0

Hope all is well!

I am trying to code my login.php so that it redirects to consumerView.php for a member and admin.php for employee/admin. I have written the following php code but I keep getting redirected to consumerView.php even though the role of the login info is for an employee. Could someone provide any insight to get this working please? The SQL query works, I tested it in phpmyadmin. Disclaimer: I am new to php.

// SELECT query
    $query1 = "SELECT u.id, u.email, u.pass password, r.name role
              FROM users u INNER JOIN role r ON r.id = u.ro_fk
              WHERE email = ? AND u.pass = ? ;";

  if(r.name == 'member'){
  header("Location: consumerView.php");}
  else
  {header("Location: admin.php");}
  die();
} else {
  //If the username/password doesn't matche a user in our database
  // Display an error message and the login form
  echo "Failed to login";
}
} else {
  echo "failed to prepare the SQL";
    }
 }

?>
galal27
  • 51
  • 8
  • 4
    `if(r.name == 'member')` Are you sure that even php? – Vini Apr 10 '17 at 11:56
  • @Vini, I'm not sure, I'm trying to place an if-else on the results of the SQL query performed above that. If it isn't, what would be the correct php syntax to do so? – galal27 Apr 10 '17 at 11:58
  • storing password as plain text? – Masivuye Cokile Apr 10 '17 at 11:58
  • I wrote some extended answer, you can look at it bellow. – Vini Apr 10 '17 at 12:04
  • 1
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Apr 10 '17 at 12:51

3 Answers3

1

You have got result in $myrow.

$myrow = $result->fetch_assoc();
//Create a session variable that holds the user's id
$_SESSION['id'] = $myrow['id'];
//Redirect the browser to the profile editing page and kill this page.

if($myrow['name'] == 'member'){  // <- You need to change this line to check user is member or not.
header("Location: consumerView.php");
}
else{
header("Location: admin.php");
}
hardik solanki
  • 2,867
  • 1
  • 15
  • 22
0

Replace

if(r.name == 'member')

with

 if($myrow['name'] == 'member')
modsfabio
  • 985
  • 1
  • 10
  • 22
0

Ok, just to be precise I will elaborate my comment here:

You have 

if (r.name == 'member') {
  header("Location: consumerView.php");
}

First of all, you dont have variable r assigned anywhere. Even if you did, it should be $r in php. Then, you are accesing it's property but in php it is done by -> not by dot. So you should obtain your user from $result, and then do something like (or however it will be stored, var_dump your $result to be sure how is it stored)

if ($user->name === 'member') {
  header("Location: consumerView.php");
}

Or you can access it from $myrow = $result->fetch_assoc() if you want, but then you need to access it like array so probably it would be something like $myrow['name'];

Vini
  • 587
  • 4
  • 17
  • Thank you for elaborating, I tried this but I still get redirected to consumerView.php – galal27 Apr 10 '17 at 12:07
  • do var_dump($myrow) and look at it/post here :) – Vini Apr 10 '17 at 12:08
  • maybe because of this `//check if the user is already logged in and has an active session if(isset($_SESSION['id'])){ //Redirect the browser to the profile editing page and kill this page. header("Location: consumerView.php"); die(); }` – Masivuye Cokile Apr 10 '17 at 12:15
  • @Vini I tried a var_dump($myrow) but nothing gets dumped on the page. – galal27 Apr 10 '17 at 12:18
  • @MasivuyeCokile I thought about that so I changed it to have the if-else statement as well but no luck – galal27 Apr 10 '17 at 12:19
  • I don't know if this make a difference at all but the page glitches and returns to Login.php on first try and then on second try redirects to consumerView.php. The only other part of the code that references consumerView.php is in JavaScript:
    but when I changed that to admin.php, I kept getting redirected to Login.php
     – galal27 Apr 10 '17 at 12:21
  • If nothing is printed, then you have problem somewhere else mate. What about var_dump `$result` or `$num`? Probably you are redirected below that at `isset($_SESSION['id'])` – Vini Apr 10 '17 at 12:23