redirect user from login

BigJon2001

Hello, I am learning more PHP & MySQL everyday, but...
Does anyone know how i can edit my "log in user" script so that i can have different level users directed to different start-pages. I based this a ColFusion script, and while this works perfectly, i cannot get user=admin to see admin.php, and user=client to go to client.php.
Any tips would be much appreciated.

Here's the code----------------------------------------
<?php
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($POST['username'])) {
$loginUsername=$POST['username'];
$password=$_POST['userword'];
$fldUserAuthorization = "userlevel";
$redirectLoginSuccess = "client.php";
$redirectLoginFailed = "loginfail.php";
$redirecttoReferrer = false;
mysql_select_db($database_ConDB, $ConD😎;

$LoginRS__query=sprintf("SELECT username, username, userlevel FROM tbsecurity WHERE username='%s' AND username='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $ConD😎 or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {

$loginStrGroup = mysql_result($LoginRS,0,'userlevel');

//declare two session variables and assign them
$GLOBALS['Username'] = $loginUsername;
$GLOBALS['UserGroup'] = $loginStrGroup;

//register the session variables
session_register("Username");
session_register("UserGroup");

if (isset($SESSION['PrevUrl']) && false) {
$redirectLoginSuccess = $SESSION['PrevUrl'];
}
header("Location: " . $redirectLoginSuccess );
}
else {
header("Location: ". $redirectLoginFailed );
}
}

leatherback

Hi,

this is what you are looking at:

if (isset($_SESSION['PrevUrl']) && false) { 
$redirectLoginSuccess = $_SESSION['PrevUrl']; 
} 
header("Location: " . $redirectLoginSuccess ); 
} 
else { 
header("Location: ". $redirectLoginFailed ); 
}

the redirectLoginSucces parameter will hold either the defaul page (client.php) or the page from which the script was called ($redirectLoginSuccess = $_SESSION['PrevUrl']; )
If you want to change the location to a specified page, you would have to change the variable $redirectLoginSuccess into a page fitting that page.

But I would get your acces levels from the database. So for each user in the database you would have a value of seclevel. Say 1 = client, 2=admin. You then check for that level when you do the query on the database, and based on sec. level you change the reffresh page.

The way you have it organised now, you could do:

if ($_SESSION['Username'] == 'admin') 
  { 
  $redirectLogin = 'admin.php'; 
  } 
  else
   {
    if ($_SESSION['Username'] == 'client') 
     {  

     $redirectLogin = 'client.php'; 
     } 
     else
     { 
      $redirectLogin = $redirectLoginFailed ; 
     } 
   }

header("Location: " . $redirectLogin );

BigJon2001

Thankyou so much. This was almost perfect.
(oh, with UserGroup rather than UserName)

But there is still a problem i'm not able to solve:
The user has to login twice - the first time the user is sent to "login denied" and the second time the user logs-in everything works as it should.
Any ideas on why this is...