User Permissions

[ririe44]

So, I took a break at this for a bit, but I'm back to solving my situation... So, I need to put together user permissions to certain pages. 

 

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"; 

$result=mysql_query($sql); 
$access=$result['access'];

$count=mysql_num_rows($result); 

if($count==1){ 

session_start(); 
$_SESSION["rdz_logged"] = $access; 
header("location:../members.php"); 
} 
else { 
echo "<div align=center>The username and password you have provided are incorrect.<br>";
echo 'Return to <a href="../login.php">Login</a></div>';

} 

 

session_start(); 
if(($_SESSION['rdz_logged'] != admin) || ($_SESSION['rdz_logged'] != pkg1) || ($_SESSION['rdz_logged'] != pkg2) || ($_SESSION['rdz_logged'] != pkg3) || ($_SESSION['rdz_logged'] != sales)){ header("Location: login.php"); }

 

So, do you see what I'm trying to do?  Should this work?

[ririe44]

any help?

[mikesta707]

have you tried it? for one surround your strings with quotes, like

if $access == admin should be if $access == 'admin'

 

but beyond that you don't know until you try

[ririe44]

So, I have tried it, and it's giving me weird results.  My session is registered, but it doesn't give me access like I had hoped.  I'm questioning this part... does this make sense to you?

 

$_SESSION["rdz_logged"] = $access; 

 

I've changed this code to have quotes... but still not working, any thoughts?

session_start();
if(($_SESSION['rdz_logged'] != 'admin') || ($_SESSION['rdz_logged'] != 'pkg1') || ($_SESSION['rdz_logged'] != 'pkg2') || ($_SESSION['rdz_logged'] != 'pkg3') || ($_SESSION['rdz_logged'] != 'sales')){ header("Location: login.php"); }

 

 

 

[mikesta707]

change the ors to ands. since it only has 1 value, one of those clauses will run false

[ririe44]

it's still not allowing the session to register... I'm directed to my login page every time. 

 

Is there a better way to do this:

session_start();
if(($_SESSION['rdz_logged'] != 'admin') && ($_SESSION['rdz_logged'] != 'pkg1') && ($_SESSION['rdz_logged'] != 'pkg2') && ($_SESSION['rdz_logged'] != 'pkg3') && ($_SESSION['rdz_logged'] != 'sales')){ header("Location: login.php"); }

[mikesta707]

echo your session and see whats stored in it. there are better ways of doing permissions tho, check out bitwise operators. check out this page http://www.litfuel.net/tutorials/bitwise.htm and scroll to the bottom to see how the guy set up a permissions system. however if you don't want to overhaul your whole permission system what you have will work, but echo out the session variable to see if what you think is there is there

 

[ririe44]

hmm... it didn't return anything...

 

So, in my table I have a column called 'access'... shouldn't this bring up the value for the  same user?

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql); 
$access=$result['access'];

[ririe44]

could anybody help me with my question as stated above?  I guess I'm having a hard time getting the session name equal the value from my table in the 'access' column.  Any ideas?

[deansatch]

Apologies if I am way off here but I didn't read the rest of the thread. I just notice you aren't fetching the results from the db.

 

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$access=$row['access'];

[ririe44]

OH YEAH!!!!!  Thanks! it's working now, and I'm on my way to victory with your help!  Thanks!