php login page with different redirect

Question

I created login page linked to database and I want to redirect the user to different homepages based on the user role if 1 redirects to indexorg.php after login and if 0 redirects to indexpart.php after login however it is not working and all are redirected to same page either indexorg.php or indexpart.php which is first in the code

here is my code

<?php

// Initialize the session
session_start();
 
// Check if the user is already logged in, if yes then redirect him to welcome page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
    if ($_SESSION["user_role"] = "1") {
        $redirect = 'indexorg.php';
    } else if ($_SESSION["user_role"] == "0") {
        $redirect = 'indexpart.php';
    } 
    
    header('Location: ' . $redirect);
    



    //header("location: index.php");
    exit;
}
 
// Include config file
require "config.php";
 
// Define variables and initialize with empty values
$email = $password = "";
$email_err = $password_err = "";
 
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
 
    // Check if email is empty
    if(empty(trim($_POST["email"]))){
        $email_err = "Please enter email.";
    } else{
        $email = trim($_POST["email"]);
    }
    
    // Check if pass is empty
    if(empty(trim($_POST["password"]))){
        $password_err = "Please enter your password.";
    } else{
        $password = trim($_POST["password"]);
    }
    
    // Validate credentials
    if(empty($email_err) && empty($password_err)){
        // Prepare a select statement
        $sql = "SELECT user_role, user_id, email, password  FROM users WHERE email = :email";
        
        if($stmt = $pdo->prepare($sql)){
            // Bind variables to the prepared statement as parameters
            $stmt->bindParam(":email", $param_email, PDO::PARAM_STR);
            
            // Set parameters
            $param_email = trim($_POST["email"]);
            
            // Attempt to execute the prepared statement
            if($stmt->execute()){
                // Check if email exists, if yes then verify password
                if($stmt->rowCount() == 1){
                    if($row = $stmt->fetch()){
                        $id = $row["user_id"];
                        $email = $row["email"];
                        $hashed_password = $row["password"];
                        $role = intval($row['user_role']);
                        if(password_verify($password, $hashed_password)){
                           
                            // Password is correct, so start a new session
                            session_start();
                            
                            // Store data in session variables
                            $_SESSION["loggedin"] = true;
                            $_SESSION["user_id"] = $id;
                            $_SESSION["email"] = $email;
                            $_SESSION["user_role"] == $role;
                            // if ($role=1) {
                            //     $redirect = 'indexorg.php';
                            // } else if ($role= 0) {
                            //     $redirect = 'indexpart.php';
                            // }
                            switch ($role) {
                                case 0:
                                    $redirect= "indexpart.php";
                                    break;
                                case 1:
                                    $redirect= "indexpart.php";
                                    break;
                                
                            } 
                                                      
                            header('Location: ' . $redirect);
                            exit();

                            
                            // Redirect user to welcome page
                            //header("location: index.php");
                        } else{
                            // Display an error message if password is not valid
                            $password_err = "The password you entered was not valid.";
                        }
                    }
                } else{
                    // Display an error message if email doesn't exist
                    $email_err = "No account found with that email.";
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.";
            }

            // Close statement
            unset($stmt);
        }
    }
    
    // Close connection
    unset($pdo);
}
?>

`if ($_SESSION["user_role"] = "1")` < that is an assignment and will always equal 1. You have to "compare". — Funk Forty Niner, Aug 12 '20 at 17:17

score -2 · Accepted Answer · answered Aug 12 '20 at 17:17

-2

in this line

if ($_SESSION["user_role"] = "1")

you are actually assigning "1" to $_SESSION["user_role"] which is always true.

for comparison, you should use == or != as you used in your second comparison.

answered Aug 12 '20 at 17:17

MaryNfs

301
3
12

whats with the downvote?! – MaryNfs Aug 12 '20 at 17:20
Why your answer have down voted so long it solved my problem ? thank you bro – promed Aug 13 '20 at 18:54
I know why it was downvoted (neither DV is mine). A.) This was answered in comments prior to you posting an answer and 2.) because there is a duplicate that covers the issue. When people see these things they tend to downvote answers that appear to have vampired comments or failed to look to see if the question has been answered before. – Jay Blanchard Aug 14 '20 at 13:55

php login page with different redirect

1 Answers1