0

I am trying to build a multi role login form, but my current code doesn't seem run or give any visual errors. it just reloads the index page and returns it as a blank page. I am not sure where i could be going wrong with my code.

I've tried looking for a few tutorials on youTube, but none of them seem to be using pdo.

   if (isset($_POST['signin'])) {

    $uname=$_POST['username'];
    $password=md5($_POST['password']);

    $sql ="SELECT * FROM users WHERE username=:uname and Password=:password";
    $run_guest= $dbh -> prepare($sql);
    $query-> bindParam(':uname', $uname, PDO::PARAM_STR);
    $query-> bindParam(':password', $password, PDO::PARAM_STR);
    $query-> execute();
    $results=$query->fetchAll(PDO::FETCH_OBJ);
    if($query->rowCount() > 0)
    {
        foreach ($results as $result) {
            $status=$result->Status;
            $role = $result->Role;
            $_SESSION['uid']=$result->id;
        }
        if($status==0)
        {
            $msg="Your account is Inactive. Please contact admin";
        }
        if($role='Guest'){
            $_SESSION['gtlogin']=$_POST['username'];
            echo "<script type='text/javascript'> document.location = 'changepassword.php'; </script>";
        }
        if($role='Staff'){
            $_SESSION['stlogin']=$_POST['username'];
            echo "<script type='text/javascript'> document.location = 'staff/dashboard.php'; </script>";
        }
        if($role='Admin'){
            $_SESSION['alogin']=$_POST['username'];
            echo "<script type='text/javascript'> document.location = 'admin/changepassword.php'; </script>";
        }
    }

    else{

        echo "<script>alert('Invalid Details');</script>";

    }
Caconde
  • 2,969
  • 7
  • 24
  • 27
TheKid
  • 11
  • 5
  • you should be able to debug this to narrow down the error, add error checking to the PDO, and start echoing out variables. –  Aug 22 '19 at 22:41
  • @tim everything seems to work up until I add the if($role) statements. – TheKid Aug 22 '19 at 22:48
  • ahh `if($role='Guest'){` its `==` not `=` http://stackoverflow.com/questions/2063480/the-3-different-equals –  Aug 22 '19 at 22:49
  • 1
    @miken32 Thank you so much for the suggested link! I managed to display my errors, and found the problem. It's syntax error, there's an udefined variable just after my sql query. – TheKid Aug 22 '19 at 23:06
  • @tim, thanks for the help. it's working now. – TheKid Aug 22 '19 at 23:06
  • You should also use proper password hashing. https://stackoverflow.com/questions/30279321/how-to-use-password-hash – miken32 Aug 22 '19 at 23:14
  • And you shouldn't be relying on JavaScript to redirect. Use PHP's `header()` function for that. – miken32 Aug 22 '19 at 23:15
  • @miken32 noted! Thanks again. – TheKid Aug 22 '19 at 23:19
  • Please consider adding your solution as an answer and accepting it so that the StackOverflow community as a whole can know that this question is resolved. It's perfectly acceptable to answer your own question :) – B. Fleming Aug 22 '19 at 23:24

0 Answers0