stackoom
  简体   繁体   中英

User-role based login always redirect to the same page

 原文  2016-08-20 14:52:21       php/ redirect

Question

I want to redirect users to different page based on their role using PHP. But, the problem is, whoever the user, they'll always redirected to the same page (page where the first if-statement referred).

here's the code 

<?php
include("config.php");
session_start();

if($_SERVER["REQUEST_METHOD"] == "POST") {

  $myusername = mysqli_real_escape_string($db,$_POST['username']);
  $mypassword = mysqli_real_escape_string($db,$_POST['password']);

  $sql = "SELECT * FROM user WHERE username = '$myusername' and password = '$mypassword'";
  $result = mysqli_query($db,$sql);
  $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
  $active = isset($row['active']);
  $count = mysqli_num_rows($result);

  $role = isset($row['role']);

    if($role == 'admin'){
        $link = 'admin.php';
    }
    elseif($role == 'user'){
        $link = 'user.php';
    }
    elseif($role == 'expert'){
        $link = 'expert.php';
    }
    else{
        $link = '404.php';
    }

  if($count == 1) {
    $_SESSION['username'] = $myusername;

    header("Location: ".$link."");
    exit(); 
  }else {
     $error = "Your Login Name or Password is invalid";
  }
}
?>

So, if i replace admin.php on the first if statement with another page, the users will be redirected there. I've followed solutions from different case, but it didnt work.

1 answers

solution1
 2 ACCPTED  2016-08-20 15:21:42

This line 

$role = isset($row['role']);

Sets $role to true or possibly false but it definitely does not set it to the contents of $row['role']

I would suggest removing that line completely it is not necessary as your if/elseif/else covers all the possible options quite nicely.

It is also totally unnecesary to move a value from the $row array into a scalar variable so this would be simpler 

//$role = isset($row['role']);

if($row['role'] == 'admin'){
    $link = 'admin.php';
} elseif($row['role'] == 'user'){
    $link = 'user.php';
} elseif($row['role'] == 'expert'){
    $link = 'expert.php';
} else{
    $link = '404.php';
}

Unfortunately I have to mention that: Your script is at risk of SQL Injection Attack Have a look at what happened to Little Bobby Tables Even if you are escaping inputs, its not safe! Use prepared parameterized statements

It is also very dangerous storing plain text password on your database. The most likely attack vector on your database is internal staff. Therefore all passwords shoudl be HASHED. PHP provides password_hash() and password_verify() please use them.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Multi level login page redirect users to different pages based on user role php How to add functionality so woocommerce orders are visible to a driver user-role in the same city? After login redirect to different page according to user role Redirect WordPress User based on user role when accessing a page Redirect to the same page after user login PHP Laravel : Redirect the user to the same page after login How to redirect the user to the same page after login? Login with different role (redirect to different page according to user type ) How to redirect user after login to a desired page according to their role? Redirecting user to dashboard with their user role from same login page
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM