i would like to allow multiple users to login according to their userID and forward each user to his page. However only the last if condition works.
<?php
$conn = mysqli_connect("localhost", "root", "", "clinic system");
if(isset($_POST['submit'])){
$idname = $_POST['name'];
$password = $_POST['password'];
$query1 = "SELECT * FROM users WHERE UID='".$idname."' AND pass= '".$password."' AND User_type_id= '1'";
$query2= "SELECT * FROM users WHERE UID='".$idname."' AND pass= '".$password."' AND User_type_id= '2'";
$query3= "SELECT * FROM users WHERE UID='".$idname."' AND pass= '".$password."' AND User_type_id= '3'";
$result1 = mysqli_query($conn, $query1);
$result2 = mysqli_query($conn, $query2);
$result3 = mysqli_query($conn, $query3);
if(mysqli_fetch_assoc($result1)){
$_SESSION['User'] = $_POST['name'];
header("location:Dr.html");
}
if(mysqli_fetch_assoc($result2)){
$_SESSION['User'] = $_POST['name'];
header("location:Assis.html");
}
if(mysqli_fetch_assoc($result3)){
$_SESSION['User'] = $_POST['name'];
header("location:Recep.html");
}
else{
header("location:stafflog.php?Invalid= please enter correct ID or Password");
}
}
?>
Advertisement
Answer
You only need to retrieve the User_type_id from the database and then decide on that which page to go to…
$query1 = "SELECT * FROM users WHERE UID='".$idname."' AND pass= '".$password."'";
$result1 = mysqli_query($conn, $query1);
if($row = mysqli_fetch_assoc($result1)){
$_SESSION['User'] = $_POST['name'];
if ( $row['User_type_id'] == 1 ) {
header("location:Dr.html");
}
if ( $row['User_type_id'] == 2 ) {
header("location:Assis.html");
}
if ( $row['User_type_id'] == 3 ) {
header("location:Recep.html");
}
exit;
}
Although a couple of major points – you should be using prepared statements – How can I prevent SQL injection in PHP?.
Also you should not be storing plain text passwords, have a read of How to use PHP’s password_hash to hash and verify passwords