adding an if statement to login script in php?

Question

Hi can someone please help me, i have a login script and i want to add a condition that if a column in my database is = to '0' then login and redirect to dashboard.php,

otherwise do the normal login process.

Here's my function:

function initial_prompt() {
            global $connection;
            global $_SESSION;
            $query = "SELECT initial_prompt
                        FROM ptb_users
                        WHERE id = ".$_SESSION['user_id']." ";
            $initial_prompt = mysql_query($query, $connection);
            confirm_query($query, $connection);
            return $initial_prompt;
        }

Here's the piece of code im trying to add as an if statement:

<?php

    $initial_prompt = initial_prompt();
    while ($initial = mysql_fetch_array($initial_prompt)) 


     if ($initial['initial_prompt'] == '0')  {

     redirect_to("dashboard.php"); } ?>

login script:

<?php

    if (logged_in()) 
{ 
$_SESSION['login_message']="<div class=\"login-overlay\"></div><div class=\"login-box\"><div class=\"loginframe2\">
<h1>Login You In Securely </h1>
<p>We are login you in securely. Please wait.<br/><br/>
<div class=\"login-logo\">
  <img src=\"assets/css/photobox/loading.gif\" width=\"24\" height=\"24\"><div class=\"login-text-logo\">Login You In. Please Wait</div></div>
</div></div>"; 
header("Location: {$_SERVER['HTTP_REFERER']}");

}

    include_once("includes/form_functions.php");

    // START FORM PROCESSING
    if (isset($_POST['submit'])) { // Form has been submitted.
        $errors = array();

        // perform validations on the form data
        $required_fields = array('email', 'password');
        $errors = array_merge($errors, check_required_fields($required_fields, $_POST));

        $fields_with_lengths = array('email' => 30, 'password' => 30);
        $errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));

        $email = trim(mysql_prep($_POST['email']));
        $password = trim(mysql_prep($_POST['password']));
        $hashed_password = md5($password);


        if ( empty($errors) ) {
            // Check database to see if email and the hashed password exist there.
            $query = "SELECT id, email, close_account ";
            $query .= "FROM ptb_users ";
            $query .= "WHERE email = '{$email}' ";
            $query .= "AND password = '{$hashed_password}' ";
            $query .= "AND close_account = '0' ";
            $query .= "LIMIT 1";
            $result_set = mysql_query($query);
            confirm_query($result_set);
            if (mysql_num_rows($result_set) == 1) {
                // email/password authenticated
                // and only 1 match
                $found_user = mysql_fetch_array($result_set);
                $_SESSION['user_id'] = $found_user['id'];
                $_SESSION['email'] = $found_user['email'];
                $_SESSION['sub_expires'] = $found_user['subscription_expires'];





                $result = mysql_query("UPDATE ptb_users SET user_online='Online' WHERE id=".$_SESSION['user_id']."") 
or die(mysql_error());

if($result) 
{ 
$_SESSION['login_message']="<div class=\"login-overlay\"></div><div class=\"login-box\"><div class=\"loginframe2\">
<h1>Login You In Securely </h1>
<p> We are login you in securely. Please wait.<br/><br/>
<div class=\"login-logo\">
  <img src=\"assets/css/photobox/loading.gif\" width=\"24\" height=\"24\"><div class=\"login-text-logo\">Login You In. Please Wait</div></div>
</div></div>"; 
header("Location: {$_SERVER['HTTP_REFERER']}");

}


            }else{

                // email/password combo was not found in the database
                $message = "<div class=\"infobox_out\"><strong>Email / Password combination incorrect.</strong><br />
                    Please make sure your caps lock key is off and try again.</div>";
                    echo "<a href=\"#\"><div class=\"infobox-close2\"></div></a>";

            }

                } else {
            if (count($errors) == 1) {
                $message = "<div class=\"infobox_out\">There was 1 error in the form.<div>";


            } else {
                $message = "<div class=\"infobox_out\">There were " . count($errors) . " errors in the form.<div>";
            }
        }


    } else { // Form has not been submitted.
        if (isset($_GET['logout']) && $_GET['logout'] == 1) {
            $message = "<div class=\"infobox\">You are now logged out.</div>";
            echo "<a href=\"#\"><div class=\"infobox-close3\"></div></a>";

    } else { // Form has not been submitted.
        if (isset($_GET['logout']) && $_GET['logout'] == 2) {
            $message = "<div class=\"infobox_out\">Sorry, we've had to log you out. Your session has expired.</div>";
            echo "<a href=\"#\"><div class=\"infobox-close2\"></div></a>";


            } else { // Form has not been submitted.
        if (isset($_GET['logout']) && $_GET['logout'] == 1) {
            $message = "<div class=\"infobox\">You are now logged out.</div>";
            echo "<a href=\"#\"><div class=\"infobox-close3\"></div></a>";

        }

        } 

    }

        $email = "";
        $password = "";
    }
?>







<br/>
            <?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
            <?php if (!empty($errors)) { display_errors($errors); } ?>

I am curious, is global $_SESSION; necessary? little nitpick, but less code can == less problems :) also didn't know global still worked these days, but that is a drum I will bang elsewhere ;) — CodeMonkey, Feb 02 '13 at 15:54

edwardmp · Answer 1 · 2013-02-02T15:16:19.957

0

Try something like this. 0 is probably formatted as an integer in MySQL. Also use header() instead of redirect_to().

    $initial_prompt = initial_prompt();
    while ($initial = mysql_fetch_array($initial_prompt)) {

     if ($initial['initial_prompt'] === 0)  {  
       header("Location:dashboard.php"); 
     } 
     else {
       //normal login process code
     }

    }

edited Feb 02 '13 at 15:16

answered Feb 02 '13 at 15:14

edwardmp

6,339
5
50
77

1

As a good practice you should always call `exit();` after `header("Location […]");`. – insertusernamehere Feb 02 '13 at 15:16
In this situation it is up to the question-asker. I don't necessarily call putting `exit();` after every header a 'good practice'. According to you, if I set the content-type I should execute `exit();` ? Are you out of your mind? – edwardmp Feb 02 '13 at 15:18
[php - Should I call exit() after calling Location: header?](http://stackoverflow.com/q/3553698/1456376) – insertusernamehere Feb 02 '13 at 15:20
I would second using exit after a location set; but in very few other circumstances as it can make integrating code that exits everywhere with other code bases more difficult that it needs to be. – CodeMonkey Feb 02 '13 at 15:51

adding an if statement to login script in php?

1 Answers1