[RESOLVED] Redirect Help

focus310

Hi,

I'm trying to direct users based on their access level to the appropriate page.

If admin_access = 1; these users should go to welcome.php.
If admin_access = 2; these users should go to index.html.

When I test the accounts with the levels, the users all go to welcome.php.

Can someone help me out in redirecting the users to the proper location?

The code is below.
Thank you in advance.

$query = "SELECT user_id, username, admin_access FROM users WHERE (username='$u' AND password=SHA('$p'))";		
		$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

	if (@mysql_num_rows($result) == 1) { // A match was made.

		// Register the values & redirect.
		$row = mysql_fetch_array ($result, MYSQL_NUM); 
		mysql_free_result($result);
		mysql_close(); // Close the database connection.
                    $_SESSION["status"] = "Logged";
                    $_SESSION['username'] = $row[1];
		$_SESSION['user_id'] = $row[0];
                    $_SESSION['admin_access'] = $row[2];


		if ($_SESSION['admin_access'] = 1) {
                     include('welcome.php');
                    } elseif 
                      ($_SESSION['admin_access'] = 2) {
                     include('index.html');
                    }

Oni

In order to redirect:

header("Location: http://www.example.com/"); / Redirect browser /

When you include a file you do not redirect...

focus310

Hi,

When I use the header(Location) bit and run the script instead of going to the page, my login form is redisplayed.

This is the entire script:

<?php 

// Set the page title and include the HTML header.
$page_title = 'Login Page';

include('header3.html');

if (isset($_POST['submitted'])) { // Check if the form has been submitted.

require_once ('mysql_connect.php'); // Connect to the database.

// Validate the username.	
if (!empty($_POST['username'])) {
	$u = escape_data($_POST['username']);
} else {
	echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>';
	$u = FALSE;
}

// Validate the password.
if (!empty($_POST['password'])) {
	$p = escape_data($_POST['password']);
} else {
	$p = FALSE;
	echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
}

if ($u && $p) { // If everything's OK.

	// Query the database.
	$query = "SELECT user_id, username, admin_access FROM users WHERE (username='$u' AND password=SHA('$p'))";		
	$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

	if (@mysql_num_rows($result) == 1) { // A match was made.

		// Register the values & redirect.
		$row = mysql_fetch_array ($result, MYSQL_NUM); 
		mysql_free_result($result);
		mysql_close(); // Close the database connection.
                    $_SESSION["status"] = "Logged";
                    $_SESSION['username'] = $row[1];
		$_SESSION['user_id'] = $row[0];
                    $_SESSION['admin_access'] = $row[2];


		if ($_SESSION['admin_access'] = 1) {
                     header("Location:welcome.php");
                    } elseif 
                      ($_SESSION['admin_access'] = 2) {
                     header("Location:index.html");
                    }

}			


mysql_close(); // Close the database connection.
}
} // End of SUBMIT conditional.
?>

<fieldset><legend>Login</legend>
<p>Please login to access your account.</p>
<form action="login.php" method="post">
	<p><b>Username:</b> <input type="text" name="username" size="20" maxlength="40" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
	<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
	<div align="center"><input type="submit" name="submit" value="Login" /></div>
	<input type="hidden" name="submitted" value="TRUE" />

</fieldset>	
</form>
<?php // Include the HTML footer file.
include ('footer3.html');
?>

Protato

focus310,

Your error appears to be in the logic where the actual include call is made.

You have:

        if (@mysql_num_rows($result) == 1) { // A match was made.

        // Register the values & redirect.
        $row = mysql_fetch_array ($result, MYSQL_NUM);
        mysql_free_result($result);
        mysql_close(); // Close the database connection.
                    $_SESSION["status"] = "Logged";
                    $_SESSION['username'] = $row[1];
        $_SESSION['user_id'] = $row[0];
                    $_SESSION['admin_access'] = $row[2];


        if ($_SESSION['admin_access'] = 1) {
                     header("Location:welcome.php");
                    } elseif
                      ($_SESSION['admin_access'] = 2) {
                     header("Location:index.html");
                    }

}

Which should look something more like:

        if (@mysql_num_rows($result) == 1) { // A match was made.

        // Register the values & redirect.
        $row = mysql_fetch_array ($result, MYSQL_NUM);
        mysql_free_result($result);
        mysql_close(); // Close the database connection.
                    $_SESSION["status"] = "Logged";
                    $_SESSION['username'] = $row[1];
        $_SESSION['user_id'] = $row[0];
                    $_SESSION['admin_access'] = $row[2];


        if ($_SESSION['admin_access'] == 1) {
                     header("Location:welcome.php");
                    } elseif
                      ($_SESSION['admin_access'] == 2) {
                     header("Location:index.html");
                    }

}

You remembered to use the comparative operator when checking the row count, but switched to the assignment operator when check the access level. since $admin_access = 1 will always resolve true (you are just assigning the value 1), welcome.php is loaded.

Protato

Your re-assigning the value of admin access instead of comparing it in this code:

if ($_SESSION['admin_access'] = 1) {
   header("Location:welcome.php");
} elseif($_SESSION['admin_access'] = 2) {
   header("Location:index.html");
}

Since assiging a value never failes, this will always evaluate true and include welcome.php. Trying change the code to look like this:

if ($_SESSION['admin_access'] == 1) {
   header("Location:welcome.php");
} elseif($_SESSION['admin_access'] == 2) {
   header("Location:index.html");
}

You were close though, you did it correctly when you checked that the result held rows.

HalfaBee

You should also do a session_write_close() before the header().

focus310

Thank you for the help. Changing "=" to"==" made it work. I feel silly not noticing it.