Jump to content

Recommended Posts

I'm coding a lo gin form for a college assignment and i need two types of users to be able to use one log in form but be directed to different pages based on which ever type of user logs in. I already got the sql working i just don't know how to test what type of user was returned from the sql query and then redirect said user to the respective page. My code is below please help me i need to pass this assignment :

<?php
//1 Retrieve values from the POST
$e = $_POST['email'];
$p = md5($_POST['password']);

//2 Sanitize and Validate the details
$p = sanitize($p);

//initialize feedback variable to empty
$feedback= "";		
if($e == ""){ //Validate fields for null or empty
	$feedback .= "<br/>Enter Email Address";	
}
if(!filter_var($e, FILTER_VALIDATE_EMAIL)){
	$feedback .="<br/>Incorrect Format for Email Address";
}

if($p == ""){
	$feedback .= "<br/>Enter a Password";
}

if($feedback != ""){
	Header("Location:Mainpage.php?feedbackMsg=$feedback");
	Header("Location:Mainpage.php?feedbackMsg=$feedback");
}
else{

	//3 Connect to DB SErver and Select DB
	include ("dbconnect.php");

	//4 Create Query String
	$sqlSelectUser = "SELECT *
						FROM eventhost
						WHERE email = '$e'
						AND  password = '$p'
						UNION
						SELECT *
						FROM wharehouse
						WHERE email = '$e'
						AND  password = '$p'";
	//5 Execute Query String
	$queryResult = mysql_query($sqlSelectUser);

	
	//6 Check Query Result (mysql_num_rows should be = to 1)
	if(mysql_num_rows($queryResult)==1)
	{
		//7 Retrieve Results from ResultSet
		$row = mysql_fetch_array($queryResult);
		
		//8 Start/Initialize Session
		session_start();
		
		//9 Create Session Cookie
		$_SESSION['first'] = $row['firstname'];
		$_SESSION['host_Id'] = $row['hostId'] ;
		
		//10 Redirect to Main Menu
		Header("Location:studentMenu.php");
	}else{
		//USER NOT FOUND. REDIRECT TO LOGIN
		$feedback = "Invalid Login Credentials<br/>$sqlSelectUser";
		Header("Location:Mainpage.php?feedbackMsg=$feedback");
	}
}
//Function to sanitize the data
function sanitize($data){
		$data = trim($data);
		$data = mysql_real_escape_string($data);
		$data = filter_var($data, FILTER_SANITIZE_STRING);
		return $data;
	}	
?>
Link to comment
https://forums.phpfreaks.com/topic/294849-php-role-based-access/
Share on other sites

		//7 Retrieve Results from ResultSet
		$row = mysql_fetch_array($queryResult);
That is where you get a row of data from the query. That row should have whatever value you need. Do a

print_r($row);
if you're not sure what's in it (hint: it mirrors the table columns).

 

To redirect, you already have the header() so you just modify it accordingly. One thing, though: header() does not stop your code from executing, so since you actually want it to then you should

exit;
immediately after.

I see what your saying and i got it to print but i still don't know how to construct my if statements for the two header redirects i wants something like the if statements below, oh and i also included one of the result returned  from the sql query so if that can help u explain it to me:

 

SQL Query:

Array ( [0] => 1 [hostId] => 1 [1] => Ashely [firstname] => Ashely [2] => Narine [lastname] => Narine [3] => masterkakashi55@yahoo.com => masterkakashi55@yahoo.com [4] => 9015e616031d32a396eca3d7529398f2 [password] => 9015e616031d32a396eca3d7529398f2 )

 

Example of how i want my if statements but idk how to do it and what i typed below isn't working:

if($row == $row['hostId']){

Ok im not gonna lie at this point i am literally lost and don't know what to do if it means reading up a particular section please direct me to it. Or at least try and explain to me using code or something because i need to learn what is right so that in the future i can do better.

Use phpMyAdmin or MySQL Workbench or something to connect to your database manually. So that you can do things yourself, not through code. Find where you can run a SQL query directly and run those two queries I wrote. Then post the output of each.

 

Or, alternatively, just tell me what the names of the columns are in both tables and what type of data (eg, VARCHAR or DATETIME) each one is. The SHOW CREATE TABLE queries I posted are a quick way of doing exactly that, but it's only quick if you can actually run the queries somewhere.

Ok i ran the queries this is what i got:

 

wharehouse:

CREATE TABLE `wharehouse` (
 `whId` int(5) NOT NULL AUTO_INCREMENT,
 `firstname` varchar(50) NOT NULL,
 `lastname` varchar(50) NOT NULL,
 `email` varchar(100) NOT NULL,
 `password` varchar(255) NOT NULL,
 PRIMARY KEY (`whId`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1

 

eventhost:

CREATE TABLE `eventhost` ( `hostId` int(5) NOT NULL AUTO_INCREMENT,
 `firstname` varchar(50) NOT NULL,
 `lastname` varchar(50) NOT NULL,
 `email` varchar(100) NOT NULL,
 `password` varchar(255) NOT NULL,
 PRIMARY KEY (`hostId`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1

Thought so...

 

When you do a UNION, you only get the column names from the first row. That means the ID from the wharehouse table looks like "hostId" and not "whId". As such you can't tell which table a row came from.

 

A question before we continue: what should happen if an email address is present in both tables?

The harder way is restructuring your tables. Without knowing, well, anything about your application, my first thought would be

 

Three tables. One of the user information: name, email, and password. And an ID, naturally. Then another table that has the user ID and potentially other things that may be useful and particularly pertinent. "Pertinent to what?" This table tells you which users are these "warehouse" people or whatever that's supposed to be. The third table is the same thing but for the "event host" people or whatever.

 

Or maybe,

 

The user table from before with an enum field of "warehouse" and "eventhost", like

`type` ENUM("warehouse", "eventhost") NOT NULL,
That way every user is definitely one thing or the other. Or you can use a SET to allow more than one.

 

Or maybe,

 

If there's a chance of having more than just "eventhost" and "warehouse" then maybe you need something where you won't have to change the schema. That tends to mean two or three tables. One table for users, no surprise. The second table relates a user (by ID) to a thing. That thing could be a string, like "eventhost", or it could be an ID to a third table which lists the different types (and would only have 1,warehouse and 2,eventhost to start).

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.