CODEWITHSUNDEEP
phphtmlauthenticationhttp-redirect
spyter
spyter

Reputation: 5

How can I redirect admin and user to their pages?

I have a problem with redirecting users to their pages. I tried adding something like this at the beginning of the code but it does not work at all.

session_start();
 
if(isset($_SESSION["loggedin"], $_SESSION["user_type"]) && $_SESSION["loggedin"] === true){
    $_SESSION["user_type"] = "admin";
    header("location: crud_form/index.php");
    exit;
}

The rest of the code looks like this and I dont know if maybe I should do some changes there also?

require_once "config.php";
 
$username = $password = "";
$username_err = $password_err = "";
 
if($_SERVER["REQUEST_METHOD"] == "POST"){
 
    if(empty(trim($_POST["username"]))){
        $username_err = "Wprowadź login.";
    } else {
        $username = trim($_POST["username"]);
    }
    
    if(empty(trim($_POST["password"]))){
        $password_err = "Wprowadź hasło.";
    } else {
        $password = trim($_POST["password"]);
    }
    
    if(empty($username_err) && empty($password_err)){
        $sql = "SELECT user_id, username, password FROM users WHERE username = ?";
        
        if($stmt = mysqli_prepare($link, $sql)){
            mysqli_stmt_bind_param($stmt, "s", $param_username);
            
            $param_username = $username;
            
            if(mysqli_stmt_execute($stmt)){
                mysqli_stmt_store_result($stmt);
                
                if(mysqli_stmt_num_rows($stmt) == 1){                    
                    mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password);
                    if(mysqli_stmt_fetch($stmt)){
                        if(password_verify($password, $hashed_password)){
                            session_start();
                            
                            $_SESSION["loggedin"] = true;
                            $_SESSION["user_id"] = $id;
                            $_SESSION["username"] = $username;                         
                            
                            header("location: crud_form/index.php");
                        } else {
                            $password_err = "Hasło nieprawidłowe.";
                        }
                    }
                } else {
                    $username_err = "Nie ma takiego użytkownika.";
                }
            } else {
                echo "Coś się zepsuło! Spróbuj ponownie.";
            }

            mysqli_stmt_close($stmt);
        }
    }
    
    mysqli_close($link);
}

I would be super happy if someone would tell me at lest where is the problem and what am I doing wrong. Thanks!

Upvotes: 0

Views: 70

Answers (1)

Vandalin
Vandalin

Reputation: 90

if(empty($username_err) && empty($password_err)){
    $sql = "SELECT user_id, username, password, user_type FROM users WHERE username = ?";
    
    if($stmt = mysqli_prepare($link, $sql)){
        mysqli_stmt_bind_param($stmt, "s", $param_username);
        
        $param_username = $username;
        
        if(mysqli_stmt_execute($stmt)){
            mysqli_stmt_store_result($stmt);
            
            if(mysqli_stmt_num_rows($stmt) == 1){                    
                mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password, $user_type);
                if(mysqli_stmt_fetch($stmt)){
                    if(password_verify($password, $hashed_password)){
                        session_start();
                        
                        $_SESSION["loggedin"]  = true;
                        $_SESSION["user_id"]   = $id;
                        $_SESSION["username"]  = $username;
                        $_SESSION["user_type"] = $user_type;

Here i've fetched user_type from database, and made a session with Second thing

session_start();

if($_SESSION["user_type"] !== "admin"){     
    header("location: crud_form/index.php"); 
}

Upvotes: 1

Related Questions