Jump to content

Setting user levels when logging in with sessions


T1hom7as
Go to solution Solved by T1hom7as,

Recommended Posts

Hi, I have my login system working fine with sessions. Now I want to use access levels. So if user 1 with access level 1 logs in, he redirects to profile.php. If user 2 with access level 2 logs in, he redirects to main_stats.php. 

Here is what I have so far for my login.php, however it is not reading the $user_id nor the $access_id: 

http://codepad.viper-7.com/Ck0Tsr

Wondering if anyone can help?

Link to comment
Share on other sites

Here is an example which may help you but as gingerjm said there is not much we can do please post your code in this thread and list the errors you are getting

<?php

require 'connect.php';

session_start();

@error_reporting(E_ALL | E_NOTICE); //set to 0 when on a live server

@ini_set('display_errors', 1); //set to 0 when on a live server

if($_SERVER['REQUEST_METHOD'] == "POST") {

$username = $_POST['user'];
$password = $_POST['pass'];

$username = strip_tags($username);
$username = htmlentities($username, ENT_QUOTES);
$username = htmlspecialchars($username, ENT_QUOTES);

if(preg_match("#[^\w\b\s]#", $username)) {

echo "<h1><span style='color: #222; font-weight: bold; font-size: 38px; font-family: sans-serif;'>Username has been rejected.</h1>";

echo "<h3><u>Your requested username:</u> ".$username." </h3>";

echo "<h3><u>Why has my username been disallowed?</u></h3><br>";

echo "<li>Your username contains illeagal characters such as: !&*(#~{;$%^+=</li>";

die();
}

$password = hash('gost-crypto', $password);

$stmt = $handler->prepare("SELECT * FROM users WHERE BINARY username = BINARY '{$username}' AND BINARY password = BINARY '{$password}'");
$stmt->execute();

$row = $stmt->fetch(PDO::FETCH_ASSOC);

if($stmt->rowCount() > 0) {

if($row['rank'] > 0) {

$_SESSION['username'] = $username;
$_SESSION['loggedIn'] = 1;
$_SESSION['rank'] = 1;
$_SESSION['status'] = 1;

echo '<meta http-equiv="refresh" content="0;admin.php" />';

} else if($row['rank'] < 1) {

$_SESSION['username'] = $username;
$_SESSION['loggedIn'] = 1;
$_SESSION['rank'] = 0;
$_SESSION['status'] = 1;

echo '<br><br><br><br><br><br><br>';

echo '<center><img src="https://ers.snapuptickets.com/ers/images/loading-spiral.gif" width="100" /></center>';

echo '<center><br><h3><b>Loading. Please wait..</b></h3></center>';

echo '<meta http-equiv="refresh" content="3;user.php" />';

exit();

} else if($row['rank'] < 0) {

die("Error: Your account has been banned!");
}

} else {

die("

<h1>Username or Password incorrect.</h1> <br>

<u><b>Please note:</b></u>
<li>Usernames and passwords are case-sensitive!</li>

");

}

}

?>

 

Here is an example i coded a while back, not the best but should be ok for your question.

Edited by Tom10
Link to comment
Share on other sites

I'd remove the @ chars. Why would you EVER NOT want to know if those two statements failed for some strange reason?

 

There is some debate over the worth of the @ usage. I don't believe in it being used ever since hiding errors/notices is simply not the way to be a good programmer. If it's an error, handle it. If it's a notice, well, it is a notice and must be there for a reason so if you are aware of it, program around the reason for it.

  • Like 1
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.