I created login page linked to database and I want to redirect the user to different homepages based on the user role if 1 redirects to indexorg.php after login and if 0 redirects to indexpart.php after login however it is not working and all are redirected to same page either indexorg.php or indexpart.php which is first in the code
here is my code
<?php
// Initialize the session
session_start();
// Check if the user is already logged in, if yes then redirect him to welcome page
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
if ($_SESSION["user_role"] = "1") {
$redirect = 'indexorg.php';
} else if ($_SESSION["user_role"] == "0") {
$redirect = 'indexpart.php';
}
header('Location: ' . $redirect);
//header("location: index.php");
exit;
}
// Include config file
require "config.php";
// Define variables and initialize with empty values
$email = $password = "";
$email_err = $password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Check if email is empty
if(empty(trim($_POST["email"]))){
$email_err = "Please enter email.";
} else{
$email = trim($_POST["email"]);
}
// Check if pass is empty
if(empty(trim($_POST["password"]))){
$password_err = "Please enter your password.";
} else{
$password = trim($_POST["password"]);
}
// Validate credentials
if(empty($email_err) && empty($password_err)){
// Prepare a select statement
$sql = "SELECT user_role, user_id, email, password FROM users WHERE email = :email";
if($stmt = $pdo->prepare($sql)){
// Bind variables to the prepared statement as parameters
$stmt->bindParam(":email", $param_email, PDO::PARAM_STR);
// Set parameters
$param_email = trim($_POST["email"]);
// Attempt to execute the prepared statement
if($stmt->execute()){
// Check if email exists, if yes then verify password
if($stmt->rowCount() == 1){
if($row = $stmt->fetch()){
$id = $row["user_id"];
$email = $row["email"];
$hashed_password = $row["password"];
$role = intval($row['user_role']);
if(password_verify($password, $hashed_password)){
// Password is correct, so start a new session
session_start();
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["user_id"] = $id;
$_SESSION["email"] = $email;
$_SESSION["user_role"] == $role;
// if ($role=1) {
// $redirect = 'indexorg.php';
// } else if ($role= 0) {
// $redirect = 'indexpart.php';
// }
switch ($role) {
case 0:
$redirect= "indexpart.php";
break;
case 1:
$redirect= "indexpart.php";
break;
}
header('Location: ' . $redirect);
exit();
// Redirect user to welcome page
//header("location: index.php");
} else{
// Display an error message if password is not valid
$password_err = "The password you entered was not valid.";
}
}
} else{
// Display an error message if email doesn't exist
$email_err = "No account found with that email.";
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
// Close statement
unset($stmt);
}
}
// Close connection
unset($pdo);
}
?>
in this line
if ($_SESSION["user_role"] = "1")
you are actually assigning "1" to $_SESSION["user_role"] which is always true.
for comparison, you should use ==
or !=
as you used in your second comparison.