swith problem

182x · July 13, 2007

Hey guys,

I am using the code below in order to log a user in and then based on their accesss level theres user id is stored as a session variable. That variable is then is checked when their redirected page loads to ensure they can have access and its not just a user typing in the url.

However when i login as user two it can then access teh user 1 account by typing in the url.

I was just wondering what I have done wrong?

Thanks.


switch($user)
{

	case 1:

		$Id = "SELECT uId FROM u WHERE u = '$u' AND p= '$p";
		$qu= mysql_query($Id, $link);

		if (mysql_num_rows($qu) > 0 )
			{
				$st= mysql_fetch_assoc($qu);
				$_SESSION ["userId"] = $st["userId"];
				header("location:test.php");
				exit();
			}
			break;

	case 2: 

		$Id = "SELECT uId FROM u WHERE u = '$u' AND p = '$p'";
		$query = mysql_query($getId, $link);

		if (mysql_num_rows($query) > 0 )
			{
				$st2= mysql_fetch_assoc($qu);
				$_SESSION ["userId"] = $storeEmployee["userId"];
				header("location:test2.php");
				exit();
			}

	break;

trq · July 13, 2007

the problem is more than likely in the way you do the check... not in the code you've posted.

gerkintrigg · July 13, 2007

I'd suggest that you look at the login script itself. perhaps post that code... I wonder whether echoing the $user variable before you make the switch statement might be any use... then you can check that you got to this point with no problem...

MadTechie · July 13, 2007

add

var_dump($user);//<--this
switch($user)

it may give you a clue whats wrong!

Sign In

swith problem

Recommended Posts

182x

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

gerkintrigg

Link to comment

Share on other sites

MadTechie

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information