jeudi 30 avril 2020

How to redirect users to their specified page after logging in?

I've modified the login file to redirect user to their specified page. But my code simply redirect every user to the first option(rd). Users under pd department are directed to rd page. My code is as below. Note: Please ignore SQL injection comments if there's any vulnerability... My db table, aside from names, includes the columns access level (admin & user) department (rd & pd).

<?php
if(!isset($_SESSION)){
 session_start();
                     }
include_once("connections/connection.php");
$con = connection();

if(isset($_POST['login'])){

$username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT * FROM users_table WHERE username = '$username' AND password = '$password'";

$user = $con->query($sql) or die ($con->error);
$row = $user->fetch_assoc();
$total =$user->num_rows;

if($total > 0 AND $department=rd){
$_SESSION['UserLogin'] = $row['username'];
$_SESSION['Access'] = $row['access'];
$_SESSION['Fname'] = $row['fname'];
$_SESSION['Lname'] = $row['lname'];
$_SESSION['Department'] = $row['department'];

echo $_SESSION['UserLogin'];
echo header("Location: index_rd.php");}

else  if($total > 0 AND $department=pd){
$_SESSION['UserLogin'] = $row['username'];
$_SESSION['Access'] = $row['access'];
$_SESSION['Fname'] = $row['fname'];
$_SESSION['Lname'] = $row['lname'];
$_SESSION['Department'] = $row['department'];

echo $_SESSION['UserLogin'];
echo header("Location: index_proc.php");}

else{
echo "No user found.";
}
}
?>

Aucun commentaire:

Enregistrer un commentaire