0

I am creating a login page where when a doctor logs in he/she will be redirected to the doctor table according to the login credentials and when a health professional logs in they will be redirected to the health table according to their credentials. How can this be done using sql statements? Here is what i have so far which works for the doctor login:

<?php
    session_start();

    $username = $_POST['username'];
    $password = $_POST['password'];

    if ($username&&$password) {

        $connect = mysql_connect("localhost","root","") or die ("Could not connect");
        mysql_select_db("telestroke_database") or die ("Could not find database");

        $query = mysql_query("SELECT * FROM doctor_credential_table WHERE Doctor_Username ='$username'      AND Doctor_Password ='$password'") or die(mysql_error($connect));
        $numrows = mysql_num_rows($query);

        if ($numrows!=0) {
            while ($row = mysql_fetch_assoc($query)) {
                $dbusername = $row['Doctor_Username'];
                $dbpassword = $row['Doctor_Password'];
                $dbdoctorid= $row['Doctor_ID'];
            }

            $_SESSION['Doctor_Username']=$username;
            $_SESSION['Doctor_ID']=$dbdoctorid;
            header( 'Location: doctor_patients.php' );
        } else {
            echo "Incorrect Username and/or Password.<br/>
                    <br/><a href='Homepage.html'>Click here to return to Homepage</a>";
        }
    }
?>
TNK
  • 4,263
  • 15
  • 58
  • 81
Catherine McIlhone
  • 1
  • So you have different users types? Doctors, Health professionals ect ect. – S.Visser Mar 18 '13 at 13:24
  • Please also hash and salt the password and sanitize your inputs if you are not already doing so :) – span Mar 18 '13 at 13:33
  • [Please, don't use mysql_* functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) in new code. They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://uk.php.net/manual/en/function.mysql-connect.php)? Learn about [_prepared statements_](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which. – TNK Mar 18 '13 at 14:04

2 Answers2

0

lets assume you have some kind of flag in your database telling that the retreived user is a doctor or a healthprofessional then it would look like that:

switch($row['professiontype']){
    case 'doc':
        header( 'Location: doctor_patients.php' );
        break;
    case 'hp':
        header( 'Location: healt_professional.php' );
        break;
}
ITroubs
  • 11,094
  • 4
  • 27
  • 25
0

If Doctors and Health Professionals were both logging in through the same form you wouldn't have separate tables for each. You'd have a central users table containing both types.

You could have three tables. First for all your users. Second for the different user groups. Third for linking the two:

Users
id    username    password
1     John        -
2     Emma        -
3     Dave        -

Groups
id    name
1     Doctors
2     Health Professionals

UserGroups
userId    groupId
1         1
2         1
3         2

Then you'd select from your UserGroups table to determine what type your user is.

select groupId from UserGroups where userId = $userId;

switch ($groupId)
    case 1:
        /* Do what is required for the Doctors group */
    case 2:
        /* Health professions group... */
    etc

Note that the third table isn't necessary, and this information could simply be put in the Users table instead.

James Donnelly
  • 126,410
  • 34
  • 208
  • 218