FocuZst

I'm trying to restrict users from accessing a page if their rank isn't manager or admin. I made a variable called $rank which is the rank that is fetched from the user's table in my database. When I echo the rank on the page, the rank does equal to manager or admin but it redirects me to the index page because it somehow doesn't equal manager or admin. When I try using this code: if(!isset($_SESSION['userID'])) { header("Location: index.php");} else if ($rank == "manager" OR $rank == "admin") { } else { header("Location: index.php");} it does work but I feel like that's the wrong way of doing it. This is the code that I'm using now and isn't working: $tUsers_Select = "SELECT users.rank, ranks.rank_name FROM users LEFT JOIN ranks ON users.rank = ranks.rank_name WHERE user_id = ".$_SESSION['userID'];$tUsers_Select_Query = mysqli_query($dbConnect, $tUsers_Select);$fetch = mysqli_fetch_array($tUsers_Select_Query);$rank = $fetch['rank'];if(!isset($_SESSION['userID'])) {header("Location: index.php");} else if ($rank !== "manager" OR $rank !== "admin") {header("Location: index.php");} Hopefully you understood. Please comment if you have any questions.

Thanks man! All I had to do was if(mysqli_query($dbConnect, $registerUser)) { $_SESSION['userID'] = mysqli_insert_id($dbConnect); // <<-- Add this header("Location: home.php"); } else { echo "<script>alert('error while registering you...');</script>";}

I haven't learned about SQL injections yet. That's why I'm not worried about security now. This login and registration system is just for learning purposes.

I'm creating a simple login and registration form. What I'm trying to do is when a user registers, it should log them in. In order to get logged in, the user's ID that gets registered needs to be sent to the home page so the username can be displayed. I'm not sure what is wrong with my code. Register: <!DOCTYPE html><?php session_start(); if(isset($_SESSION['userID']) AND !empty($_SESSION['userID'])) { header("Location: home.php"); } if(isset($_POST['register'])) { $firstName = mysqli_real_escape_string($dbConnect, $_POST['firstName']); $lastName = mysqli_real_escape_string($dbConnect, $_POST['lastName']); $username = mysqli_real_escape_string($dbConnect, $_POST['username']); $email = mysqli_real_escape_string($dbConnect, $_POST['email']); $password = mysqli_real_escape_string($dbConnect, $_POST['password']);{ // Check if data exists already in the database $exists = mysqli_query($dbConnect, "SELECT user_id, username, email FROM users WHERE username = '$username' AND email = '$email'"); $row = mysqli_fetch_array($exists); $dbusername = $row['username']; $dbemail = $row['email']; if ($username == $dbusername) { die("Username already taken."); } else if ($email == $dbemail) { die("Email already registered."); }} $registerUser = "INSERT INTO users (first_name, last_name, username, email, password) VALUES('$firstName', '$lastName', '$username', '$email', '$password')";{ // Select ID from registered user $selectID = "SELECT user_id FROM users WHERE username = '$username'"; $selectID_Query = mysqli_query($dbConnect, $selectID); $fetch = mysqli_fetch_array($selectID_Query); $userID = $fetch['user_id']; $_SESSION['userID'] = $userID;} if(mysqli_query($dbConnect, $registerUser)) { header("Location: home.php"); } else { echo "<script>alert('error while registering you...');</script>"; } } include "includes/head.php"; include "includes/nav.php";?> <div id="main-content"> <div class="welcome-msg"> <h1 class="huge">Registration form</h1> <h3 class="medium">Please fill in all the inputs</h3> <form id="login-form" method="post"> <label for="firstName">First Name</label> <input type="text" name="firstName" id="firstName" required> <label for="lastName">Last Name</label> <input type="text" name="lastName" id="lastName" required> <label for="username">Username</label> <input type="text" name="username" id="username" required> <label for="email">Email</label> <input type="email" name="email" id="email" required> <label for="password">Password</label> <input type="password" name="password" id="password" required> <button type="submit" name="register">Register</button> </form> </div> </div></body> Home: <!DOCTYPE html><html><?phpsession_start();if(!isset($_SESSION['userID'])) { header("Location: index.php");}$tUsers_Select_Query = mysqli_query($dbConnect, "SELECT * FROM users WHERE user_id=".$_SESSION['userID']);$row = mysqli_fetch_array($tUsers_Select_Query);include "includes/head.php";include "includes/nav.php";?> <div id="main-content"> <h1 class="huge">Welcome back, <?php echo $row['username'] ?>!</h1> <a href="/lr/logout.php?logout">Logout</a> </div></body> If you need any more details, please comment.