I have the following script:
//Possible solution for logging a user in below.
if($result = mysqli_query($db,"SELECT password FROM USERS WHERE password = '". $password ."' AND username = '". $username ."'")){
$count = $result->num_rows;
$accounttype = mysqli_query($db, "SELECT AccountType FROM USERS WHERE username ='". $username."'");
if($count>=1){
if($accounttype == "tradesmen"){
include('../html/WelcomeCustomer.html');
}
else if($accounttype == "customer"){
include('../html/WelcomeTrade.html');
}
}
else{
echo "The login credentials were incorrect";
}
}
I know there is a more than a few things wrong with this implementation in terms of security. I plan on fixing this once I have the login working.
For now I just wish to get the user logged in. When I run this I get a blank page, using the following accounts:
username, password, AccountType: test, test, tradesmen.
username, password, AccountType: work, work, customer.
I have error reporting turned on and I get nothing. What could be the reason for the script not redirecting the user?
well, you're not redirecting
the control. This statement include('../html/WelcomeCustomer.html');
will just include
the HTML
file rather than redirecting
to it.
So you need to do following. also you don't need to double query the database
$mysqli = new mysqli("localhost", "my_user", "my_password", "db_name");
$result = $mysqli->query($db,"SELECT * FROM USERS WHERE password = '". $password ."' AND username = '". $username ."'");
$count = $result->num_rows;
if($count){
$row = $result->fetch_assoc();
if($row['AccountType'] == "tradesmen"){
header('Location: ../html/WelcomeCustomer.html');
}
else if($row['AccountType'] == "customer"){
header('Location: ../html/WelcomeTrade.html');
}
}
else{
echo "The login credentials were incorrect";
}
}
just change your include
statements I found that you're direct matching the object
inside if
condition, you need to first fetch
data and after that compare it.
IMPORTANT
at some places, you're using Object oriented style like $result->num_rows; and at some places you're using Procedural style like mysqli_query . So I suggest you to use one of them, I've updated my answer with Object oriented style
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.