0

My login page couldn't read on the multi level users. I have two types of users: UMD and CMD. Their location page will be different based on their level (CMD_home.php for CMD & UMD_home2.php for UMD). Currently when click login, both user navigate to UMD_home2.php page. Below are my codes, please assist to edit the code.

<?php

include "../setting/config.php";

session_start();

if (isset($_POST['login']))
{
    $username = $_POST['username'];
    $password = $_POST['password'];
    //UMD,CMD
    $query2 = "SELECT * FROM registered_accounts WHERE username='$username' AND password='$password'";

    if (count(fetchAll($query2)) > 0)
    { //this is to catch unknown error.
        foreach (fetchAll($query2) as $row)
        {
            if ($row['username'] == $username && $row['password'] == $password)
            {
                $_SESSION['test'] = true;
                $level['level'] == "CMD";
                header('location:CMD_home.php');
            }
            else
            {
                echo "<script>alert('Wrong login details.')</script>";
            }
        }
    }

}

if (isset($_POST['login']))
{
    $username = $_POST['username'];
    $password = $_POST['password'];
    //UMD,CMD
    $query3 = "SELECT * FROM registered_accounts WHERE username='$username' AND password='$password'";

    if (count(fetchAll($query2)) > 0)
    { //this is to catch unknown error.
        foreach (fetchAll($query2) as $row)
        {
            if ($row['username'] == $username && $row['password'] == $password)
            {
                $_SESSION['test'] = true;
                $level['level'] == "UMD";
                header('location:UMD_home2.php');
            }
            else
            {
                echo "<script>alert('Wrong login details.')</script>";
            }
        }
    }

}

?>
4

1 回答 1

0

I think your problem is really easy. There is no if statments arround the $level['level'] == "CMD"; and $level['level'] == "UMD";

Try this:


<?php
include "../setting/config.php";

session_start();

if (isset($_POST['login'])) {

    if (!isset($_POST['username']) || !isset($_POST['password'])){
        exit;
    }

    $username = $_POST['username'];
    $password = $_POST['password'];
    //UMD,CMD

    $sql = $pdo->prepare('SELECT * FROM registered_accounts WHERE username = :name AND password = :password');

    $sql->execute([ 'name' => $username , 'password' => $password]);

    if (count($sql) > 0) { //this is to catch unknown error.
        foreach ($sql as $row) {
            if ($row['username'] == $username && $row['password'] == $password) {
                $_SESSION['test'] = true;
                if($level['level'] == "CMD"){
                    header('location:CMD_home.php');
                    exit;
                }else if($level['level'] == "UMD"){
                    header('location:UMD_home2.php');
                    exit;
                }
            }else{
                alert();
            }
        }
    }else {
        alert();
    }
    function alert(){
        echo "<script>alert('Wrong login details.')</script>";
    }
}
?>
于 2020-06-03T12:27:50.470 回答