azukah Posted July 2, 2011 Share Posted July 2, 2011 this code works but wondering if there's an easier/cleaner way. the code redirect to 2 pages based on the user_role and if credentials r wrong it sends u back to the same login screen with a msg. <?php if (!isset($_SESSION)) { session_start();} require_once('config.php'); $now=time(); $message= $_GET['message']; if (isset($_POST['user_email'])) { $user_email=$_POST['user_email']; $user_pw=$_POST['user_pw']; mysql_select_db($database, $makeconnection); $admin="SELECT * FROM tbl_users WHERE user_email='$user_email' AND user_role='1' AND user_pw='$user_pw'"; $client="SELECT * FROM tbl_users WHERE user_email='$user_email' AND user_role='6' AND user_pw='$user_pw'"; //check that at least one row was returned $adminresult=mysql_query($admin); $admincount = mysql_num_rows($adminresult); $clientresult=mysql_query($client); $clientcount = mysql_num_rows($clientresult); //if found, start session & redirect if($admincount> 0){ $_SESSION['session_user_email'] = $user_email; $_SESSION['session_start'] = time(); header( "Location: index.php" ); } else if($clientcount> 0){ $_SESSION['session_user_email'] = $user_email; $_SESSION['session_start'] = time(); header( "Location: test.php" ); //wrong credentials redirect } else { header("Location: login.php?message=loginfailed"); } } ?> Link to comment https://forums.phpfreaks.com/topic/240965-login-based-on-access-control-cleanup-code/ Share on other sites More sharing options...
WebStyles Posted July 2, 2011 Share Posted July 2, 2011 you can greatly simplify that with something like this: <?php session_start(); require_once('config.php'); if (isset($_POST['user_email']) && isset($_POST['user_pw'])) { $user_email = trim($_POST['user_email']); $user_pw = trim($_POST['user_pw']); mysql_select_db($database, $makeconnection); $q="select * from `tbl_users` where `user_email` = '$user_email' and `user_pw` = '$user_pw' order by `user_role`"; while($r==mysql_fetch_assoc($q)){ $_SESSION['session_user_email'] = $user_email; $_SESSION['session_start'] = time(); if($r['user_role']=='1'){ header( "Location: index.php" ); exit(); }else{ header( "Location: test.php" ); exit(); } } //wrong credentials redirect header("Location: login.php?message=loginfailed"); } ?> but you still have some security issues there, suggest you read a bit about mysql_real_escape_string() . on the first line, what you're saying is basically: "If a $_SESSION variable does not exist, then don't start session" why? In simple terms, in any page you want to use $_SESSION variables (getting or setting) you need to have session_start() at the top before any output. Get the irony? $_SESSION never exists before you start the session. Link to comment https://forums.phpfreaks.com/topic/240965-login-based-on-access-control-cleanup-code/#findComment-1237748 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.