determine page seen after login by field???

boraman

I am trying to write the code for a page so that when you login to our site the page you view is depedant on a field called acct_type. There are only two options for this field, Property Manager or Employer.

I know how to do sessions etc and make the code search the db for your username but I cannot figure out how to make it a) find the username and b) determine if you are a Property Manager or Employer.

here is the code I have that does not work.

<?
$email=$_POST['credit_usr'];

// login.php - performs validation 
// authenticate using form variables
$status = authenticate($login, $password, $dbtype,$acct_type);
$stmt = "SELECT * FROM credit_usr";


// if  user/pass combination is correct
if ($status == 1) {
	// initiate a session
	session_start();

// register some session variables
session_register("SESSION");

// including the username
session_register("SESSION_UNAME");
$SESSION_UNAME = $credit_usr;

if ($acct_type =="Property Manager"  ) {
	// redirect to protected page
	header("Location: success.php");
	exit();
    }elseif ($acct_type =="Employer"  ) {
	// redirect to protected page
	header("Location: success2.php");
	exit();
} else {
	// redirect to open page
	header("Location: loginagain.php");
	exit();
}
} else {
// user/pass check failed

// redirect to error page
header("Location: error.php?e=$status");
exit();
}

// authenticate username/password against a database
// returns: 0 if username and password is incorrect
//          1 if username and password are correct
function authenticate($user, $pass, $dbtype) {
	// configuration variables
	// normally these should be sourced from an external file
	// for example: include("dbconfig.php");
	// variables explicitly set here for illustrative purposes
	$db_host = "localhost";
	$db_user = "xxxxx";
	$db_pass = "xxxxx";
	$db_name = "xxxxx";

// check login and password
// connect and execute query
$connection = mysql_connect($db_host, $db_user, $db_pass)
 or die ("Unable to connect!");
$query = "SELECT ID from credit_usr WHERE login =
 '$login' AND password = '$password' AND acct_type = '$acct_tpye' ";
mysql_select_db($db_name);
$result = mysql_query($query, $connection) or 
die ("Error in query: $query. " . mysql_error());

// if row exists -> user/pass combination is correct
if (mysql_num_rows($result) == 1) {
	return 1;
} else {
// user/pass combination is wrong
	return 0;
}
}

?>

I think this is probably an easy fix but I cannot figure out what I am doing wrong.

any help is appreciated!

BIOSTALL

I know how to do sessions etc

Ermm... from looking at your code.. you obviously dont.

Sessions must be started right at the top of your page before anything else so it looks like this:

<?php
session_start();
....

Also, where you put:

$SESSION_UNAME = $credit_usr;

I think you want to do:

$_SESSION['uname'] = $credit_usr;

One more thing... your variable $acct_type is not being declared a value anywhere in your code. Perhaps something like $acct_type = $_POST['acct_type'] would do the trick.

Anyway.. hope that helps you on your way 🙂 Let us know how you get on.

BIOSTALL