swith problem

[182x]

Hey guys,

 

I am using the code below in order to log a user in and then based on their accesss level theres user id is stored as a session variable. That variable is then is checked when their redirected page loads to ensure they can have access and its not just a user typing in the url.

 

However when i login as user two it can then access teh user 1 account by typing in the url.

 

I was just wondering what I have done wrong?

 

Thanks.

 

switch($user)
{

	case 1:

		$Id = "SELECT uId FROM u WHERE u = '$u' AND p= '$p";
		$qu= mysql_query($Id, $link);

		if (mysql_num_rows($qu) > 0 )
			{
				$st= mysql_fetch_assoc($qu);
				$_SESSION ["userId"] = $st["userId"];
				header("location:test.php");
				exit();
			}
			break;

	case 2: 

		$Id = "SELECT uId FROM u WHERE u = '$u' AND p = '$p'";
		$query = mysql_query($getId, $link);

		if (mysql_num_rows($query) > 0 )
			{
				$st2= mysql_fetch_assoc($qu);
				$_SESSION ["userId"] = $storeEmployee["userId"];
				header("location:test2.php");
				exit();
			}

	break;

 

 

[trq]

the problem is more than likely in the way you do the check... not in the code you've posted.

[gerkintrigg]

I'd suggest that you look at the login script itself. perhaps post that code... I wonder whether echoing the $user variable before you make the switch statement might be any use... then you can check that you got to this point with no problem...

[MadTechie]

add

var_dump($user);//<--this
switch($user)

 

it may give you a clue whats wrong!