Dark-Hawk Posted April 29, 2009 Share Posted April 29, 2009 if ($_POST['Submit'] == 'Login') { $md5pass = md5(sanitize($_POST['password'])); $sql = mysql_query(sprintf("SELECT * FROM $tbl_name WHERE email='%s' and password='%s' and confirm='%d'", sanitize($_POST['email']), $md5pass, (int)1)); // we have a match if (mysql_num_rows($sql) > 0) { // A matching row found (thus the name/pass found) - authenticated list($email) = mysql_fetch_row($sql); list($level) = mysql_fetch_row($sql); // set user session $_SESSION['user'] = $email; // set session level - this is for security $_SESSION['level'] = $level; // redirect if ($_SESSION['level'] == 1) { // the user is logged in as non-admin header("Location: calendar.php?msg=Logged In"); exit(); } if ($_SESSION['level'] == 2) { // the user is logged in as an admin header("Location: admin/index.php"); exit(); } It's a login script and that part of it handles whether or not a user is logged in as an admin or just a regular user. It works fine if I remove the checking that determines whether or not they're a user or admin, but once adding that in it doesn't do anything. Thanks in advance! Quote Link to comment Share on other sites More sharing options...
revraz Posted April 29, 2009 Share Posted April 29, 2009 Are you starting sessions correctly? What if you replace your session levels with $level instead, does it work? What does list function do? Quote Link to comment Share on other sites More sharing options...
ignace Posted April 29, 2009 Share Posted April 29, 2009 <?php list($email) = mysql_fetch_row($sql); // first row list($level) = mysql_fetch_row($sql); // second row !== first row ?> use: <?php list($field1, $field2, ..) = mysql_fetch_assoc($sql); // or a simple $data = mysql_fetch_assoc($sql); $email = $data['email']; $user = $data['user']; .. ?> @revraz they have php.net for questions like: "What does list function do?" Quote Link to comment Share on other sites More sharing options...
Dark-Hawk Posted April 29, 2009 Author Share Posted April 29, 2009 list() is a function of PHP, it puts items into a listed array... Alright so .. ultimately I'll have to use $row[0] and $row[1] to access the data? Quote Link to comment Share on other sites More sharing options...
premiso Posted April 29, 2009 Share Posted April 29, 2009 $sql = mysql_query(sprintf("SELECT email, level FROM $tbl_name WHERE email='%s' and password='%s' and confirm='%d'", sanitize($_POST['email']), $md5pass, (int)1)); //......... // A matching row found (thus the name/pass found) - authenticated list($email, $level) = mysql_fetch_row($sql); Notice that you were fetching the row twice. Chances are the second row never existed thus level was never being properly set. The above is how it should be done. Also notice I defined the two columns that you were using and in the order that I listed them to prevent other issues from occurring. This way you know what data to expect. Quote Link to comment Share on other sites More sharing options...
Dark-Hawk Posted April 29, 2009 Author Share Posted April 29, 2009 Ah great that definitely helped and got it working right. Thanks a lot premiso. Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted April 29, 2009 Share Posted April 29, 2009 btw, to help clean up those IF statements, try this : if (is_numeric($_SESSION['level'])) { switch ($_SESSION['level']) { case 1: header("Location: calendar.php?msg=Logged In"); exit; break; case 2: header("Location: admin/index.php"); exit; break; } } if you want of course. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.