Jump to content

Setting user levels when logging in with sessions


T1hom7as

Recommended Posts

Hi, I have my login system working fine with sessions. Now I want to use access levels. So if user 1 with access level 1 logs in, he redirects to profile.php. If user 2 with access level 2 logs in, he redirects to main_stats.php. 

Here is what I have so far for my login.php, however it is not reading the $user_id nor the $access_id: 

http://codepad.viper-7.com/Ck0Tsr

Wondering if anyone can help?

Here is an example which may help you but as gingerjm said there is not much we can do please post your code in this thread and list the errors you are getting

<?php

require 'connect.php';

session_start();

@error_reporting(E_ALL | E_NOTICE); //set to 0 when on a live server

@ini_set('display_errors', 1); //set to 0 when on a live server

if($_SERVER['REQUEST_METHOD'] == "POST") {

$username = $_POST['user'];
$password = $_POST['pass'];

$username = strip_tags($username);
$username = htmlentities($username, ENT_QUOTES);
$username = htmlspecialchars($username, ENT_QUOTES);

if(preg_match("#[^\w\b\s]#", $username)) {

echo "<h1><span style='color: #222; font-weight: bold; font-size: 38px; font-family: sans-serif;'>Username has been rejected.</h1>";

echo "<h3><u>Your requested username:</u> ".$username." </h3>";

echo "<h3><u>Why has my username been disallowed?</u></h3><br>";

echo "<li>Your username contains illeagal characters such as: !&*(#~{;$%^+=</li>";

die();
}

$password = hash('gost-crypto', $password);

$stmt = $handler->prepare("SELECT * FROM users WHERE BINARY username = BINARY '{$username}' AND BINARY password = BINARY '{$password}'");
$stmt->execute();

$row = $stmt->fetch(PDO::FETCH_ASSOC);

if($stmt->rowCount() > 0) {

if($row['rank'] > 0) {

$_SESSION['username'] = $username;
$_SESSION['loggedIn'] = 1;
$_SESSION['rank'] = 1;
$_SESSION['status'] = 1;

echo '<meta http-equiv="refresh" content="0;admin.php" />';

} else if($row['rank'] < 1) {

$_SESSION['username'] = $username;
$_SESSION['loggedIn'] = 1;
$_SESSION['rank'] = 0;
$_SESSION['status'] = 1;

echo '<br><br><br><br><br><br><br>';

echo '<center><img src="https://ers.snapuptickets.com/ers/images/loading-spiral.gif" width="100" /></center>';

echo '<center><br><h3><b>Loading. Please wait..</b></h3></center>';

echo '<meta http-equiv="refresh" content="3;user.php" />';

exit();

} else if($row['rank'] < 0) {

die("Error: Your account has been banned!");
}

} else {

die("

<h1>Username or Password incorrect.</h1> <br>

<u><b>Please note:</b></u>
<li>Usernames and passwords are case-sensitive!</li>

");

}

}

?>

 

Here is an example i coded a while back, not the best but should be ok for your question.

I'd remove the @ chars. Why would you EVER NOT want to know if those two statements failed for some strange reason?

 

There is some debate over the worth of the @ usage. I don't believe in it being used ever since hiding errors/notices is simply not the way to be a good programmer. If it's an error, handle it. If it's a notice, well, it is a notice and must be there for a reason so if you are aware of it, program around the reason for it.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.