i would like to allow multiple users to login according to their userID and forward each user to his page. However only the last if condition works.
x
<?php$conn = mysqli_connect("localhost", "root", "", "clinic system");if(isset($_POST['submit'])){ $idname = $_POST['name']; $password = $_POST['password']; $query1 = "SELECT * FROM users WHERE UID='".$idname."' AND pass= '".$password."' AND User_type_id= '1'"; $query2= "SELECT * FROM users WHERE UID='".$idname."' AND pass= '".$password."' AND User_type_id= '2'"; $query3= "SELECT * FROM users WHERE UID='".$idname."' AND pass= '".$password."' AND User_type_id= '3'"; $result1 = mysqli_query($conn, $query1); $result2 = mysqli_query($conn, $query2); $result3 = mysqli_query($conn, $query3); if(mysqli_fetch_assoc($result1)){ $_SESSION['User'] = $_POST['name']; header("location:Dr.html"); } if(mysqli_fetch_assoc($result2)){ $_SESSION['User'] = $_POST['name']; header("location:Assis.html"); } if(mysqli_fetch_assoc($result3)){ $_SESSION['User'] = $_POST['name']; header("location:Recep.html"); } else{ header("location:stafflog.php?Invalid= please enter correct ID or Password"); }}?>Advertisement
Answer
You only need to retrieve the User_type_id from the database and then decide on that which page to go to…
$query1 = "SELECT * FROM users WHERE UID='".$idname."' AND pass= '".$password."'";$result1 = mysqli_query($conn, $query1);if($row = mysqli_fetch_assoc($result1)){ $_SESSION['User'] = $_POST['name']; if ( $row['User_type_id'] == 1 ) { header("location:Dr.html"); } if ( $row['User_type_id'] == 2 ) { header("location:Assis.html"); } if ( $row['User_type_id'] == 3 ) { header("location:Recep.html"); } exit;}Although a couple of major points – you should be using prepared statements – How can I prevent SQL injection in PHP?.
Also you should not be storing plain text passwords, have a read of How to use PHP’s password_hash to hash and verify passwords