I have a php script that uses mysql to authenticate a user during login. on the database I have three fields. Username, Password and Role. I want to be able to redirect to a page after login to the approriate “role”
The role is provided to the user when the username is created.
There are five “roles” there for five different pages that the user can be redirected to.
<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="RadReq"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// session Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
//Get result set
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$r = mysql_fetch_array($result);
$_SESSION['role'] = $r['role']; //set role to session - This will be needed to restricted pages pertaining to role.
$link = 'http://www.abc.com';
if($r['role'] == 'admin')
{
$link .= "?role=admin";
}
else if($r['role'] == 'mod')
{
$link .= "?role=mod";
}
header("Location: ".$link."");
I hope this is what you are looking - There can be many ways - depends what you need to do. Its just an example to get you started!
<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="RadReq"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$result=mysql_fetch_array($result);
$role = $result['role'];
//page link on the basis of user role you can add more condition on the basis of ur roles in db
if($role =='Administrator'){
$link = 'newuser.html';
}
elseif($role =='Clinic')
$link = 'rrform.html';
}
// session Register $myusername, $mypassword and redirect to file "login_success.php"
$_session["myusername"] = $myusername;
$_session["mypassword"] = $mypassword;
$_session["role"] = $role;
header("Location: ".$link."");
}
else {
echo "Wrong Username or Password";
}
?>
“I put this in and it comes up blank”
Stick an echo after the header, to see if it’s just redirecting you nowhere.
If you STILL get a blank screen, you’ve got other problems.\