Jump to content

Setting a session variable


elite311

Recommended Posts

I'm hoping someone can help me with this, I have been reading and working on making my own login system and have it working so far. I am using sessions to store the login info and I would like to have some different access levels.

 

In my user tables I have, username, password, flag. I am trying to set the flag to a session variable so that I can make some querys based on access levels. Right now I have the flag as a number 1 - 9 when I try to set the variable it just shows up as 'array' rather than the flag number. Basically I'm trying to use this so that I can create a query that will show data on a page if base on your "auth_lvl". 

 

Here's my code:

<?php

session_start(); //we're using sessions so this is required!

include('admin/includes/config.php');
include('admin/includes/database.class.php');
include('admin/includes/functions.php');

$db = new Database($db_host, $db_username, $db_password, $db_database, $db_table_prefix);
$db -> connect();

if($_SESSION['loggedin'] == TRUE) { //loggedin already
header("Location: members.php");

}else{

if(isset($_POST['submitLogin'])) {

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

$select_user = mysql_query("SELECT COUNT(id) AS amount FROM users WHERE username = '$username' AND password = '$password' ");
$user = mysql_fetch_assoc($select_user);
$amount_found = (int)$user['amount']; 

$flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' ");
$flag = mysql_fetch_assoc($flag_lookup);


if($amount_found > 0) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['username'] = $username;
$_SESSION['auth_lvl'] = $flag;

header("Location: members.php");

}else{
echo "Invalid login! Click <a href='index.php'>here</a> to try again.";
}

}else{

//show login form
?>

<form method="POST" action="index.php">
<b>Username:</b> <br /> <input type="text" name="username"> <p>
<b>Password:</b> <br /> <input type="password" name="password"> <p>
<input type="submit" name="submitLogin" value="Login!">
</form>

<?php

}

}
?>

 

Any help would be appreciated it, I'm pretty stumped

Link to comment
https://forums.phpfreaks.com/topic/267768-setting-a-session-variable/
Share on other sites

I think the problem is here

 

$flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' ");
$flag = mysql_fetch_assoc($flag_lookup);


if($amount_found > 0) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['username'] = $username;
$_SESSION['auth_lvl'] = $flag;

 

It doesn't want to set auth_lvl to the value in the database, when I do an echo it shows as "array"

 

I get this, which is correct.

 

Array ( [username] => dloder [flag] => 2 ) Array ( [username] => site [flag] => 1 ) 

 

But when I just put the print_r($flag); I get this

 

dloder 1 

 

The code I'm using on my first members page is this, which gets me the 2nd example

 

if($_SESSION['loggedin'] == TRUE) { //loggedin already

echo "Welcome back, ".htmlspecialchars($_SESSION['username']);
echo print_r($flag) ;

}else{ //not logged in yet

header("Location: index.php");

}

 

Going back to the original code you posted:

 

$select_user = mysql_query("SELECT COUNT(id) AS amount FROM users WHERE username = '$username' AND password = '$password' ");
$user = mysql_fetch_assoc($select_user);
$amount_found = (int)$user['amount']; 

$flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' ");
$flag = mysql_fetch_assoc($flag_lookup);

 

$flag will be an associative array. $flag['flag'] should get you the flag's value.

 

However, you really should not query the same table twice in a row like that. You could do that with:

 

$sql = "SELECT username, flag FROM users WHERE username = '$username' AND password = '$password'";
$res = mysql_query($sql);
if (! $res) {
  // The query failed, handle it -- in Development you can:
  trigger_error(sprintf('User Query Failed: %s<BR>%s', $sql, mysql_error()), E_USER_ERROR);
  exit;
} else {
  if (mysql_num_rows($res) == 1) {
    $row = mysql_fetch_assoc($res);
    $_SESSION['loggedin'] = TRUE;
    $_SESSION['username'] = $username;
    $_SESSION['auth_lvl'] = $row['flag'];

Looks like everything is working properly, it print_r is showing 1 but the access levels are working since I changed the code to

 

However, you really should not query the same table twice in a row like that. You could do that with:

 

PHP: [select]

 

$sql = "SELECT username, flag FROM users WHERE username = '$username' AND password = '$password'";

$res = mysql_query($sql);

if (! $res) {

  // The query failed, handle it -- in Development you can:

  trigger_error(sprintf('User Query Failed: %s<BR>%s', $sql, mysql_error()), E_USER_ERROR);

  exit;

} else {

  if (mysql_num_rows($res) == 1) {

    $row = mysql_fetch_assoc($res);

    $_SESSION['loggedin'] = TRUE;

    $_SESSION['username'] = $username;

    $_SESSION['auth_lvl'] = $row['flag'];

 

Thanks again for all the help on this one.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.