PHP Multiple User Login Form - Navigation to Different Pages Based on Login Credentials

Posted by Zulu Irminger on Stack Overflow See other posts from Stack Overflow or by Zulu Irminger
Published on 2012-04-09T17:05:02Z Indexed on 2012/04/09 17:29 UTC
Read the original article Hit count: 235

Filed under:
|
|

I am trying to create a login page that will send the user to a different index.php page based on their login credentials. For example, should a user with the "IT Technician" role log in, they will be sent to "index.php", and if a user with the "Student" role log in, they will be sent to the "student/index.php" page.

I can't see what's wrong with my code, but it's not working... I'm getting the "wrong login credentials" message every time I press the login button.

My code for the user login page is here:

<?php
session_start();
if (isset($_SESSION["manager"])) {
header("location: http://www.zuluirminger.com/SchoolAdmin/index.php");
exit();
}
?>

<?php
if (isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["role"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
$role = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["role"]);
include "adminscripts/connect_to_mysql.php";
$sql = mysql_query("SELECT id FROM Users WHERE username='$manager' AND password='$password' AND role='$role' LIMIT 1");
$existCount = mysql_num_rows($sql);
if (($existCount == 1) && ($role == 'IT Technician')) {
    while ($row = mysql_fetch_array($sql)) {
        $id = $row["id"];
    }
    $_SESSION["id"] = $id;
    $_SESSION["manager"] = $manager;
    $_SESSION["password"] = $password;
    $_SESSION["role"] = $role;
    header("location: http://www.zuluirminger.com/SchoolAdmin/index.php");
} else {
    echo 'Your login details were incorrect. Please try again <a href="http://www.zuluirminger.com/SchoolAdmin/index.php">here</a>';
    exit();
}
}
?>

<?php
if (isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["role"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
$role = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["role"]);
include "adminscripts/connect_to_mysql.php";
$sql = mysql_query("SELECT id FROM Users WHERE username='$manager' AND password='$password' AND role='$role' LIMIT 1");
$existCount = mysql_num_rows($sql);
if (($existCount == 1) && ($role == 'Student')) {
    while ($row = mysql_fetch_array($sql)) {
        $id = $row["id"];
    }
    $_SESSION["id"] = $id;
    $_SESSION["manager"] = $manager;
    $_SESSION["password"] = $password;
    $_SESSION["role"] = $role;
    header("location: http://www.zuluirminger.com/SchoolAdmin/student/index.php");
} else {
    echo 'Your login details were incorrect. Please try again <a href="http://www.zuluirminger.com/SchoolAdmin/index.php">here</a>';
    exit();
}
}
?>

And the form that the data is pulled from is shown here:

<form id="LoginForm" name="LoginForm" method="post" action="http://www.zuluirminger.com/SchoolAdmin/user_login.php">
  User Name:<br />
  <input type="text" name="username" id="username" size="50" /><br />
  <br />

  Password:<br />
  <input type="password" name="password" id="password" size="50" /><br />
  <br />

  Log in as:
  <select name="role" id="role">
    <option value="">...</option>
<option value="Head">Head</option> 
<option value="Deputy Head">Deputy Head</option> 
<option value="IT Technician">IT Technician</option> 
<option value="Pastoral Care">Pastoral Care</option> 
<option value="Bursar">Bursar</option> 
<option value="Secretary">Secretary</option> 
<option value="Housemaster">Housemaster</option> 
<option value="Teacher">Teacher</option> 
<option value="Tutor">Tutor</option> 
<option value="Sanatorium Staff">Sanatorium Staff</option> 
<option value="Kitchen Staff">Kitchen Staff</option> 
<option value="Parent">Parent</option> 
<option value="Student">Student</option>
</select><br />
  <br />

  <input type="submit" name = "button" id="button" value="Log In" onclick="javascript:return validateLoginForm();" />
  </h3>
</form>

Once logged in (and should the correct page be loaded, the validation code I have at the top of the script looks like this:

<?php
session_start();
if (!isset($_SESSION["manager"])) {
header("location: http://www.zuluirminger.com/SchoolAdmin/user_login.php");
exit();
}

$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]);
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]);
$role = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["role"]);

include "adminscripts/connect_to_mysql.php";
$sql = mysql_query("SELECT id FROM Users WHERE username='$manager' AND password='$password' AND role='$role' LIMIT 1");
$existCount = mysql_num_rows($sql);
if ($existCount == 0) {
header("location: http://www.zuluirminger.com/SchoolAdmin/index.php");
exit();
}
?>

Just so you're aware, the database table has the following fields: id, username, password and role.

Any help would be greatly appreciated!

Many thanks, Zulu

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql