I did a login/register system and it works fine. I wanted to add user roles, e.g. When the admin logs in, he will be redirected to index page; when user logs in, he will be redirected to profile page. This is what I did:
functions.php
public function loginUser($username,$password){
$query=$this->db->prepare("SELECT id, username FROM users WHERE username=? AND email=?");
$query->execute(array($username,$password));
$userdata=$query->fetch();
$num=$query->rowCount();
if($num==1){
session_start();
$_SESSION['login']= true;
$_SESSION['uid']= $userdata['id'];
$_SESSION['uname']= $userdata['username'];
$_SESSION['login_msg']= "Login succesful";
return true;
}else{
return false;
}
}
public function userRole($uid){
$query=$this->db->prepare("SELECT role FROM users WHERE id=?");
$query->execute(array($uid));
$res=$query->fetch();
echo $res['role'];
}
login.php
<?php
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$username=$_POST['username'];
$password=$_POST['password'];
if(empty($username) or empty($password)){
echo "Error... Field must not be empty";
}else{
$login = $user->loginUser($username,$password);
if($login){
header('Location: transition.php');
}else{
echo "E-mail or password not match";
}
}
}
?>
<form action="" method="post" name="reg">
<table>
<tr><td> <input type="text" name="username" placeholder="Nombre de usuario"></td></tr>
<tr><td> <input type="password" name="password" placeholder="Password"></td></tr>
<tr><td> <input type="submit" name="login" value="Login" onclick="return(submitreg());"></td></tr>
</table>
</form>
transition.php
<?php
session_start();
require_once "functions.php";
$db = new DatabaseConnection();
$user = new LoginRegister($db->pdo);
$uid=$_SESSION['uid'];
$username=$_SESSION['uname'];
if(!$user->getSession()){
header('Location: login.php');
exit();
}
$type = $user->userRole($uid);
echo $type;
if($type == 0){
header('Location: index.php');
}else{header('Location: profile.php');
}
?>
I added the function userRole to get the role of the user, and transition.php is to know if the function works fine, if I delete the if sentence and I print the role, it prints the right role. When I login without this function and php file it works properly, but when I added this function and php file, I always get redirected to index.php regardless the role.
In my database the user role is just a number (0 for admin and 1 for user).