$_SESSION help "Resolved"

I have several pages which I need securing.

I have a login in form which reads the username and password from a database and sets

$_SESSION['user'] = $row['username'];

This seems to be working fine

Now where it starts to go wrong is when I call the access levels set numerically

if($row['level']== 2) { echo "Do something and administrator can see"; } else { echo "Do something a guest user can see"; }

Sometimes the guest user can see what the admin is supposed to see and sometimes the admin can only see what the guest user is supposed to see.

I have an include at the start of each page with

if (!isset($_SESSION['user'])) {

and i am logging out each user with

if (!isset($_SESSION['user'])) {

echo "<script>self.location="login.php";</script>"; 

Does anyone know where I am going wrong.

Try debugging (as per the link in my signature) and using echo statements to make sure your session is loaded correctly and that the variables contain the assumed values.

I have that is what I am trying to say, I have the following

$user = $_SESSION['user'];
$gt_usr="SELECT * FROM users WHERE uname = '$user' ";
$quryusr = mysql_query($gt_usr, $db_con) or die(mysql_error()); 
$row_usr = mysql_fetch_assoc($quryresults);
$totalRows_usr = mysql_num_rows($quryresults);

<h1>Welcome <? echo $_SESSION['user']; ?></h1>
<p>Your access level is <? if($row_usr['level']!= 1) { echo "an Administrator"; } else { echo "Guest User"; } ?></p>

Sometimes it says one thing and another time it will say something completely the opposite.

Harted it, had the connection setting wrong

Sponsor our Newsletter | Privacy Policy | Terms of Service