Search code examples
phphtmlsessionisset

Session if else statement

I am trying to display the information A if login as user and information B if login as admin. The problem here is that, I am only able to execute the first if statement and the else statement which means I am able to login. However, it will never get into the else if statement. Can anyone help me, I am not sure what is the problem here.

<?php
$dbhost = "localhost";
$dbuser = "root";
$dbpassword = "";
$dbdatabase = "test";
$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);
?>

somewhere.php

<?php
if(!isset($_SESSION)){
    session_start();
}
include("configuration.php");
?>
<html>
<body>
<?php

    if (isset($_SESSION['SESS_EXIST']) == true && isset($_SESSION['SESS_TYPE']) == 'A' ){ ?>
            //this is the user html information form
        <?php } 
    else if (isset($_SESSION['SESS_EXIST']) == true && isset($_SESSION['SESS_TYPE1']) == 'B' ){ ?>
            //this is the admin html information form
    <?php } else { ?>
            //ask user/admin to login html form
            <form action ="login.php">
               <button type="submit" name="login" class="btn-primary">Sign Up</button>
            </form>
    <?php } ?>
</body>
</html>

login.php

<?php
session_start();
require("configuration.php");
if(isset($_SESSION['SESS_EXIST']) == TRUE) {
header("Location: somewhere.php");
die();
}
$email = $_POST['Email'];
$pass =  $_POST['Pass'];

$sql = "SELECT * FROM user WHERE Email='$email' and Pass ='$pass' " ;
$res = mysql_query($sql);
$rows = mysql_num_rows($res);

$sql1 = "SELECT * FROM admin WHERE Email='$email' and Pass ='$pass' " ;
$res1 = mysql_query($sql1);
$rows1 = mysql_num_rows($res1);

if($rows == 1)
{
$row = mysql_fetch_assoc($res);
$_SESSION['SESS_EMAIL'] = $row['Email'];
$_SESSION['SESS_NAME'] = $row['Name'];
$_SESSION['SESS_PASS'] = $row['Pass'];
$_SESSION['SESS_TYPE'] = 'A';
$_SESSION['SESS_LOGGED'] = 1;
header("Location: somewhere.php");
die();

}
else if($rows1 == 1)
{
$row1 = mysql_fetch_assoc($res1);
$_SESSION['SESS_EMAIL1'] = $row['Email'];
$_SESSION['SESS_NAME1'] = $row['Name'];
$_SESSION['SESS_PASS1'] = $row['Pass'];
$_SESSION['SESS_TYPE1'] = 'B';
$_SESSION['SESS_LOGGED'] = 1;
header("Location: somewhere.php");
die();
}
else {
echo '<script language = "javascript">';
echo 'alert("Fail login")';
echo '</script>';
echo "<script>window.location.assign('somewhere.php')</script>";
die();
}
?>
Solution

  • I think you don't reset your SESSION when you Logout. Try this:
    Login.php

    <?php
session_start();
require("configuration.php");
if(isset($_SESSION['SESS_EXIST']) == TRUE) {
header("Location: somewhere.php");
die();
}
session_unset();
$email = $_POST['Email'];
$pass =  $_POST['Pass'];

$sql = "SELECT * FROM user WHERE Email='$email' and Pass ='$pass' " ;
$res = mysql_query($sql);
$rows = mysql_num_rows($res);

$sql1 = "SELECT * FROM admin WHERE Email='$email' and Pass ='$pass' " ;
$res1 = mysql_query($sql1);
$rows1 = mysql_num_rows($res1);

if($rows == 1)
{
$row = mysql_fetch_assoc($res);
$_SESSION['SESS_EMAIL'] = $row['Email'];
$_SESSION['SESS_NAME'] = $row['Name'];
$_SESSION['SESS_PASS'] = $row['Pass'];
$_SESSION['SESS_TYPE'] = 'A';
$_SESSION['SESS_LOGGED'] = 1;
header("Location: somewhere.php");
die();

}
else if($rows1 == 1)
{
$row1 = mysql_fetch_assoc($res1);
$_SESSION['SESS_EMAIL1'] = $row['Email'];
$_SESSION['SESS_NAME1'] = $row['Name'];
$_SESSION['SESS_PASS1'] = $row['Pass'];
$_SESSION['SESS_TYPE1'] = 'B';
$_SESSION['SESS_LOGGED'] = 1;
header("Location: somewhere.php");
die();
}
else {
echo '<script language = "javascript">';
echo 'alert("Fail login")';
echo '</script>';
echo "<script>window.location.assign('somewhere.php')</script>";
die();
}
?>

    Your If-Statement is also no correct. As mentioned in other answers it should be like this:
    somewhere.php Edit

    <?php
if(!isset($_SESSION)){
    session_start();
}
include("configuration.php");
?>
<html>
    <body>
    <?php
    if(isset($_SESSION['SESS_EXIST'])){
        if ($_SESSION['SESS_EXIST'] == true && $_SESSION['SESS_TYPE'] == 'A' ){
            ?> //this is the user html information form <?php
        } 
        else if ($_SESSION['SESS_EXIST'] == true && $_SESSION['SESS_TYPE1'] == 'B' ){
            ?> //this is the admin html information form <?php
        }
    } else { ?> //ask user/admin to login html form
        <form action ="login.php">
            <button type="submit" name="login" class="btn-primary">Sign Up</button>
        </form>
    <?php
    }
    ?>
    </body>
</html>