edd12345678 Posted November 9, 2011 Share Posted November 9, 2011 Hi, I was hoping somebody could help me. I am a beginner to PHP/SQL and despite my efforts am struggling a bit. I have created a log in for my website which will divert to a webpage if the user enters their correct details. I would like to add a check which would check in the SQL databse what member ship type the user has. If they have admin membership then direct them to admin.php and if they have regular membership then direct them to regular.php. I have researched how I can do this and understand that I need to use a switch case statement? At the moment the check which is made when the user logs in is: //Create query $qry="SELECT * FROM users WHERE username='$login' AND password='$EncryptedPassword'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['FirstName']; $_SESSION['SESS_LAST_NAME'] = $member['LastName']; session_write_close(); header("location: regular.html"); exit(); } else { //Login failed header("location: login-failed.php"); exit(); } } else { die("Query failed"); } As you can see at the moment the code will just direct to the regular.php page. I have tried to implement the switch case but have got in a bit of a muddle so reverted back to the code above. Please could someone shed any light into how I could add the switch case statement to my code. Thanks in advance for any help. Edd Quote Link to comment Share on other sites More sharing options...
xyph Posted November 9, 2011 Share Posted November 9, 2011 When you use SELECT *, you're selecting EVERY column in the table. That means when you fetch_assoc the results, $member will have a key that corresponds to he membership type, assuming that's stored in the table. You can simply check the value of that variable using a conditional statement, and redirect the user within it. Quote Link to comment Share on other sites More sharing options...
ReeceSayer Posted November 9, 2011 Share Posted November 9, 2011 Never actually posted a solution on here before so please give me a break if i'm not right Firstly, as xyph said, add (if you don't already have one) a column to the table that stores the membership type (memberid). Then try something like this below: //Create query $qry="SELECT * FROM users WHERE username='$login' AND password='$EncryptedPassword'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['FirstName']; $_SESSION['SESS_LAST_NAME'] = $member['LastName']; $_SESSION['SESS_LAST_NAME'] = $member['memberid']; session_write_close(); } else { //Login failed header("location: login-failed.php"); exit(); } } else { die("Query failed"); } $row = mysql_fetch_object($result); //if the member has an id equal to 0 send them to the member page if($row->memberid == 0){ header("Location: ./member/index.php"); exit(); } //if the member has an id equal to 1 send them to the admin page if($row->memberid == 1){ header("Location: ./admin/index.php"); exit(); } I had something similar to that working for me. Hope this helps rather than confusing you. Reece Quote Link to comment Share on other sites More sharing options...
xyph Posted November 9, 2011 Share Posted November 9, 2011 This is a bad idea, because there is redundancy. For one, there's already a column called 'id'. 'memberid' could cause confusion. Why not just call it 'type' ? Also, you can perform the check when you fetch_assoc. //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['id']; $_SESSION['SESS_FIRST_NAME'] = $member['FirstName']; $_SESSION['SESS_LAST_NAME'] = $member['LastName']; $_SESSION['SESS_LAST_NAME'] = $member['memberid']; session_write_close(); //if the member has an id equal to 0 send them to the member page if($member['type'] == 0){ header("Location: ./member/index.php"); //if the member has an id equal to 1 send them to the admin page } elseif($member['type'] == 1){ header("Location: ./admin/index.php"); } // regardless of the outcome, we need to exit, so it can be done once after both checks exit(); } else { //Login failed header("location: login-failed.php"); exit(); } You're on the right track though Quote Link to comment Share on other sites More sharing options...
ReeceSayer Posted November 10, 2011 Share Posted November 10, 2011 I don't mind being wrong if i'm learning from it Edd, i think you might also need code at the top of those specific pages otherwise people could type the url and go straight to it. Something along these lines worked for me: session_start(); if(!isset($_SESSION['if']) || !isset($_SESSION['FirstName']) ||!isset($_SESSION['LastName']) || $_SESSION['type'] != 1) { header("Location: logout.php"); exit(); } Basically if the session type is not set to one then they shouldn't be on the page so it sends it back with the header. Sorry if i'm over complicating what you needed. Quote Link to comment Share on other sites More sharing options...
edd12345678 Posted November 10, 2011 Author Share Posted November 10, 2011 Hi Guys, Thankyou both for your replies. With your help I have now got it sorted. onThanks for the heads up on adding the code to the pages I want to keep secure. Ive already got this part covered Also thanks xyph for the link on PHP passwords and log ins that will be a great help in the future. Cheers Edd Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.