Login error : How do i login to different users i cannot seem to find a solution kindly help please?

#1

This is my login form page.

<?php include "server.php";
include "ehsserver.php";

?>


<!doctype html>

<html>
	<head>
		<title> NEAR MISS </title>
		<link rel="stylesheet" href="styleforlogin.css">
	        <img src="title.png" style= "width:45%; margin-left:27%;margin-top:0% ">
                <a style="margin-left:22%; color:white;" href="/Admin/login.php">ADMIN</a>
	</head>
	<body>
	<div class="loginBox">
		
		<img src="user.png" class="user">
		<h2>Login</h2>
		<form action="login.php" method="POST">
			<p>Username</p>
			<input type="text" name = "username" placeholder="Enter ID">
			<p>Password</p>
			<input type="password" name = "password" placeholder="Enter Password">
			<input type="submit" name = "login_user" value="login">
            <?php include('errors.php'); ?>
			
		</form>
	</div>
	</body>
</html>

This is my server.php

<?php  
  
// Starting the session, necessary 
// for using session variables 
session_start(); 
   
// Declaring and hoisting the variables 
$username = ""; 
$email    = ""; 
$errors = array();  
$_SESSION['success'] = ""; 
   
// DBMS connection code -> hostname, 
// username, password, database name 
$db = mysqli_connect('localhost', 'root', '', 'registration'); 
   
// Registration code 
if (isset($_POST['reg_user'])) { 
   
    // Receiving the values entered and storing 
    // in the variables 
    // Data sanitization is done to prevent 
    // SQL injections 
    $username = mysqli_real_escape_string($db, $_POST['username']); 
    $email = mysqli_real_escape_string($db, $_POST['email']); 
    $password_1 = mysqli_real_escape_string($db, $_POST['password_1']); 
    $password_2 = mysqli_real_escape_string($db, $_POST['password_2']); 
   
    // Ensuring that the user has not left any input field blank 
    // error messages will be displayed for every blank input 
    if (empty($username)) { array_push($errors, "Username is required"); } 
    if (empty($email)) { array_push($errors, "Email is required"); } 
    if (empty($password_1)) { array_push($errors, "Password is required"); } 
   
    if ($password_1 != $password_2) { 
        array_push($errors, "The two passwords do not match"); 
        // Checking if the passwords match 
    } 
   
    // If the form is error free, then register the user 
    if (count($errors) == 0) { 
          
        // Password encryption to increase data security 
        $password = md5($password_1); 
          
        // Inserting data into table 
        $query = "INSERT INTO users (username, email, password)  
                  VALUES('$username', '$email', '$password')";  
          
        mysqli_query($db, $query); 
   
        // Storing username of the logged in user, 
        // in the session variable 
        $_SESSION['username'] = $username; 
          
        // Welcome message 
        $_SESSION['success'] = "You have logged in"; 
          
        // Page on which the user will be  
        // redirected after logging in 
        header('location: index.php');  
    } 
} 
   
// User login 
if (isset($_POST['login_user'])) { 
      
    // Data sanitization to prevent SQL injection 
    $username = mysqli_real_escape_string($db, $_POST['username']); 
    $password = mysqli_real_escape_string($db, $_POST['password']); 
   
    // Error message if the input field is left blank 
    if (empty($username)) { 
        array_push($errors, "Username is required"); 
    } 
    if (empty($password)) { 
        array_push($errors, "Password is required"); 
    } 
   
    // Checking for the errors 
    if (count($errors) == 0) { 
          
        // Password matching 
        $password = md5($password); 
          
        $query = "SELECT * FROM users WHERE username= 
                '$username' AND password='$password'"; 
        $results = mysqli_query($db, $query); 
   
        // $results = 1 means that one user with the 
        // entered username exists 
        if (mysqli_num_rows($results) == 1) { 
              
            // Storing username in session variable 
            $_SESSION['username'] = $username; 
              
            // Welcome message 
            $_SESSION['success'] = "You have logged in!"; 
              
            // Page on which the user is sent 
            // to after logging in 
            header('location: index.php'); 
        } 
        else { 
              
            // If the username and password doesn't match 
            array_push($errors, "Username or password incorrect");  
        } 
    } 
    
} 
   
?>

For example I want to direct JOHN SMITH (user1) to localhost/pages/johnsmith.php and JANE SMITH (user 2) to localhost/pages/janesmith.php

#2

just create a new redirect column in the database and set the header according to that database value.

