I am trying to create a login page that will send the user to a different index.php page based on their login
credentials. For example, should a user with the "IT Technician" role log in, they will be sent to "index.php", and if a user with the "Student" role log in, they will be sent to the "student/index.php" page.
I can't see what's wrong with my code, but it's not working... I'm getting the "wrong login
credentials" message every time I press the login button.
My code for the user login page is here:
<?php
session_start();
if (isset($_SESSION["manager"])) {
header("location: http://www.zuluirminger.com/SchoolAdmin/index.php");
exit();
}
?>
<?php
if (isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["role"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
$role = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["role"]);
include "adminscripts/connect_to_mysql.php";
$sql = mysql_query("SELECT id FROM Users WHERE username='$manager' AND password='$password' AND role='$role' LIMIT 1");
$existCount = mysql_num_rows($sql);
if (($existCount == 1) && ($role == 'IT Technician')) {
while ($row = mysql_fetch_array($sql)) {
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
$_SESSION["role"] = $role;
header("location: http://www.zuluirminger.com/SchoolAdmin/index.php");
} else {
echo 'Your login details were incorrect. Please try again <a href="http://www.zuluirminger.com/SchoolAdmin/index.php">here</a>';
exit();
}
}
?>
<?php
if (isset($_POST["username"]) && isset($_POST["password"]) && isset($_POST["role"])) {
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
$role = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["role"]);
include "adminscripts/connect_to_mysql.php";
$sql = mysql_query("SELECT id FROM Users WHERE username='$manager' AND password='$password' AND role='$role' LIMIT 1");
$existCount = mysql_num_rows($sql);
if (($existCount == 1) && ($role == 'Student')) {
while ($row = mysql_fetch_array($sql)) {
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
$_SESSION["role"] = $role;
header("location: http://www.zuluirminger.com/SchoolAdmin/student/index.php");
} else {
echo 'Your login details were incorrect. Please try again <a href="http://www.zuluirminger.com/SchoolAdmin/index.php">here</a>';
exit();
}
}
?>
And the form that the data is pulled from is shown here:
<form id="LoginForm" name="LoginForm" method="post" action="http://www.zuluirminger.com/SchoolAdmin/user_login.php">
User Name:<br />
<input type="text" name="username" id="username" size="50" /><br />
<br />
Password:<br />
<input type="password" name="password" id="password" size="50" /><br />
<br />
Log in as:
<select name="role" id="role">
<option value="">...</option>
<option value="Head">Head</option>
<option value="Deputy Head">Deputy Head</option>
<option value="IT Technician">IT Technician</option>
<option value="Pastoral Care">Pastoral Care</option>
<option value="Bursar">Bursar</option>
<option value="Secretary">Secretary</option>
<option value="Housemaster">Housemaster</option>
<option value="Teacher">Teacher</option>
<option value="Tutor">Tutor</option>
<option value="Sanatorium Staff">Sanatorium Staff</option>
<option value="Kitchen Staff">Kitchen Staff</option>
<option value="Parent">Parent</option>
<option value="Student">Student</option>
</select><br />
<br />
<input type="submit" name = "button" id="button" value="Log In" onclick="javascript:return validateLoginForm();" />
</h3>
</form>
Once logged in (and should the correct page be loaded, the validation code I have at the top of the script looks like this:
<?php
session_start();
if (!isset($_SESSION["manager"])) {
header("location: http://www.zuluirminger.com/SchoolAdmin/user_login.php");
exit();
}
$managerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]);
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["manager"]);
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]);
$role = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["role"]);
include "adminscripts/connect_to_mysql.php";
$sql = mysql_query("SELECT id FROM Users WHERE username='$manager' AND password='$password' AND role='$role' LIMIT 1");
$existCount = mysql_num_rows($sql);
if ($existCount == 0) {
header("location: http://www.zuluirminger.com/SchoolAdmin/index.php");
exit();
}
?>
Just so you're aware, the database table has the following fields: id, username, password and role.
Any help would be greatly appreciated!
Many thanks,
Zulu
