Jump to content

Setting a session variable


elite311

Recommended Posts

I'm hoping someone can help me with this, I have been reading and working on making my own login system and have it working so far. I am using sessions to store the login info and I would like to have some different access levels.

 

In my user tables I have, username, password, flag. I am trying to set the flag to a session variable so that I can make some querys based on access levels. Right now I have the flag as a number 1 - 9 when I try to set the variable it just shows up as 'array' rather than the flag number. Basically I'm trying to use this so that I can create a query that will show data on a page if base on your "auth_lvl". 

 

Here's my code:

<?php

session_start(); //we're using sessions so this is required!

include('admin/includes/config.php');
include('admin/includes/database.class.php');
include('admin/includes/functions.php');

$db = new Database($db_host, $db_username, $db_password, $db_database, $db_table_prefix);
$db -> connect();

if($_SESSION['loggedin'] == TRUE) { //loggedin already
header("Location: members.php");

}else{

if(isset($_POST['submitLogin'])) {

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

$select_user = mysql_query("SELECT COUNT(id) AS amount FROM users WHERE username = '$username' AND password = '$password' ");
$user = mysql_fetch_assoc($select_user);
$amount_found = (int)$user['amount']; 

$flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' ");
$flag = mysql_fetch_assoc($flag_lookup);


if($amount_found > 0) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['username'] = $username;
$_SESSION['auth_lvl'] = $flag;

header("Location: members.php");

}else{
echo "Invalid login! Click <a href='index.php'>here</a> to try again.";
}

}else{

//show login form
?>

<form method="POST" action="index.php">
<b>Username:</b> <br /> <input type="text" name="username"> <p>
<b>Password:</b> <br /> <input type="password" name="password"> <p>
<input type="submit" name="submitLogin" value="Login!">
</form>

<?php

}

}
?>

 

Any help would be appreciated it, I'm pretty stumped

Link to comment
Share on other sites

I think the problem is here

 

$flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' ");
$flag = mysql_fetch_assoc($flag_lookup);


if($amount_found > 0) {
$_SESSION['loggedin'] = TRUE;
$_SESSION['username'] = $username;
$_SESSION['auth_lvl'] = $flag;

 

It doesn't want to set auth_lvl to the value in the database, when I do an echo it shows as "array"

 

Link to comment
Share on other sites

I get this, which is correct.

 

Array ( [username] => dloder [flag] => 2 ) Array ( [username] => site [flag] => 1 ) 

 

But when I just put the print_r($flag); I get this

 

dloder 1 

 

The code I'm using on my first members page is this, which gets me the 2nd example

 

if($_SESSION['loggedin'] == TRUE) { //loggedin already

echo "Welcome back, ".htmlspecialchars($_SESSION['username']);
echo print_r($flag) ;

}else{ //not logged in yet

header("Location: index.php");

}

 

Link to comment
Share on other sites

Going back to the original code you posted:

 

$select_user = mysql_query("SELECT COUNT(id) AS amount FROM users WHERE username = '$username' AND password = '$password' ");
$user = mysql_fetch_assoc($select_user);
$amount_found = (int)$user['amount']; 

$flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' ");
$flag = mysql_fetch_assoc($flag_lookup);

 

$flag will be an associative array. $flag['flag'] should get you the flag's value.

 

However, you really should not query the same table twice in a row like that. You could do that with:

 

$sql = "SELECT username, flag FROM users WHERE username = '$username' AND password = '$password'";
$res = mysql_query($sql);
if (! $res) {
  // The query failed, handle it -- in Development you can:
  trigger_error(sprintf('User Query Failed: %s<BR>%s', $sql, mysql_error()), E_USER_ERROR);
  exit;
} else {
  if (mysql_num_rows($res) == 1) {
    $row = mysql_fetch_assoc($res);
    $_SESSION['loggedin'] = TRUE;
    $_SESSION['username'] = $username;
    $_SESSION['auth_lvl'] = $row['flag'];

Link to comment
Share on other sites

Looks like everything is working properly, it print_r is showing 1 but the access levels are working since I changed the code to

 

However, you really should not query the same table twice in a row like that. You could do that with:

 

PHP: [select]

 

$sql = "SELECT username, flag FROM users WHERE username = '$username' AND password = '$password'";

$res = mysql_query($sql);

if (! $res) {

  // The query failed, handle it -- in Development you can:

  trigger_error(sprintf('User Query Failed: %s<BR>%s', $sql, mysql_error()), E_USER_ERROR);

  exit;

} else {

  if (mysql_num_rows($res) == 1) {

    $row = mysql_fetch_assoc($res);

    $_SESSION['loggedin'] = TRUE;

    $_SESSION['username'] = $username;

    $_SESSION['auth_lvl'] = $row['flag'];

 

Thanks again for all the help on this one.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.