login redirect blank page?

[lovephp]

im trying to redirect user according to their role, when i try logging in as admin it redirects ok but below amdin roles i get a blank login.php page ?

 

if($result) {
        if(mysql_num_rows($result) == 1) {
            //Login Successful
            session_regenerate_id();
            $user = mysql_fetch_assoc($result);
            $_SESSION['HOTEL_USER_ID'] = $user['id'];
            $_SESSION['HOTEL_UNAME'] = $user['uname'];
            $_SESSION['HOTEL_UROLE'] = $user['urole'];
            $role = $_SESSION['HOTEL_UROLE'];
            session_write_close();
            if($role == 'Admin')
            header("location: reservation.php");
            exit();
            }elseif($role == 'Manager'){
            header("location: reservation.php");
            exit();
            }elseif($role == 'Front_Desk'){
            header("location: reservation.php");
            exit();
            }elseif($role == 'Writer'){
            header("location: articles.php");
            exit();
        }else {

[mac_gyver]

what debugging have you done to narrow down the problem? have you dumped (see: var_dump()) the role value so that you know what if anything it is?

 

are you sure that login success code is even running for the users with those roles?

 

if all your code is doing is mapping a set of values to other values, you shouldn't write out conditional logic (if/elseif/switch/case) for each possible choice. this will require that you edit the program logic just to add, remove, or change any of the possible choices.  it also makes for cluttered code, which i just noticed is the cause of your problem. you have a missing {, which has made all your conditional logic off a bit. properly indenting your code, based on where matching { and } are at would help you make sure all the { and } are where you intend. 

 

you should instead write general purpose, data driven code, that defines data (arrays) that tells simple code what to do. see the following example -    

// define categories of roles (in a configuration file)
$management = array('Admin', 'Manager', 'Front_Desk');
$staff = array('Writer');

// at the point of decided what to do for the category a role belongs to
if(in_array($role,$management)){
    header("location: reservation.php");
    exit;
} elseif (in_array($role,$staff)){
    header("location: articles.php");
    exit;
} else {
    // none of the defined roles, handle that condition here...
}

next, logging someone in, involves identifying who they are, not what permissions/roles they have, which is a different concern/different process. all your login code should do, when the username/password has been confirmed, is to store the user_id in a session variable. after your post method form processing code successfully runs (with no errors), it should do a header() redirect to the exact same url that the form submitted to. this will cause a get request for the page, which stops the browser from trying to resubmit the form data.

 

when each page gets requested, it should take the user_id from the session variable and query for the current user permissions/role. this will insure that any change made to a user's permissions/roles take affect on the very next page request. any page should take the user permissions/role and use them to determine what will be processed on the page and what will be displayed.

[lovephp]

what debugging have you done to narrow down the problem? have you dumped (see: var_dump()) the role value so that you know what if anything it is?

 

are you sure that login success code is even running for the users with those roles?

 

if all your code is doing is mapping a set of values to other values, you shouldn't write out conditional logic (if/elseif/switch/case) for each possible choice. this will require that you edit the program logic just to add, remove, or change any of the possible choices.  it also makes for cluttered code, which i just noticed is the cause of your problem. you have a missing {, which has made all your conditional logic off a bit. properly indenting your code, based on where matching { and } are at would help you make sure all the { and } are where you intend. 

 

you should instead write general purpose, data driven code, that defines data (arrays) that tells simple code what to do. see the following example -    

// define categories of roles (in a configuration file)
$management = array('Admin', 'Manager', 'Front_Desk');
$staff = array('Writer');

// at the point of decided what to do for the category a role belongs to
if(in_array($role,$management)){
    header("location: reservation.php");
    exit;
} elseif (in_array($role,$staff)){
    header("location: articles.php");
    exit;
} else {
    // none of the defined roles, handle that condition here...
}

next, logging someone in, involves identifying who they are, not what permissions/roles they have, which is a different concern/different process. all your login code should do, when the username/password has been confirmed, is to store the user_id in a session variable. after your post method form processing code successfully runs (with no errors), it should do a header() redirect to the exact same url that the form submitted to. this will cause a get request for the page, which stops the browser from trying to resubmit the form data.

 

when each page gets requested, it should take the user_id from the session variable and query for the current user permissions/role. this will insure that any change made to a user's permissions/roles take affect on the very next page request. any page should take the user permissions/role and use them to determine what will be processed on the page and what will be displayed.

your condition works like a charm bro. yes i messed it up a little with my if else conditions but got it sorted now thanks a ton.