$_SESSION['level'] = $row['userlevel']; not working

[blueman378]

hi guys, well i am trying to write a code for a user system

heres a snippet of the code to show the query and how im trying to set the session variables

 

$query  = "SELECT * FROM users WHERE username='$un' AND password='$pw'";
$result = mysql_query($query);
if (mysql_numrows($result) == 1) //if = 1 then username and password match, login sucessfull
{
$_SESSION['level'] = $row['userlevel'];
$_SESSION['active'] = $row['activated'];
$_SESSION['disable'] = $row['disabled'];

the thing is none of the sessions which are $row are gettibng set if i use

$_SESSION['name'] = $hello;

 

then it will get set, it jsut doesnt get set if i use this format any ideas?

 

btw i know that there is data in the database and that the query is working as if i echo mysql_numrows afterwards i get 1

 

 

any ideas?

 

cheers matt

[trq]

There is no such function as mysql_numrows(), its mysql_num_rows().

[blueman378]

it doesnt matter what one you use

"msql_numrows() - This function is an alias of msql_num_rows()."

so basically this jsut calls that

[trq]

But your not using msql_numrows() your using mysql_numrows, of which there is no such thing.

[blueman378]

opps didnt read that

well it owrks for what is needed anyways,

i got that part working but now the loggedin session is not working, here is the code:

<?php
session_start();
$_SESSION['error'] = "";
$_session['url'] = "http://localhost/index.php";
include("../database.php");
$action = $_REQUEST['action'];
$valid = "0";
if ($action == "checklogin") //if user trying to login
{
$un = $_REQUEST['username'];
$pw = md5($_REQUEST['password']);
if (isset($un)) {$valid = 1;}
else
{$_SESSION['error'] = "Username Field <b>cannot</b> be empty";
$valid = 0;
} 

//is the password empty?
if (isset($pw)) {$valid = 2;}
else
{$_SESSION['error'] = "Password Field <b>cannot</b> be empty";
$valid = 0;
}

if ($valid == "2") //username and password are set
{
$query  = "SELECT * FROM users WHERE username='$un' AND password='$pw'";
$result = mysql_query($query);
if (mysql_numrows($result) == 1) //if = 1 then username and password match, login sucessfull
{
while ($row = mysql_fetch_assoc($result)) {	
$_SESSION['level'] = $row['userlevel'];
$_SESSION['active'] = $row['activated'];
$_SESSION['disable'] = $row['disabled'];
$_SESSION['username'] = $un;
$valid = 3;
}
}
else
{$_SESSION['error'] = "Username/Password combination do not match"; //username and password do not match
$valid = 0;
}
}
if ($valid == "3") //check if account is activated
{
if ($_SESSION['active'] == "1") // account is activated
{$valid = 4;
}
else
{$_SESSION['error'] = "Your account has not been activated";}
$valid = 0;
}
if ($valid == "4") //check if account is disabled
{
if ($_SESSION['disable'] == "1") // account is not disabled
{$valid = "5";
}
else
{$_SESSION['error'] = "You are not logged in as your account has been disabled";}
$valid = 0;
}
if ($valid == "5") //account has passed all validation
{
$_SESSION['loggedin'] = "1";
}
echo"
<table>
<tr><td>Username</td><td>{$_SESSION['username']}</td></tr>
<tr><td>Userlevel</td><td>{$_SESSION['level']}</td></tr>
<tr><td>Activated</td><td>{$_SESSION['active']}</td></tr>
<tr><td>Disabled</td><td>{$_SESSION['disable']}</td></tr>
<tr><td>Error</td><td>{$_SESSION['error']}</td></tr>
<tr><td>Loggedin</td><td>{$_SESSION['loggedin']}</td></tr>
</table>";
}
elseif ($action == "logout")
{
session_destroy();
echo $a;
}

?>

 

and the output is:

Username admin

Userlevel   3

Activated 1

Disabled   0

Error

Loggedin

[trq]

Integers should not be surrounded by quotes, so (for example) this....

 

if ($valid == "2")

 

should be....

 

if ($valid == 2)

 

And your still using the non-existent mysql_numrows() function.

[PFMaBiSmAd]

An == comparison will match a 5 == "5" (just confirmed for my own peace of mind.)

 

mysql_numrows() does exist and is not the problem, but should not be used to insure the code does not stop at some point in the future if the alias name is ever removed -

 

Note: For downward compatibility, the following deprecated alias may be used: mysql_numrows()

 

Your code is not formatted/indented and is just about impossible to tell if it is logically correct. You need to play computer and go through it and make sure it has an execution path that causes $valid to have the correct value and the $_SESSION['loggedin'] = "1"; to be executed.

 

And in examining the code more closely, you have a $valid = 0; statement that is outside of any conditional {} clause so it is being unconditionally set to zero. If your code was properly formatted/indented you probably would not have made this error or it would have been easier to find.

[kenrbnsn]

Back to the problem, that wasn't solved ...

 

You're not fetching the row. You need to use the function mysql_fetch_assoc() to fetch the data after doing the query:

<?php
$query  = "SELECT * FROM users WHERE username='$un' AND password='$pw'";
$result = mysql_query($query);
if (mysql_numrows($result) == 1) //if = 1 then username and password match, login sucessfull
{
     $row = mysql_fetch_assoc($result);
     $_SESSION['level'] = $row['userlevel'];
     $_SESSION['active'] = $row['activated'];
     $_SESSION['disable'] = $row['disabled'];
}
?>

 

Ken

[PFMaBiSmAd]

His latest code, post #4, has that. Only post #1 did not.

[trq]

An == comparison will match a 5 == "5" (just confirmed for my own peace of mind.)

 

I'm aware it will work, still, just because it works does not meen its how it should be done.

 

mysql_numrows() does exist and is not the problem

 

If it does exist (can't check atm) its not documented anywhere in the manual that I can find.

[PFMaBiSmAd]

The mysql_numrows note is listed on the msyql_num_rows page and it turns out through searching for mysql_numrows that there is an Appendix that lists alias names - http://www.php.net/manual/en/aliases.php