-2

I did a login/register system and it works fine. I wanted to add user roles, e.g. When the admin logs in, he will be redirected to index page; when user logs in, he will be redirected to profile page. This is what I did:

functions.php 

    public function loginUser($username,$password){
    $query=$this->db->prepare("SELECT id, username FROM users WHERE username=? AND email=?");
    $query->execute(array($username,$password));
    $userdata=$query->fetch();

    $num=$query->rowCount();

    if($num==1){
        session_start();
        $_SESSION['login']= true;
        $_SESSION['uid']= $userdata['id'];
        $_SESSION['uname']= $userdata['username'];
        $_SESSION['login_msg']= "Login succesful";

        return true;
    }else{
        return false;
    }
}

public function userRole($uid){
    $query=$this->db->prepare("SELECT role FROM users WHERE id=?");
    $query->execute(array($uid));
    $res=$query->fetch();
    echo $res['role'];
}

login.php

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$username=$_POST['username'];
$password=$_POST['password'];

if(empty($username) or empty($password)){
   echo "Error... Field must not be empty";
}else{
   $login = $user->loginUser($username,$password);
   if($login){
      header('Location: transition.php');
   }else{
     echo "E-mail or password not match";
   }
 }
}
?>

            <form action="" method="post" name="reg">
                <table>
                    <tr><td> <input type="text" name="username" placeholder="Nombre de usuario"></td></tr>
                    <tr><td> <input type="password" name="password" placeholder="Password"></td></tr>

                    <tr><td> <input type="submit" name="login" value="Login" onclick="return(submitreg());"></td></tr>
                </table>
            </form>

transition.php

<?php
session_start();
require_once "functions.php";
$db = new DatabaseConnection();
$user = new LoginRegister($db->pdo);

$uid=$_SESSION['uid'];
$username=$_SESSION['uname'];

if(!$user->getSession()){
header('Location: login.php');
exit();
}
$type = $user->userRole($uid);
echo $type;

if($type == 0){
header('Location: index.php');
}else{header('Location: profile.php');
}
?>

I added the function userRole to get the role of the user, and transition.php is to know if the function works fine, if I delete the if sentence and I print the role, it prints the right role. When I login without this function and php file it works properly, but when I added this function and php file, I always get redirected to index.php regardless the role.

In my database the user role is just a number (0 for admin and 1 for user).

He_slp13
  • 67
  • 5
  • 1
    Don't `echo`, `return $res['role']`. Your database also seems to have a confusing set up if `email` is really the password column, I'd consider renaming. – chris85 Mar 14 '16 at 23:34
  • http://php.net/manual/en/function.error-reporting.php - http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php – Funk Forty Niner Mar 14 '16 at 23:53
  • outputting before header ^ – Funk Forty Niner Mar 14 '16 at 23:55
  • @He_slp13 I don't address any of the particular code. However, I answer how I solved this similar problem. Does this solution work for you? If not, what can I improve? –  Mar 14 '16 at 23:59
  • Hey @chris85, that was my problem, now that I wrote return instead echo it's woring fine. Thanks. – He_slp13 Mar 17 '16 at 02:50

1 Answers1

-1

I had a similar problem involving administration roles. I created a column named active. If active was 0

the user's account was deactivated

If active was 1

the user account was currently active

If active was 2

the user is an admin

You could do a simple if statement to check what is the value of active. You would check this value after a login...