elite311 Posted August 29, 2012 Share Posted August 29, 2012 I'm hoping someone can help me with this, I have been reading and working on making my own login system and have it working so far. I am using sessions to store the login info and I would like to have some different access levels. In my user tables I have, username, password, flag. I am trying to set the flag to a session variable so that I can make some querys based on access levels. Right now I have the flag as a number 1 - 9 when I try to set the variable it just shows up as 'array' rather than the flag number. Basically I'm trying to use this so that I can create a query that will show data on a page if base on your "auth_lvl". Here's my code: <?php session_start(); //we're using sessions so this is required! include('admin/includes/config.php'); include('admin/includes/database.class.php'); include('admin/includes/functions.php'); $db = new Database($db_host, $db_username, $db_password, $db_database, $db_table_prefix); $db -> connect(); if($_SESSION['loggedin'] == TRUE) { //loggedin already header("Location: members.php"); }else{ if(isset($_POST['submitLogin'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $select_user = mysql_query("SELECT COUNT(id) AS amount FROM users WHERE username = '$username' AND password = '$password' "); $user = mysql_fetch_assoc($select_user); $amount_found = (int)$user['amount']; $flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' "); $flag = mysql_fetch_assoc($flag_lookup); if($amount_found > 0) { $_SESSION['loggedin'] = TRUE; $_SESSION['username'] = $username; $_SESSION['auth_lvl'] = $flag; header("Location: members.php"); }else{ echo "Invalid login! Click <a href='index.php'>here</a> to try again."; } }else{ //show login form ?> <form method="POST" action="index.php"> <b>Username:</b> <br /> <input type="text" name="username"> <p> <b>Password:</b> <br /> <input type="password" name="password"> <p> <input type="submit" name="submitLogin" value="Login!"> </form> <?php } } ?> Any help would be appreciated it, I'm pretty stumped Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/ Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Where's the problem in the code? Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373643 Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 I think the problem is here $flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' "); $flag = mysql_fetch_assoc($flag_lookup); if($amount_found > 0) { $_SESSION['loggedin'] = TRUE; $_SESSION['username'] = $username; $_SESSION['auth_lvl'] = $flag; It doesn't want to set auth_lvl to the value in the database, when I do an echo it shows as "array" Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373644 Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Because mysql_fetch_assoc returns an array. print_r($flag) and you'll see what it contains. Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373647 Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 Thanks! didn't know that When I do the print_r($flag) I'm getting the value "1" for both users and one user should get "1" and the other "2" Am I doing something wrong? or should I be using a different query? Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373650 Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Are you sure the data is correct in the database? And $username has the right value? Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373653 Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 Yes when I log in as the users it's echoing the proper names, just not showing the proper auth_lvl Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373656 Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 That doesn't answer the first question. Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373660 Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 Sorry yes I double checked the data in the table and it is correct. Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373663 Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Run this on a page: $flag_lookup = mysql_query("SELECT username, flag FROM users"); while($flag = mysql_fetch_assoc($flag_lookup)){ print_r($flag); } What do you get? Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373665 Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 I get this, which is correct. Array ( [username] => dloder [flag] => 2 ) Array ( [username] => site [flag] => 1 ) But when I just put the print_r($flag); I get this dloder 1 The code I'm using on my first members page is this, which gets me the 2nd example if($_SESSION['loggedin'] == TRUE) { //loggedin already echo "Welcome back, ".htmlspecialchars($_SESSION['username']); echo print_r($flag) ; }else{ //not logged in yet header("Location: index.php"); } Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373670 Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Must be something else within the code somewhere. Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373673 Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 Ya I just haven't been able to find anything, it all looks correct to me.... I'll keep looking at it though. Thanks for trying. Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373674 Share on other sites More sharing options...
DavidAM Posted August 29, 2012 Share Posted August 29, 2012 Going back to the original code you posted: $select_user = mysql_query("SELECT COUNT(id) AS amount FROM users WHERE username = '$username' AND password = '$password' "); $user = mysql_fetch_assoc($select_user); $amount_found = (int)$user['amount']; $flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' "); $flag = mysql_fetch_assoc($flag_lookup); $flag will be an associative array. $flag['flag'] should get you the flag's value. However, you really should not query the same table twice in a row like that. You could do that with: $sql = "SELECT username, flag FROM users WHERE username = '$username' AND password = '$password'"; $res = mysql_query($sql); if (! $res) { // The query failed, handle it -- in Development you can: trigger_error(sprintf('User Query Failed: %s<BR>%s', $sql, mysql_error()), E_USER_ERROR); exit; } else { if (mysql_num_rows($res) == 1) { $row = mysql_fetch_assoc($res); $_SESSION['loggedin'] = TRUE; $_SESSION['username'] = $username; $_SESSION['auth_lvl'] = $row['flag']; Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373701 Share on other sites More sharing options...
elite311 Posted August 30, 2012 Author Share Posted August 30, 2012 Thanks for the help on this so far, i tried changing my code to what you provided as it makes more sense to use just 1 query however I'm still having the same issue. When I do the print_r($flag) it still shows 1 for both users Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1373818 Share on other sites More sharing options...
elite311 Posted August 30, 2012 Author Share Posted August 30, 2012 oops posted twice Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1374000 Share on other sites More sharing options...
elite311 Posted August 30, 2012 Author Share Posted August 30, 2012 Looks like everything is working properly, it print_r is showing 1 but the access levels are working since I changed the code to However, you really should not query the same table twice in a row like that. You could do that with: PHP: [select] $sql = "SELECT username, flag FROM users WHERE username = '$username' AND password = '$password'"; $res = mysql_query($sql); if (! $res) { // The query failed, handle it -- in Development you can: trigger_error(sprintf('User Query Failed: %s<BR>%s', $sql, mysql_error()), E_USER_ERROR); exit; } else { if (mysql_num_rows($res) == 1) { $row = mysql_fetch_assoc($res); $_SESSION['loggedin'] = TRUE; $_SESSION['username'] = $username; $_SESSION['auth_lvl'] = $row['flag']; Thanks again for all the help on this one. Link to comment https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/#findComment-1374002 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.