0

been stuck this for the whole day.. need to seek advice from u guys.. it dont seems to work if i login as normal user... but if i log in as admin, it will redirect me to admin-index.php correctly.

<?php 

// Array for recording errors:
$login_errors = array();

// Validate the email address:
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
	$e = mysqli_real_escape_string ($dbc, $_POST['email']);
} else {
	$login_errors['email'] = 'Please enter a valid email address!';
}

// Validate the password:
if (!empty($_POST['pass'])) {
	$p = mysqli_real_escape_string ($dbc, $_POST['pass']);
} else {
	$login_errors['pass'] = 'Please enter your password!';
}


	
if (empty($login_errors)) { // OK to proceed!



	// Query the database:
//	$q = "SELECT email, password FROM members1 WHERE (email='$e' AND password='$p')";		
	//$q = "SELECT userid, email, firstname, lastname, password FROM members2 WHERE (email='$e' AND password='$p')";	
	$q = "SELECT * FROM members2 WHERE (email='$e' AND admin='1' AND password='$p')";	
	$q2 = "SELECT * FROM members2 WHERE (email='$e' AND admin='0' AND password='$p')";	
		

	$r = mysqli_query ($dbc, $q);
		$r2 = mysqli_query ($dbc, $q2);

			
//$objQuery = mysql_query($q) or die ("Error Query [".$q."]");
	//$r2 = mysqli_query ($dbc, $q2);
	
	if (mysqli_num_rows($r) == 1)   { // A match was made.		
		// Get the data:
		//header('Location: welcome.php');
		
		$welcomepage2 = "admin-index.php";
		
		echo '<script language="javascript" type="text/javascript">window.location.href="'.$welcomepage2.'";</script>';
		
		$row = mysqli_fetch_array ($r, MYSQLI_NUM); 
	$lastname = $row['lastname'];
		$_SESSION['lastname'] = $lastname;			
		$_SESSION['email'] = $_POST['email'];
	
	//session_register("lastname", $lastname); 
	} 
	
	
		
	if (mysqli_num_rows($r) == 1)   { // A match was made.		
		// Get the data:
		//header('Location: welcome.php');
		
		$welcomepage = "welcome.php";
		
		echo '<script language="javascript" type="text/javascript">window.location.href="'.$welcomepage.'";</script>';
		
		$row = mysqli_fetch_array ($r, MYSQLI_NUM); 
	$lastname = $row['lastname'];
		$_SESSION['lastname'] = $lastname;			
		$_SESSION['email'] = $_POST['email'];
	
	//session_register("lastname", $lastname); 
	} 
	

	
	else { // No match was made.
		$login_errors['login'] = 'The email address and password do not match those on file.';
	}
	
} // End of $login_errors IF.

// Omit the closing PHP tag to avoid 'headers already sent' errors!
2
Contributors
1
Reply
2
Views
5 Years
Discussion Span
Last Post by simplypixie
0

Your code needs tidying up (you don't need 2 queries, just one and then check what value the admin is and use that in an if statement to redirect appropriately. However, looking at what you have you are looking for the number of rows the using the same result so in line 58 it should be

if (mysqli_num_rows($r2) == 1)   {
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.