I've modified the login file to redirect user to their specified page. But my code simply redirect every user to the first option(rd). Users under pd department are directed to rd page. My code is as below. Note: Please ignore SQL injection comments if there's any vulnerability... My db table, aside from names, includes the columns access level (admin & user) department (rd & pd).
<?php
if(!isset($_SESSION)){
session_start();
}
include_once("connections/connection.php");
$con = connection();
if(isset($_POST['login'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users_table WHERE username = '$username' AND password = '$password'";
$user = $con->query($sql) or die ($con->error);
$row = $user->fetch_assoc();
$total =$user->num_rows;
if($total > 0 AND $department=rd){
$_SESSION['UserLogin'] = $row['username'];
$_SESSION['Access'] = $row['access'];
$_SESSION['Fname'] = $row['fname'];
$_SESSION['Lname'] = $row['lname'];
$_SESSION['Department'] = $row['department'];
echo $_SESSION['UserLogin'];
echo header("Location: index_rd.php");}
else if($total > 0 AND $department=pd){
$_SESSION['UserLogin'] = $row['username'];
$_SESSION['Access'] = $row['access'];
$_SESSION['Fname'] = $row['fname'];
$_SESSION['Lname'] = $row['lname'];
$_SESSION['Department'] = $row['department'];
echo $_SESSION['UserLogin'];
echo header("Location: index_proc.php");}
else{
echo "No user found.";
}
}
?>
Aucun commentaire:
Enregistrer un commentaire