elite311 Posted August 29, 2012 Share Posted August 29, 2012 I'm hoping someone can help me with this, I have been reading and working on making my own login system and have it working so far. I am using sessions to store the login info and I would like to have some different access levels. In my user tables I have, username, password, flag. I am trying to set the flag to a session variable so that I can make some querys based on access levels. Right now I have the flag as a number 1 - 9 when I try to set the variable it just shows up as 'array' rather than the flag number. Basically I'm trying to use this so that I can create a query that will show data on a page if base on your "auth_lvl". Here's my code: <?php session_start(); //we're using sessions so this is required! include('admin/includes/config.php'); include('admin/includes/database.class.php'); include('admin/includes/functions.php'); $db = new Database($db_host, $db_username, $db_password, $db_database, $db_table_prefix); $db -> connect(); if($_SESSION['loggedin'] == TRUE) { //loggedin already header("Location: members.php"); }else{ if(isset($_POST['submitLogin'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $select_user = mysql_query("SELECT COUNT(id) AS amount FROM users WHERE username = '$username' AND password = '$password' "); $user = mysql_fetch_assoc($select_user); $amount_found = (int)$user['amount']; $flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' "); $flag = mysql_fetch_assoc($flag_lookup); if($amount_found > 0) { $_SESSION['loggedin'] = TRUE; $_SESSION['username'] = $username; $_SESSION['auth_lvl'] = $flag; header("Location: members.php"); }else{ echo "Invalid login! Click <a href='index.php'>here</a> to try again."; } }else{ //show login form ?> <form method="POST" action="index.php"> <b>Username:</b> <br /> <input type="text" name="username"> <p> <b>Password:</b> <br /> <input type="password" name="password"> <p> <input type="submit" name="submitLogin" value="Login!"> </form> <?php } } ?> Any help would be appreciated it, I'm pretty stumped Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Where's the problem in the code? Quote Link to comment Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 I think the problem is here $flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' "); $flag = mysql_fetch_assoc($flag_lookup); if($amount_found > 0) { $_SESSION['loggedin'] = TRUE; $_SESSION['username'] = $username; $_SESSION['auth_lvl'] = $flag; It doesn't want to set auth_lvl to the value in the database, when I do an echo it shows as "array" Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Because mysql_fetch_assoc returns an array. print_r($flag) and you'll see what it contains. Quote Link to comment Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 Thanks! didn't know that When I do the print_r($flag) I'm getting the value "1" for both users and one user should get "1" and the other "2" Am I doing something wrong? or should I be using a different query? Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Are you sure the data is correct in the database? And $username has the right value? Quote Link to comment Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 Yes when I log in as the users it's echoing the proper names, just not showing the proper auth_lvl Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 That doesn't answer the first question. Quote Link to comment Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 Sorry yes I double checked the data in the table and it is correct. Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Run this on a page: $flag_lookup = mysql_query("SELECT username, flag FROM users"); while($flag = mysql_fetch_assoc($flag_lookup)){ print_r($flag); } What do you get? Quote Link to comment Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 I get this, which is correct. Array ( [username] => dloder [flag] => 2 ) Array ( [username] => site [flag] => 1 ) But when I just put the print_r($flag); I get this dloder 1 The code I'm using on my first members page is this, which gets me the 2nd example if($_SESSION['loggedin'] == TRUE) { //loggedin already echo "Welcome back, ".htmlspecialchars($_SESSION['username']); echo print_r($flag) ; }else{ //not logged in yet header("Location: index.php"); } Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 29, 2012 Share Posted August 29, 2012 Must be something else within the code somewhere. Quote Link to comment Share on other sites More sharing options...
elite311 Posted August 29, 2012 Author Share Posted August 29, 2012 Ya I just haven't been able to find anything, it all looks correct to me.... I'll keep looking at it though. Thanks for trying. Quote Link to comment Share on other sites More sharing options...
DavidAM Posted August 29, 2012 Share Posted August 29, 2012 Going back to the original code you posted: $select_user = mysql_query("SELECT COUNT(id) AS amount FROM users WHERE username = '$username' AND password = '$password' "); $user = mysql_fetch_assoc($select_user); $amount_found = (int)$user['amount']; $flag_lookup = mysql_query("SELECT flag FROM users WHERE username = '$username' "); $flag = mysql_fetch_assoc($flag_lookup); $flag will be an associative array. $flag['flag'] should get you the flag's value. However, you really should not query the same table twice in a row like that. You could do that with: $sql = "SELECT username, flag FROM users WHERE username = '$username' AND password = '$password'"; $res = mysql_query($sql); if (! $res) { // The query failed, handle it -- in Development you can: trigger_error(sprintf('User Query Failed: %s<BR>%s', $sql, mysql_error()), E_USER_ERROR); exit; } else { if (mysql_num_rows($res) == 1) { $row = mysql_fetch_assoc($res); $_SESSION['loggedin'] = TRUE; $_SESSION['username'] = $username; $_SESSION['auth_lvl'] = $row['flag']; Quote Link to comment Share on other sites More sharing options...
elite311 Posted August 30, 2012 Author Share Posted August 30, 2012 Thanks for the help on this so far, i tried changing my code to what you provided as it makes more sense to use just 1 query however I'm still having the same issue. When I do the print_r($flag) it still shows 1 for both users Quote Link to comment Share on other sites More sharing options...
elite311 Posted August 30, 2012 Author Share Posted August 30, 2012 oops posted twice Quote Link to comment Share on other sites More sharing options...
elite311 Posted August 30, 2012 Author Share Posted August 30, 2012 Looks like everything is working properly, it print_r is showing 1 but the access levels are working since I changed the code to However, you really should not query the same table twice in a row like that. You could do that with: PHP: [select] $sql = "SELECT username, flag FROM users WHERE username = '$username' AND password = '$password'"; $res = mysql_query($sql); if (! $res) { // The query failed, handle it -- in Development you can: trigger_error(sprintf('User Query Failed: %s<BR>%s', $sql, mysql_error()), E_USER_ERROR); exit; } else { if (mysql_num_rows($res) == 1) { $row = mysql_fetch_assoc($res); $_SESSION['loggedin'] = TRUE; $_SESSION['username'] = $username; $_SESSION['auth_lvl'] = $row['flag']; Thanks again for all the help on this one. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.