Jump to content


Help with redirection and login

  • Please log in to reply
1 reply to this topic

#1 Ameslee

  • Members
  • PipPipPip
  • Advanced Member
  • 131 posts

Posted 23 June 2006 - 02:50 AM

Hey hope someone can help. I have at the moment a website that is connected to a database. I have created a login area, which connects to maintenance pages. I have user levels, so if someone logs in and there username so happens to be Admin or Owner, there allowed in with different access abilities. but i have one problem at the moment, i can login, but i can when i go to access any of the maintenace pages it throughs me back out to the homepage.

Here is my code that i have used. please help.

header("Cache-control: no-cache");

//this includes the database connection

//Get the user's input from the form

    $username = trim($_POST['user']);

//Get the user's input from the form
    $password = trim($_POST['pass']);

//check username and password are correct
$users_query = "SELECT * FROM user where username = '$user' AND password = '$pass'";
//echo $users_query;


//if valid user doesnt exist set the error message and redirect to badlogin page
if ($username=="")
//echo "nooo";
header("Location: ");
//if valid user exists set all the session variables
//$row is the record, [3] is the 3rd element(field) in the array


//redirect to the page you want to allow the user to access
//echo "yesss";
header(" ");


The security code:
if ($_session['level'] != "Admin" && $_session['level'] != "Owner" }
    header("Location: login.php");


Any help is apprieciated, thanks

#2 AndyB

  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 23 June 2006 - 03:02 AM

if ($_session['level'] != "Admin" && $_session['level'] != "Owner" }

Should be $_SESSION not $_session, but the line ending } should be a )

if ($_SESSION['level'] != "Admin" && $_SESSION['level'] != "Owner" )

Legend has it that reading the manual never killed anyone.
My site

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users