresult=mysqli_query($conn, $adminsql);
echo mysqli_error($conn);
//check username in Companys
$companysql="SELECT * FROM Companys WHERE Email='$MyUsername'";
$companyresult=mysqli_query($conn, $companysql);
echo mysqli_error($conn);
//check username in drivers
$driversql="SELECT * FROM Drivers WHERE Email='$MyUsername'";
$driverresult=mysqli_query($conn, $driversql);
echo mysqli_error($conn);
//check username in recruitment
$recruitmentsql="SELECT * FROM Recruitment WHERE Email='$MyUsername'";
$recruitmentresult=mysqli_query($conn, $recruitmentsql);
echo mysqli_error($conn);
if ($adminresult){
//User found check password against hash
while($row = mysqli_fetch_array($adminresult)){
if(password_verify($MyPassword, $row['PassHash'])){
$_SESSION['user'] = $MyUsername;
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=admin.php">';
}else{
echo "Invalid login, please check you username and password and try again";
echo '<META HTTP-EQUIV="Refresh" Content="2; URL=index.php">';
}
}
}
if ($companyresult) {
//User found check password against hash
while($row = mysqli_fetch_array($companyresult)){
if(password_verify($MyPassword, $row['PassHash'])){
$_SESSION['user'] = $MyUsername;
$_SESSION['userid'] = $row['ID'];
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=company.php">';
}else{
echo "Invalid login, please check you username and password and try again";
echo '<META HTTP-EQUIV="Refresh" Content="2; URL=index.php">';
}
}
}
if ($driverresult) {
//User found check password against hash
while($row = mysqli_fetch_array($driverresult)){
if(password_verify($MyPassword, $row['PassHash'])){
$_SESSION['user'] = $MyUsername;
$_SESSION['userid'] = $row['ID'];
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=driver.php">';
}else{
echo "Invalid login, please check you username and password and try again";
echo '<META HTTP-EQUIV="Refresh" Content="2; URL=index.php">';
}
}
}
if ($recruitmentresult){
//User found check password against hash
while($row = mysqli_fetch_array($recruitmentresult)){
if(password_verify($MyPassword, $row['PassHash'])){
$_SESSION['user'] = $MyUsername;
$_SESSION['userid'] = $row['ID'];
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=recruitment.php">';
}else{
echo "Invalid login, please check you username and password and try again";
echo '<META HTTP-EQUIV="Refresh" Content="2; URL=index.php">';
}
}
}else{
echo "Invalid login, please check you username and password and try again";
echo '<META HTTP-EQUIV="Refresh" Content="2; URL=index.php">';
}
?>
The result of mysqli_query does not return false if the result is empty, only if there is an error on the connection or in your query. So you need to check with something like mysql_num_rows($result) or perhaps mysql_num_rows($result)>0 if previous doesn't work
if (mysql_num_rows($adminresult)){ // you may have to add > 0
// do something
} elseif (mysql_num_rows($companyresult)) {
// do something
} elseif (mysql_num_rows($driverresult)) {
// do something
} elseif (mysql_num_rows($recruitmentresult)){
// do something
} else {
// do something else
}
The final else will only fire if $recruitmentresult is not set, rather than if nothing is set. If you get a $driverresult with an invalid password, it may also fire the $recruitmentresult else. If you want to ensure the final else only triggers if nothing is set, change each if to an elseif (but leave the first one alone). Here's an example - I left out the other code to keep this short:
if ($adminresult){
} elseif ($companyresult) {
} elseif ($driverresult) {
} elseif ($recruitmentresult){
} else {
}
That may not be the only thing that's going on, but this might help to get to the bottom of the problem.
Also, while you're testing, you could try changing the meta refresh code to just echo something. Comment out the meta refresh code with // so you can put it back later. This isn't essential, but I imagine it is quite difficult to test this and determine which refresh is actually triggering, as the refresh may take you away from the current page before you have a chance to see any messages that come up.