Member Avatar for benk1

Hi

I have designed a simple login area on a website that creates a few session variables to use to query a database of products which works fine:

<?php
session_start();
// dBase file
include "dbConfig.php";

 if (!$_POST['username'] || !$_POST['password'])
 	{
 	die("You need to provide a username and password.<p>Click <a href='main_login.html'>here</a> to return to the main login screen. Use the contact us section of the main website for further information about partnership.</p>");
 	}
 
 $username=$_POST['username'];
 $password=$_POST['password'];
 
 
 // To protect MySQL injection

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
 
 // Create query
 $q = "SELECT * FROM members WHERE username='$username' AND password='$password' LIMIT 1";
 // Run query
 $r = mysql_query($q);

 if ( $obj = @mysql_fetch_object($r) )
 	{
 	// Login good, create session variables
 	$_SESSION["valid_id"] = $obj->id;
 	$_SESSION["valid_user"] = $_POST["username"];
 	$_SESSION["cust_type"] = $obj->cust_type;
	$_SESSION["currency"] = $obj->currency;
	
 	// Redirect to member page
 	Header("Location: members.php");
 	}
 else
 	{
 	// Login not successful
 	echo "Sorry, your login details do not match any we hold on record.<p>Click <a href='main_login.html'>here</a> to return to the main login screen. Use the contact us section of the main website for further information about partnership.</p>";
 	}
 

?>

Now, I want to perform an additional check, so that if a customer has a cust_type of "gold" then it takes them to a different members page (members_gold.php).

All other types of user need to still be directed to the original members.php.

I have tried code as follows:

if ( $obj = @mysql_fetch_object($r) )
 	{
 	// Login good, create session variables
 	$_SESSION["valid_id"] = $obj->id;
 	$_SESSION["valid_user"] = $_POST["username"];
 	$_SESSION["cust_type"] = $obj->cust_type;
	$_SESSION["currency"] = $obj->currency;
	
 	if ($_SESSION["cust_type"] == "gold")
       {
 	Header("Location: members_gold.php");
 	}
        else 
        {
        Header("Location: members.php");
        }
        }
 else
 	{
 	// Login not successful
 	echo "Sorry,.....etc

I've also tried:

$_SESSION["cust_type"] = $obj->cust_type;
$cust_type = $_SESSION["cust_type"];

if ($cust_type == "gold")

and:

$_SESSION["cust_type"] = $obj->cust_type = $cust_type;

if ($cust_type == "gold")

None of the above throw any PHP warnings or errors, but all users (even if their cust_type is gold) get directed to the normal members.php page. It's probably something elementary that I am doing wrong. Help greatly appreciated.

  • 2 Contributors
  • 3 Replies
  • 108 Views
  • 8 Hours Discussion Span
  • Latest Post Latest Post by benk1

Recommended Answers

All 3 Replies

Member Avatar for JRM 
if ($_SESSION["cust_type"] = "gold")

You are using a boolean on a string. try just one =

Member Avatar for benk1

Hey JRM

Thanks for the quick response..

Tried:

if ($_SESSION["cust_type"] = "gold")

and

if ($_SESSION["cust_type"] = 'gold')

(single quotes)

All users are still directed to the same place....

Member Avatar for benk1

Solved this thanks -
Instead of doing the redirect within the login script, I left it how it was, and put the following code at the start of the members.php page:

if ($_SESSION["cust_type"] == "gold")
{
header("Location: members_gold.php");
}

This worked fine, with normal members able to view the content of members.php, and gold members bypassing that page and being redirected to members_gold.php.

Not sure why it didn't work in my initial attempts, maybe because the session variable hadn't been defined properly? or maybe the nested if's weren't quite right.

Either way I found a way around.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.