metalhead41 Posted February 17, 2008 Share Posted February 17, 2008 Hey Guys, I have a small problem I can't figure out. I have a login page, user enters username and password, which logs in fine and goes to another page. Users can have a couple of different account types e.g. admin, standard. If the user is an admin the next page will show certain extra bits that a standard user can't see. How do I get either the login page, or the next page to get the user level that is stored in a mysql database? Hope that makes sense. Quote Link to comment Share on other sites More sharing options...
trq Posted February 17, 2008 Share Posted February 17, 2008 You ought store the users level within the $_SESSION array upon login, then simply check against that. Quote Link to comment Share on other sites More sharing options...
metalhead41 Posted February 17, 2008 Author Share Posted February 17, 2008 This is my problem, I'm firing blanks in trying to store the user level in a session. I'm not sure how to call it to store it in a session... Quote Link to comment Share on other sites More sharing options...
trq Posted February 17, 2008 Share Posted February 17, 2008 Can we see your login code? Quote Link to comment Share on other sites More sharing options...
metalhead41 Posted February 17, 2008 Author Share Posted February 17, 2008 <?php session_start(); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { include 'library/config.php'; include 'library/opendb.php'; $userId = $_POST['txtUserId']; $password = $_POST['txtPassword']; $sql = "SELECT user_name FROM users WHERE user_name = '$userId' AND user_password = md5('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); $_SESSION['username'] = $_POST['txtUserId']; if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['db_is_logged_in'] = true; // after login we move to the main page header('Location: main.php'); exit; } else { $errorMessage = 'Sorry, wrong user id / password'; } include 'library/closedb.php'; } ?> Quote Link to comment Share on other sites More sharing options...
trq Posted February 17, 2008 Share Posted February 17, 2008 You might need to adjust the field name accordingly. <?php session_start(); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { include 'library/config.php'; include 'library/opendb.php'; $userId = $_POST['txtUserId']; $password = $_POST['txtPassword']; $sql = "SELECT user_name,level FROM users WHERE user_name = '$userId' AND user_password = md5('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); $_SESSION['username'] = $_POST['txtUserId']; if (mysql_num_rows($result) == 1) { $row = mysql_fetch_assoc($result); // the user id and password match, // set the session $_SESSION['level'] = $row['level']; $_SESSION['db_is_logged_in'] = true; // after login we move to the main page header('Location: main.php'); exit; } else { $errorMessage = 'Sorry, wrong user id / password'; } include 'library/closedb.php'; } ?> Quote Link to comment Share on other sites More sharing options...
metalhead41 Posted February 17, 2008 Author Share Posted February 17, 2008 Brilliant, just what I was after Thank you very much Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.