$_SESSION help "Resolved"

Beginners - Learning PHP
#1

I have several pages which I need securing.

I have a login in form which reads the username and password from a database and sets

$_SESSION['user'] = $row['username'];

This seems to be working fine

Now where it starts to go wrong is when I call the access levels set numerically
e.g

if($row['level']== 2) { echo "Do something and administrator can see"; } else { echo "Do something a guest user can see"; }

Sometimes the guest user can see what the admin is supposed to see and sometimes the admin can only see what the guest user is supposed to see.

I have an include at the start of each page with

if (!isset($_SESSION['user'])) {
  session_start();
}

and i am logging out each user with

if (!isset($_SESSION['user'])) {
  session_start();
}

unset($_SESSION['user']);
echo "<script>self.location="login.php";</script>";

Does anyone know where I am going wrong.

#2

Try debugging (as per the link in my signature) and using echo statements to make sure your session is loaded correctly and that the variables contain the assumed values.

#3

I have that is what I am trying to say, I have the following

$user = $_SESSION['user'];
$gt_usr="SELECT * FROM users WHERE uname = '$user' ";
$quryusr = mysql_query($gt_usr, $db_con) or die(mysql_error()); 
$row_usr = mysql_fetch_assoc($quryresults);
$totalRows_usr = mysql_num_rows($quryresults);


<h1>Welcome <? echo $_SESSION['user']; ?></h1>
<p>Your access level is <? if($row_usr['level']!= 1) { echo "an Administrator"; } else { echo "Guest User"; } ?></p>

Sometimes it says one thing and another time it will say something completely the opposite.

#4

Harted it, had the connection setting wrong

Sponsor our Newsletter | Privacy Policy | Terms of Service