if-statement: mobile browsers bypassing elseif statements but working fine on desktop and local host

I have a very simple set of elseif statements to redirect users using header after confirming password / username correct. It works perfectly well on localhost and all desktop browsers as expected. (tom goes to admin page if toms password is correct / other correct passwords go to their assigned page)

However, when run on mobile mobile devices it skips to the else statement. (tom goes to home page (WRONG PAGE) if toms password is correct / other correct passwords go to home page NOT the page they are assigned)

I have tried changing all statements to if instead of elseif (as explained in another stack overflow question)

caveat: I realize that this isn't secure and intend to include prepared statements / password hashing for security. But, I need to figure this out before I can continue.

I have spent hours trying to figure out why and have tried numerous variations. I'm hoping it's something simple that I just can't see.

I am new to using PHP so please be gentle if this seems really obvious. I have killed many hours trying to figure this out through this website and others and I am also trying to learn as much as I can as i go along.

Thanks in advance.....

<?php

session_start();


if (isset($_POST['submit'])) {

include_once 'dbh.inc.php';

$name = mysqli_real_escape_string($conn, $_POST['name']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);

//error handlers

//check for empty fields

if (empty($name) || empty($pwd) ){

   header("Location: ../index.php?entry=empty");
   exit();

} else {

    // check if input characters are valid

    if (!preg_match("/^[a-zA-Z]*$/", $name) || !preg_match("/^[a-zA-Z]*$/", $pwd))  {

        header("Location: ../index.php?entry=invalid-entry");
        exit();

    } else {

        $sql = "SELECT * FROM users WHERE user_name='$name' AND user_pwd='$pwd'";
        $result = mysqli_query($conn, $sql);
        $resultCheck = mysqli_num_rows($result);

        if ($resultCheck < 1) {

            header("Location: ../index.php?login=error");
            exit();

        } else {
            if ($row = mysqli_fetch_assoc($result)) {
                $_SESSION['u_name'] = $row['user_name'];
                $_SESSION['u_pwd'] = $row['user_pwd'];

                if ($name == 'tom') {
                    header("Location: ../admin.php?login=success");
                    exit;

                } elseif ($name == 'dick') {
                    header("Location: ../page_one.php?login=success");
                    exit;    

                } elseif ($name == 'harry') {
                    header("Location: ../page_two.php?login=success");
                    exit;

                } elseif ($name == 'joe') {
                    header("Location: ../page_three.php?login=success");
                    exit;

                } elseif ($name == 'bloggs') {
                    header("Location: ../page_four.php?login=success");
                    exit;

                } else {
                    header("Location: ../HOME.php?login=success");
                    exit;
                }
            }
        }            
    }
}

} else {
header("Location: ../index.php");
exit();
}

if-statement

dimanche 13 mai 2018

mobile browsers bypassing elseif statements but working fine on desktop and local host

Aucun commentaire:

Enregistrer un commentaire