Sessions selection certain parameters

[stublackett]

Hi,

 

I've got a login system now fully utilised and its protected etc, No problems

 

My next issue is selecting a "Userlevel" from the Database

 

But I'm not 100% sure where to define the userlevel etc in the Login Area and how to acually select it in the login_success page using an SQL Statement, I've managed to select the Username no problem But I dont know how to select the userlevel

 

My code is set like this :

login.php

<?php
session_start();

include ("dbconnect.php");

$message = $_GET['message'];

//LoginForm using HEREDOC
$loginform = <<<LOGINFORM
<div id="login">
<form method="post" action="" login=true">
    <fieldset>
      <div>
      <label for="username">User Name :</label>
      <input type="text" name="username" id="username" class="txt" />
    </div>
    <div>
      <label for="fullname">Password : </label>
      <input type="password" name="password" id="password" class="txt" />
    </div>
      </fieldset>
    <div>
      <input type="submit" name="Submit" id="Submit" value="Login" class="btn" />
    </div>  
    </fieldset>
  </form>
</div>
LOGINFORM;

// Connect to server and select databse.
mysql_connect($hostname, $db_user, $db_password)or die("cannot connect");
mysql_select_db($dbname)or die("cannot select DB");


if (isset($_POST['Submit'])) {
// username and password sent from signup form
   $username=stripslashes($_POST['username']);
   $password=stripslashes($_POST['password']);

   $sql="SELECT * FROM $db_table WHERE username='" . mysql_real_escape_string($username) . "' and password='" . mysql_real_escape_string($password) . "'";
   $result=mysql_query($sql);

// Mysql_num_row is counting table row
   $count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

   if($count==1){
//Register Username and Password
       $_SESSION['username'] = $username;
       $_SESSION['password'] = $password;
       [b]$_SESSION['userlevel'] = $userlevel;[/b]
       header("location:login_success.php"); //If login is correct direct to login_success.php
              exit(); // always use the exit after a header to prevent the rest of the script from executing
   } else {
         $errormessage = "Invalid Username or Password";
   }
}
?>

I've highlighted in there where the userlevel is defined if thats correct??

 

Next is the login_success.php Page

 

<?php 
session_start(); 
include ("dbconnect.php");

if(!isset($_SESSION[username])){ 
$message = <<<HTML
This page is for Registered users only <br />
Click Here to Register to the site, <br />
Or follow the link in the menu on the left

HTML;

}else{ 
//Protected Area sits below
$message = "Welcome to the Dragons Den <b>".$_SESSION["username"]; 

} 

//Check users' User level (1 = Dragon) (2 = Entrepeneur) (3 = Admin)
mysql_connect($hostname, $db_user, $db_password)or die("cannot connect");
mysql_select_db($dbname)or die("cannot select DB");
$sql="SELECT * FROM $db_table WHERE username='" . mysql_real_escape_string($_SESSION[username]) . "' and userlevel='" . mysql_real_escape_string($_SESSION[userlevel]) . "'";
		$result = mysql_query ($sql);
		$count=mysql_num_rows($result);
		$_SESSION['userlevel'] = $Row['userlevel'];
		echo $sql;
		      

?> 

 

Not quite sure how I define that correctly?

 

The echo of $sql is saying

SELECT * FROM users WHERE username='$username' and userlevel=''

 

But its not outputting the userlevel at all

[Gaia]

From taking a look, the following part in your log in form does not look correct at all:

 

     [b]$_SESSION['userlevel'] = $userlevel;[/b]

 

I am surprised your PHP file isn't throwing up an error.

 

Also, what is the User Level table called in your database, and, is there any content in it?

[stublackett]

Hah

 

The

b

Either side of that code was me attempting to highlight it, The code works fine as theres no bold codes or anything around it!

 

The table is called "users" and the column required is called "userlevel" which has data within it, Set as "1" or "2" depending on the User type and the Admin is going to be set as "3"