stublackett Posted February 15, 2008 Share Posted February 15, 2008 Hi, I've got a login system now fully utilised and its protected etc, No problems My next issue is selecting a "Userlevel" from the Database But I'm not 100% sure where to define the userlevel etc in the Login Area and how to acually select it in the login_success page using an SQL Statement, I've managed to select the Username no problem But I dont know how to select the userlevel My code is set like this : login.php <?php session_start(); include ("dbconnect.php"); $message = $_GET['message']; //LoginForm using HEREDOC $loginform = <<<LOGINFORM <div id="login"> <form method="post" action="" login=true"> <fieldset> <div> <label for="username">User Name :</label> <input type="text" name="username" id="username" class="txt" /> </div> <div> <label for="fullname">Password : </label> <input type="password" name="password" id="password" class="txt" /> </div> </fieldset> <div> <input type="submit" name="Submit" id="Submit" value="Login" class="btn" /> </div> </fieldset> </form> </div> LOGINFORM; // Connect to server and select databse. mysql_connect($hostname, $db_user, $db_password)or die("cannot connect"); mysql_select_db($dbname)or die("cannot select DB"); if (isset($_POST['Submit'])) { // username and password sent from signup form $username=stripslashes($_POST['username']); $password=stripslashes($_POST['password']); $sql="SELECT * FROM $db_table WHERE username='" . mysql_real_escape_string($username) . "' and password='" . mysql_real_escape_string($password) . "'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $username and $password, table row must be 1 row if($count==1){ //Register Username and Password $_SESSION['username'] = $username; $_SESSION['password'] = $password; [b]$_SESSION['userlevel'] = $userlevel;[/b] header("location:login_success.php"); //If login is correct direct to login_success.php exit(); // always use the exit after a header to prevent the rest of the script from executing } else { $errormessage = "Invalid Username or Password"; } } ?> I've highlighted in there where the userlevel is defined if thats correct?? Next is the login_success.php Page <?php session_start(); include ("dbconnect.php"); if(!isset($_SESSION[username])){ $message = <<<HTML This page is for Registered users only <br /> Click Here to Register to the site, <br /> Or follow the link in the menu on the left HTML; }else{ //Protected Area sits below $message = "Welcome to the Dragons Den <b>".$_SESSION["username"]; } //Check users' User level (1 = Dragon) (2 = Entrepeneur) (3 = Admin) mysql_connect($hostname, $db_user, $db_password)or die("cannot connect"); mysql_select_db($dbname)or die("cannot select DB"); $sql="SELECT * FROM $db_table WHERE username='" . mysql_real_escape_string($_SESSION[username]) . "' and userlevel='" . mysql_real_escape_string($_SESSION[userlevel]) . "'"; $result = mysql_query ($sql); $count=mysql_num_rows($result); $_SESSION['userlevel'] = $Row['userlevel']; echo $sql; ?> Not quite sure how I define that correctly? The echo of $sql is saying SELECT * FROM users WHERE username='$username' and userlevel='' But its not outputting the userlevel at all Quote Link to comment Share on other sites More sharing options...
Gaia Posted February 15, 2008 Share Posted February 15, 2008 From taking a look, the following part in your log in form does not look correct at all: [b]$_SESSION['userlevel'] = $userlevel;[/b] I am surprised your PHP file isn't throwing up an error. Also, what is the User Level table called in your database, and, is there any content in it? Quote Link to comment Share on other sites More sharing options...
stublackett Posted February 15, 2008 Author Share Posted February 15, 2008 Hah The b Either side of that code was me attempting to highlight it, The code works fine as theres no bold codes or anything around it! The table is called "users" and the column required is called "userlevel" which has data within it, Set as "1" or "2" depending on the User type and the Admin is going to be set as "3" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.