Jump to content


Photo

Help with redirection and login


  • Please log in to reply
1 reply to this topic

#1 Ameslee

Ameslee
  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 23 June 2006 - 02:50 AM

Hey hope someone can help. I have at the moment a website that is connected to a database. I have created a login area, which connects to maintenance pages. I have user levels, so if someone logs in and there username so happens to be Admin or Owner, there allowed in with different access abilities. but i have one problem at the moment, i can login, but i can when i go to access any of the maintenace pages it throughs me back out to the homepage.

Here is my code that i have used. please help.

<?php
session_start();
header("Cache-control: no-cache");


//this includes the database connection
include("database.inc");


//Get the user's input from the form

    $username = trim($_POST['user']);


//Get the user's input from the form
    
    $password = trim($_POST['pass']);



//check username and password are correct
$users_query = "SELECT * FROM user where username = '$user' AND password = '$pass'";
//echo $users_query;
$mysql_result=mysql_query($users_query,$conn);

$row=mysql_fetch_row($mysql_result);



//if valid user doesnt exist set the error message and redirect to badlogin page
if ($username=="")
{
//echo "nooo";
header("Location: ");
}
else
{
//if valid user exists set all the session variables
//$row is the record, [3] is the 3rd element(field) in the array

$_SESSION['Level']=$username[5];
$_SESSION['username']=$username[1];


//redirect to the page you want to allow the user to access
//echo "yesss";
header(" ");

}
?>

The security code:
<?php
session_start();
if ($_session['level'] != "Admin" && $_session['level'] != "Owner" }
{
    header("Location: login.php");
}

?>

Any help is apprieciated, thanks

#2 AndyB

AndyB
  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 23 June 2006 - 03:02 AM

if ($_session['level'] != "Admin" && $_session['level'] != "Owner" }

Should be $_SESSION not $_session, but the line ending } should be a )

if ($_SESSION['level'] != "Admin" && $_SESSION['level'] != "Owner" )

Legend has it that reading the manual never killed anyone.
My site




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users