Nested If statement giving issues

[dapcigar]

Am trying to redirect a user based on their login details. it works fine till it get to a particular department.. "Marine Logistics". when i try to log in with ID of someone in that department, it redirects to invalid login page. the code below. what am i missing?

 

 

$sql1 = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
        $data = mysql_fetch_array($sql1);
        
        $department = $data['department'];
        
         if ($department== "Admin")
  {
  header("Location: admin/dash_admin.php");
  exit;
  }
 
   else if ($department == "ICT" )
  {
      if ($data['position'] == "HOD")
      {
        header("Location: ICT/HOD/hod_dash.php");
          exit;
      }
      
      else{
          
            header("Location: ICT/staff/staff_dash.php");
      exit;
    }
    exit;
  }
  // check if user is in account department
  else if ($department == "Account" )
  {
      if ($data['position'] == "HOD")
      {
        header("Location: account/HOD/account_dash.php");
          exit;
      }
      else
      {
          
            header("Location: account/staff/staff_dash.php");
      exit;
    }
    exit;
  }
 
  //check if user is in Supply chain/ Asset Integrity department
    else if ($department == "Supply Chain/ Asset Integrity" )
  {
      if ($data['position'] == "HOD")
      {
        header("Location: supply_chain/HOD/hod_dash.php");
          exit;
      }
      else{
          
            header("Location: supply_chain/staff/staff_dash.php");
      exit;
    }
    exit;
  }

// check if user is in manpower department

    else if ($department == "Manpower" )
  {
      if ($data['position'] == "HOD")
      {
        header("Location: manpower/HOD/hod_dash.php");
          exit;
      }
      else{
          
            header("Location: manpower/staff/staff_dash.php");
      exit;
    }
    exit;
  }
 
  // check if user is in Business Development Department
 
      else if ($department == "Business Development" )
  {
      if ($data['position'] == "HOD")
      {
        header("Location: business_development/HOD/hod_dash.php");
          exit;
      }
      else{
          
            header("Location: business_development/staff/staff_dash.php");
      exit;
    }
    exit;
  }
 
  // check if user is in HR
 
   else if ($department == "HR" )
  {
      if ($data['position'] == "HOD")
      {
        header("Location: HR/HOD/hod_dash.php");
          exit;
      }
      else{
          
            header("Location: HR/staff/staff_dash.php");
      exit;
    }
    exit;
  }
 
  //check if user is in Marine Logistics Department
 
   else if ($department== "Marine Logistics" )
  {
      if ($data['position'] == "HOD")
      {
        header("Location: logistics/HOD/hod_dash.php");
          exit;
      }
      else{
          
            header("Location: logistics/staff/staff_dash.php");
      exit;
    }
    exit;
  }
 
  //check if user is from Maintenance Department
 
  else if ($department == "Maintenance" )
  {
      if ($data['position'] == "HOD")
      {
        header("Location: Maintenance/HOD/hod_dash.php");
          exit;
      }
      else{
          
            header("Location: Maintenance/staff/staff_dash.php");
      exit;
    }
    exit;
  }
 
   //check if user is from Admin/services Department
 
  else if ($department == "Admin / Services" )
  {
      if ($data['position'] == "HOD")
      {
        header("Location: admin_services/HOD/hod_dash.php");
          exit;
      }
      else{
          
            header("Location: admin_services/staff/staff_dash.php");
      exit;
    }
    exit;
  }


    }
    else{
        header("Location: indexWrongPassOrUser.php");
        exit;
    }
 

[dapcigar]

Nevermind... Found the problem.. it was in the DB.. some of the passwords have widespaces..

[Jacques1]

You store passwords as plaintext? Seriously?

[mac_gyver]

in case the op revisits this thread, let me introduce you to a programming pattern called - data driven design, where instead of writing, testing, and editing (every time you need to change anything) repeated regions of program logic that only differ in the values they operate on or produce, you define a data structure (array or database table) that holds the defining data that tells your simplified and general purpose code what to do.

 

pseudo code example -

// define a data map of the departments/positions and the redirect locations
$dept_map['Admin']['HOD'] = 'admin/dash_admin.php';
$dept_map['Admin']['staff'] = 'admin/dash_admin.php';
$dept_map['ICT']['HOD'] = 'ICT/HOD/hod_dash.php';
$dept_map['ICT']['staff'] = 'ICT/staff/staff_dash.php';
//... repeat for the remaining departments and positions...

$sql1 = // form and run your query using your chosen database functions and password hashing algorithm

if(//user was found){ // log them in and redirect to the correct location

    $data = // fetch the row of data using your chosen database functions
    
    // you would want to set a session variable to remember who just logged in
    $_SESSION['user_id'] = $data['id'];
    
    // determine the redirect location -
    $department = $data['department'];
    $position = $data['position'] == "HOD" ? "HOD" : 'staff';

    if(isset($dept_map[$departement][$position])){
        $location = $dept_map[$departement][$position];
    } else {
        $location = '.....'; // some url for a user who just logged in but doesn't have a valid department/position combination
    }
} else {
    $location = 'indexWrongPassOrUser.php';
}
header("Location: $location");
exit;

to add/change/remove any of the values, you only alter the defining data, you don't touch the program logic.

 

if the defining data is instead stored in a database table, rather than the array shown in this example, you would JOIN that table to your users table in the sql query statement, which will actually simplify the php code even more.