#3

can you please show how to do that?

#4

this whole thing makes no sense for me, ehsserver.php looks identicaly to the login part from server.php, it even defines the credentials doubled - and then you include both? that second part will barely execute when the first part already redirects. Also you need to fix your database querying, use Prepared Statements

https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

and up-to-date password hashing

https://www.php.net/manual/en/function.password-hash.php

that’s serious security issues.

#5

So what i want to achieve here is simply login with different users and the users have different pages. I have a server.php which works fine while login. But how do i redirect users to their respective pages using the server.php i have? Getting confused sorry.

This is what i have tried in my server.php

<?php  
  
// Starting the session, necessary 
// for using session variables 
session_start(); 
   
// Declaring and hoisting the variables 
$username = ""; 
$email    = ""; 
$errors = array();  
$_SESSION['success'] = ""; 
   
// DBMS connection code -> hostname, 
// username, password, database name 
$db = mysqli_connect('localhost', 'root', '', 'registration'); 
   
// Registration code 
if (isset($_POST['reg_user'])) { 
   
    // Receiving the values entered and storing 
    // in the variables 
    // Data sanitization is done to prevent 
    // SQL injections 
    $username = mysqli_real_escape_string($db, $_POST['username']); 
    $email = mysqli_real_escape_string($db, $_POST['email']); 
    $password_1 = mysqli_real_escape_string($db, $_POST['password_1']); 
    $password_2 = mysqli_real_escape_string($db, $_POST['password_2']); 
   
    // Ensuring that the user has not left any input field blank 
    // error messages will be displayed for every blank input 
    if (empty($username)) { array_push($errors, "Username is required"); } 
    if (empty($email)) { array_push($errors, "Email is required"); } 
    if (empty($password_1)) { array_push($errors, "Password is required"); } 
   
    if ($password_1 != $password_2) { 
        array_push($errors, "The two passwords do not match"); 
        // Checking if the passwords match 
    } 
   
    // If the form is error free, then register the user 
    if (count($errors) == 0) { 
          
        // Password encryption to increase data security 
        $password = md5($password_1); 
          
        // Inserting data into table 
        $query = "INSERT INTO users (username, email, password)  
                  VALUES('$username', '$email', '$password')";  
          
        mysqli_query($db, $query); 
   
        // Storing username of the logged in user, 
        // in the session variable 
        $_SESSION['username'] = $username; 
          
        // Welcome message 
        $_SESSION['success'] = "You have logged in"; 
          
        // Page on which the user will be  
        // redirected after logging in 
        header('location: index.php');  
    } 
} 
   
// User login 
if (isset($_POST['login_user'])) { 
      
    // Data sanitization to prevent SQL injection 
    $username = mysqli_real_escape_string($db, $_POST['username']); 
    $password = mysqli_real_escape_string($db, $_POST['password']); 
   
    // Error message if the input field is left blank 
    if (empty($username)) { 
        array_push($errors, "Username is required"); 
    } 
    if (empty($password)) { 
        array_push($errors, "Password is required"); 
    } 
   
    // Checking for the errors 
    if (count($errors) == 0) { 
          
        // Password matching 
        $password = md5($password); 
          
        $query = "SELECT * FROM users WHERE username= 
                '$username' AND password='$password'"; 
        $results = mysqli_query($db, $query); 
   
        // $results = 1 means that one user with the 
        // entered username exists 
        if (mysqli_num_rows($results) == 1) { 
              
            // Storing username in session variable 
            $_SESSION['username'] = $username; 
              
            // Welcome message 
            $_SESSION['success'] = "You have logged in!"; 
              
            // Page on which the user is sent 
            // to after logging in 
            header('location: index.php'); 
             switch ($userName) {
    case "ronie":
        header('location: ehsindex.php');
        
}
        } 
        else { 
              
            // If the username and password doesn't match 
            array_push($errors, "Username or password incorrect");  
        } 
        
    }
   
    
} 
   
?>
#6 
'select userRedirect from users where xyz'
... some user data fetching ...
header('location: '.$user->userRedirect.'.php');