Hi
I have designed a simple login area on a website that creates a few session variables to use to query a database of products which works fine:
<?php
session_start();
// dBase file
include "dbConfig.php";
if (!$_POST['username'] || !$_POST['password'])
{
die("You need to provide a username and password.<p>Click <a href='main_login.html'>here</a> to return to the main login screen. Use the contact us section of the main website for further information about partnership.</p>");
}
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Create query
$q = "SELECT * FROM members WHERE username='$username' AND password='$password' LIMIT 1";
// Run query
$r = mysql_query($q);
if ( $obj = @mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["cust_type"] = $obj->cust_type;
$_SESSION["currency"] = $obj->currency;
// Redirect to member page
Header("Location: members.php");
}
else
{
// Login not successful
echo "Sorry, your login details do not match any we hold on record.<p>Click <a href='main_login.html'>here</a> to return to the main login screen. Use the contact us section of the main website for further information about partnership.</p>";
}
?>
Now, I want to perform an additional check, so that if a customer has a cust_type of "gold" then it takes them to a different members page (members_gold.php).
All other types of user need to still be directed to the original members.php.
I have tried code as follows:
if ( $obj = @mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["cust_type"] = $obj->cust_type;
$_SESSION["currency"] = $obj->currency;
if ($_SESSION["cust_type"] == "gold")
{
Header("Location: members_gold.php");
}
else
{
Header("Location: members.php");
}
}
else
{
// Login not successful
echo "Sorry,.....etc
I've also tried:
$_SESSION["cust_type"] = $obj->cust_type;
$cust_type = $_SESSION["cust_type"];
if ($cust_type == "gold")
and:
$_SESSION["cust_type"] = $obj->cust_type = $cust_type;
if ($cust_type == "gold")
None of the above throw any PHP warnings or errors, but all users (even if their cust_type is gold) get directed to the normal members.php page. It's probably something elementary that I am doing wrong. Help greatly appreciated.