Log in which will divert to one of two different pages depending on member type

[edd12345678]

Hi,

 

I was hoping somebody could help me. I am a beginner to PHP/SQL and despite my efforts am struggling a bit.

 

I have created a log in for my website which will divert to a webpage if the user enters their correct details.

 

I would like to add a check which would check in the SQL databse what member ship type the user has. If they have admin membership then direct them to admin.php and if they have regular membership then direct them to regular.php.

 

I have researched how I can do this and understand that I need to use a switch case statement?

 

At the moment the check which is made when the user logs in is:

 

//Create query
$qry="SELECT * FROM users WHERE username='$login' AND password='$EncryptedPassword'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID'] = $member['id'];
		$_SESSION['SESS_FIRST_NAME'] = $member['FirstName'];
		$_SESSION['SESS_LAST_NAME'] = $member['LastName'];
		session_write_close();
		header("location: regular.html");
		exit();
	}


	else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}
}
else 
{
	die("Query failed");
}

 

As you can see at the moment the code will just direct to the regular.php page.

 

I have tried to implement the switch case but have got in a bit of a muddle so reverted back to the code above. Please could someone shed any light into how I could add the switch case statement to my code.

 

Thanks in advance for any help.

 

Edd

[xyph]

When you use SELECT *, you're selecting EVERY column in the table. That means when you fetch_assoc the results, $member will have a key that corresponds to he membership type, assuming that's stored in the table.

 

You can simply check the value of that variable using a conditional statement, and redirect the user within it.

[ReeceSayer]

Never actually posted a solution on here before so please give me a break if i'm not right 

 

Firstly, as xyph said, add (if you don't already have one) a column to the table that stores the membership type (memberid).

 

Then try something like this below:

 

//Create query
$qry="SELECT * FROM users WHERE username='$login' AND password='$EncryptedPassword'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID'] = $member['id'];
		$_SESSION['SESS_FIRST_NAME'] = $member['FirstName'];
		$_SESSION['SESS_LAST_NAME'] = $member['LastName'];
		$_SESSION['SESS_LAST_NAME'] = $member['memberid'];
		session_write_close();
	} else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}
}
else 
{
	die("Query failed");
}

$row = mysql_fetch_object($result);
//if the member has an id equal to 0 send them to the member page
			if($row->memberid == 0){
	header("Location: ./member/index.php");
	exit();
	}
//if the member has an id equal to 1 send them to the admin page
		if($row->memberid == 1){
	header("Location: ./admin/index.php");
	exit();
	}

 

I had something similar to that working for me.

 

Hope this helps rather than confusing you.

 

Reece

[xyph]

This is a bad idea, because there is redundancy. For one, there's already a column called 'id'. 'memberid' could cause confusion. Why not just call it 'type' ?

 

Also, you can perform the check when you fetch_assoc.

 

	//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID'] = $member['id'];
		$_SESSION['SESS_FIRST_NAME'] = $member['FirstName'];
		$_SESSION['SESS_LAST_NAME'] = $member['LastName'];
		$_SESSION['SESS_LAST_NAME'] = $member['memberid'];
		session_write_close();
		//if the member has an id equal to 0 send them to the member page
		if($member['type'] == 0){
			header("Location: ./member/index.php");
		//if the member has an id equal to 1 send them to the admin page
		} elseif($member['type'] == 1){
			header("Location: ./admin/index.php");
		}
		// regardless of the outcome, we need to exit, so it can be done once after both checks
		exit();
	} else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}

You're on the right track though

 

 

[ReeceSayer]

I don't mind being wrong if i'm learning from it 

 

Edd, i think you might also need code at the top of those specific pages otherwise people could type the url and go straight to it.

 

Something along these lines worked for me:

 

	session_start();
	if(!isset($_SESSION['if']) || !isset($_SESSION['FirstName']) ||!isset($_SESSION['LastName'])  || $_SESSION['type'] != 1) {
	header("Location: logout.php");
                exit();
	}

 

Basically if the session type is not set to one then they shouldn't be on the page so it sends it back with the header.

 

Sorry if i'm over complicating what you needed.

 

[edd12345678]

Hi Guys,

 

Thankyou both for your replies.

 

With your help I have now got it sorted.

 

onThanks for the heads up on adding the code to the pages I want to keep secure. Ive already got this part covered 

 

Also thanks xyph for the link on PHP passwords and log ins that will be a great help in the future.

 

Cheers

 

Edd