Jump to content

Reading attributes from single line mySQL query

Nomadic

By Nomadic
in PHP Coding Help

 Share

Recommended Posts

Nomadic Newbie

Nomadic

Posted
Posted

I am working on a site with a login system. Originally the system was just meant to access the Administrative Control Panel. However, things have changed and I now need it to be a general login so that members can access member areas. Obviously I only want the admins to be able to access the CP (while giving all members in general access to the members areas).

 

I figured this wouldn't be a problem since I already have a mysql query that looks for and returns rows where username = username and password = password (if rows = 1 then start their member session). Just add an admin t/f as a new attribute and look for it on the query. Problem is that no matter what they are marked as it is marking admin as always true for all members. So basically what I am trying to do is:

 

- User POSTs username and password

- Server searches database for a match

- If found server enables username session

- Server checks to see if the ADMIN field = "t"

- If it does it activates the admin session

- If false admin session not activated

- If no match was found server doesn't activate anything

- After all said and done kicks them back to the page they logged in from (based on a variable that was posted from a hidden form field on the login box)

 

As you can see I'm totally lost. How do I get this code to only set the admin session if the field admin = t?

<?php
  session_start();
  $_SESSION['redirect'] = $_POST['loginhidden'];

  $host="localhost";
  $dbusername="name";
  $dbpassword="pass";
  $db_name="dbn";
  $tbl_name="tbln";

  mysql_connect("$host", "$dbusername", "$dbpassword")or die("cannot connect");
  mysql_select_db("$db_name")or die("cannot select DB");

  $username = $_POST['username'];
  $password = $_POST['password'];
  $username = stripslashes($username);
  $password = stripslashes($password);
  $username = mysql_real_escape_string($username);
  $password = mysql_real_escape_string($password);

  $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
  $result=mysql_query($sql);
  $count=mysql_num_rows($result);

  if($count==1) {
    $_SESSION['username'] = $username;

    if($row['ADMIN'] = "t") {
      $_SESSION['ADMIN'] = "t";
    }
    header("location:" . $_SESSION['redirect'] . "");
  }
  else {
    header("location:" . $_SESSION['redirect'] . "");
  }
?>

premiso Regular Member

premiso

Posted
Posted

It is always assigning "t" because you are using the assignment operator ( = ). Change this to the comparison operator ( == ) for it to come out correct.

 

if($row['ADMIN'] == "t") {
      $_SESSION['ADMIN'] = "t";
    }

premiso Regular Member

premiso

Posted
Posted

It is a valid usage. For instance, say I wanted to get one row from a mysql query assigned and wanted to test if it assigned correctly:

 

$query = mysql_query("SELECT * FROM table_name WHERE 0=1"); // expected 0 results, but a valid query.
if ($row = mysql_fetch_assoc($query)) {
    echo 'This should not be true.';
}else {
    echo 'The result was not returned.';
}

 

Not weird, intentional and has it's uses.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.