I’m trying to redirect the logged-in user to a different page according to the enum input was stored at db.
I was trying those lines, but it always redirects me at pro.php
. How can I do this with the right way? What is the issue with the code?
Here is my table definition:
# | Name | Type | Null | Default | |
---|---|---|---|---|---|
1 | id | Primary int(11) | No | None | AUTO_INCREMENT |
2 | firstName | varchar(255) | Yes | NULL | |
3 | lastName | varchar(255) | Yes | NULL | |
4 | Index | varchar(255) | Yes | NULL | |
5 | speciality | enum(‘pro’, ‘stu’) | Yes | NULL | |
6 | password | varchar(100) | Yes | NULL | |
7 | lastLogin | timestamp | Yes | NULL |
Here is the PHP code:
<?php error_reporting(E_ALL); ini_set('display_errors', 1); include_once("config.php"); include_once("session.php"); if (isset($_POST['signin'])) { $email = mysqli_real_escape_string($conn, $_POST['email']); $password = mysqli_real_escape_string($conn, $_POST['password']); $errors = array(); if (empty($email)) { array_push($errors, "email is required"); } if (empty($password)) { array_push($errors, "Password is required"); } if (count($errors) == 0) { $password = md5($password); $query = "SELECT * FROM user WHERE email='$email' AND password='$password'"; $results = mysqli_query($conn, $query); if (mysqli_num_rows($results) == 1) { $_SESSION['email'] = $email; $_SESSION["user_name"]=$firstName; $_SESSION['success'] = "You are now logged in"; $logintime = "UPDATE user SET lastLogin = now() where email = '$email'"; mysqli_query($conn, $logintime); //Check speciality and redirect accordingly $speciality = $row['speciality']; if($speciality == "stu"){ header("location:stu.php"); }else{header("location:pro.php");} }else { array_push($errors, "Wrong username/password combination"); header("location:login.php"); } } } ?>
I know the user is logged in because after the login, i’m going to db and see the lastLogin updated at the current user.
Advertisement
Answer
Ok i change the speciality type enum to int(0 or 1) and some more things to the code and now is redirect me properly and almost everything working properly.
if (isset($_POST['submit'])) { $email = $_POST['email']; $password = $_POST['password']; //also i hash the password with a better algorythm $password = hash('sha256', $password); $sql = "SELECT * FROM user WHERE email='$email' AND password='$password'"; $result = mysqli_query($conn, $sql); if ($result->num_rows > 0) { $row = mysqli_fetch_assoc($result); $_SESSION['user_name'] = $row['user_name']; $logintime = "UPDATE user SET lastLogin = now() where email = '$email'"; mysqli_query($conn, $logintime); $_SESSION['speciality'] = $row['speciality']; if($_SESSION['speciality']==1) {header("Location: pro.php");} else{header("Location: stu.php");} } else { echo "<script>alert('Woops! Email or Password is Wrong.')</script>"; }
}