Just noticed your first error in this:
PHP Code:
$result=mysql_query("SELECT * FROM tutor
WHERE username='" . $username . "' and password='" . $password . "'");
$row=mysql_fetch_array($result);
$num=mysql_num_rows($result);
// print login form and exit if failed.
if($num < 1){
session_destroy();
echo "You are not authenticated. Please login.<br><br>";
exit;
}
at this point every student login will fail.
PHP Code:
$result=mysql_query("SELECT * FROM tutor
WHERE username='" . $username . "' and password='" . $password . "'");
$row=mysql_fetch_array($result);
$num=mysql_num_rows($result);
if($num < 1){
$result=mysql_query("SELECT * FROM student
WHERE username='" . $username . "' and password='" . $password . "'");
$row=mysql_fetch_array($result);
$num=mysql_num_rows($result);
if($num < 1){ // print login form and exit if failed.
session_destroy();
echo "You are not authenticated. Please login.<br><br>";
exit;
}
if ($row['username']==$username)
{
// we have a student
$fullname=$row['firstname'] . ' ' . $row['lastname'];
echo("Hello Student: $fullname<p>");
echo('done');
if ($row['password']==$password)
{
// we have an authenticated student
echo("Student you have logged in correctly");
}
else
{
echo ("try again");
}
}
}
else
{
// We have a tutor
$fullname=$row['firstname'] .' ' . $row['lastname'];
echo("Hello tutor: $fullname<p>");
if ($row['password']==$password)
{
// we have an authenticated tutor
echo("Tutor you have logged in correctly");
} else { echo ("try again");}
}
}
$loggedin=true;
might be a better aproach.