PDA

View Full Version : help with $_SESSION



Bob42
01-06-2008, 05:37 AM
I need some helping getting my session to work. Basically, I have a login script where a user types in a username and password and logs into the site. In my database, I have a field called "status" and it shows whether the user who logged in is an Administrator or Moderator.
What I want is when the person logs in, on the next page that is displayed, I want certain data to be displayed only if a person is an Administrator, and not a moderator. I figured I can do this best with using $_SESSION, but I haven't had much success with it. Here's what I have so far:



<?php
session_start();
if(isset($_SESSION['status']) == Administrator)
{
echo "Hi!";
}
else {
echo "Bye!";
}
?>


So if the user who logged in is an admin, then "Hi!" should appear, if not then "Bye!" should appear.

Here's my authentication script for the login system:



$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

$sql = "SELECT * FROM admins WHERE username='$username' and password='$password'";
$result = mysql_query($sql);
$status = "SELECT status FROM admins WHERE username='$username'";

$count = mysql_num_rows($result);

if($count == 1){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['status'] = $status;
$_SESSION['db_logged_in'] = true;
header("location:login_success.php");
}
else {
echo "blah blah blah";
}


I need help getting this sorted out. My code works but it displays "Hi!" no matter what the status of the user is.

bhakti_thakkar
01-06-2008, 06:28 AM
just try doing this :

<?php
session_start();
if(isset($_SESSION['status']) && ($_SESSION['status'] == "Administrator"))
{
echo "Hi!";
}
else {
echo "Bye!";
}
?>

hope this works

Bob42
01-06-2008, 06:54 AM
Unfortunately, that is not working. I'm now receiving the "Bye!" message on a user that has a status of Administrator.

Inigoesdr
01-06-2008, 07:34 AM
var_dump($_SESSION['status']); on the page you're getting the Bye message.

Bob42
01-06-2008, 08:04 AM
May I ask where exactly I place the var_dump($_SESSION['status']); code in the Bye page?

Inigoesdr
01-06-2008, 08:15 AM
Anywhere after session_start() and before the if/else code above.

Bob42
01-06-2008, 08:26 AM
So something like this?



<?php
session_start();
var_dump($_SESSION['status']);
if(isset($_SESSION['status']) && ($_SESSION['status'] == "Administrator"))
{
echo "Hi!";
}
else {
echo "Bye!";
}

?>


Because all that is doing is displaying

string(50) "SELECT status FROM admins WHERE username='Fox'" Bye!

on the page, which I clearly don't want.

shaileshpatil
01-06-2008, 09:50 AM
Hey try this code.

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

$sql = "SELECT * FROM admins WHERE username='$username' and password='$password'";
$result = mysql_query($sql);
$rs = mysql_fetch_assoc($result);

$_SESSION['status'] = $rs['status'];




I need some helping getting my session to work. Basically, I have a login script where a user types in a username and password and logs into the site. In my database, I have a field called "status" and it shows whether the user who logged in is an Administrator or Moderator.
What I want is when the person logs in, on the next page that is displayed, I want certain data to be displayed only if a person is an Administrator, and not a moderator. I figured I can do this best with using $_SESSION, but I haven't had much success with it. Here's what I have so far:



<?php
session_start();
if(isset($_SESSION['status']) == Administrator)
{
echo "Hi!";
}
else {
echo "Bye!";
}
?>
So if the user who logged in is an admin, then "Hi!" should appear, if not then "Bye!" should appear.

Here's my authentication script for the login system:



$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);

$sql = "SELECT * FROM admins WHERE username='$username' and password='$password'";
$result = mysql_query($sql);
$status = "SELECT status FROM admins WHERE username='$username'";

$count = mysql_num_rows($result);

if($count == 1){
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['status'] = $status;
$_SESSION['db_logged_in'] = true;
header("location:login_success.php");
}
else {
echo "blah blah blah";
}
I need help getting this sorted out. My code works but it displays "Hi!" no matter what the status of the user is.