T1hom7as 0 Posted April 10, 2015 Hi, I have my login system working fine with sessions. Now I want to use access levels. So if user 1 with access level 1 logs in, he redirects to profile.php. If user 2 with access level 2 logs in, he redirects to main_stats.php. Here is what I have so far for my login.php, however it is not reading the $user_id nor the $access_id: http://codepad.viper-7.com/Ck0Tsr Wondering if anyone can help? Quote Share this post Link to post Share on other sites
ginerjm 238 Posted April 10, 2015 Post your relevant code so we can see it. Quote Share this post Link to post Share on other sites
Tom10 0 Posted April 10, 2015 (edited) Here is an example which may help you but as gingerjm said there is not much we can do please post your code in this thread and list the errors you are getting <?php require 'connect.php'; session_start(); @error_reporting(E_ALL | E_NOTICE); //set to 0 when on a live server @ini_set('display_errors', 1); //set to 0 when on a live server if($_SERVER['REQUEST_METHOD'] == "POST") { $username = $_POST['user']; $password = $_POST['pass']; $username = strip_tags($username); $username = htmlentities($username, ENT_QUOTES); $username = htmlspecialchars($username, ENT_QUOTES); if(preg_match("#[^\w\b\s]#", $username)) { echo "<h1><span style='color: #222; font-weight: bold; font-size: 38px; font-family: sans-serif;'>Username has been rejected.</h1>"; echo "<h3><u>Your requested username:</u> ".$username." </h3>"; echo "<h3><u>Why has my username been disallowed?</u></h3><br>"; echo "<li>Your username contains illeagal characters such as: !&*(#~{;$%^+=</li>"; die(); } $password = hash('gost-crypto', $password); $stmt = $handler->prepare("SELECT * FROM users WHERE BINARY username = BINARY '{$username}' AND BINARY password = BINARY '{$password}'"); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); if($stmt->rowCount() > 0) { if($row['rank'] > 0) { $_SESSION['username'] = $username; $_SESSION['loggedIn'] = 1; $_SESSION['rank'] = 1; $_SESSION['status'] = 1; echo '<meta http-equiv="refresh" content="0;admin.php" />'; } else if($row['rank'] < 1) { $_SESSION['username'] = $username; $_SESSION['loggedIn'] = 1; $_SESSION['rank'] = 0; $_SESSION['status'] = 1; echo '<br><br><br><br><br><br><br>'; echo '<center><img src="https://ers.snapuptickets.com/ers/images/loading-spiral.gif" width="100" /></center>'; echo '<center><br><h3><b>Loading. Please wait..</b></h3></center>'; echo '<meta http-equiv="refresh" content="3;user.php" />'; exit(); } else if($row['rank'] < 0) { die("Error: Your account has been banned!"); } } else { die(" <h1>Username or Password incorrect.</h1> <br> <u><b>Please note:</b></u> <li>Usernames and passwords are case-sensitive!</li> "); } } ?> Here is an example i coded a while back, not the best but should be ok for your question. Edited April 10, 2015 by Tom10 Quote Share this post Link to post Share on other sites
ginerjm 238 Posted April 10, 2015 I'd remove the @ chars. Why would you EVER NOT want to know if those two statements failed for some strange reason? There is some debate over the worth of the @ usage. I don't believe in it being used ever since hiding errors/notices is simply not the way to be a good programmer. If it's an error, handle it. If it's a notice, well, it is a notice and must be there for a reason so if you are aware of it, program around the reason for it. 1 Quote Share this post Link to post Share on other sites
T1hom7as 0 Posted April 11, 2015 Sorry guys I managed to fix the issue, I wasn't calling the variables correctly. Quote Share this post Link to post Share on other sites
