user auth. with levels

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
gam99
Forum Newbie
Posts: 3
Joined: Wed Feb 04, 2004 6:39 am

user auth. with levels

Post by gam99 »

I have been trying to set up a login system that directs a user to a specific page depending on their access level that is set in the database. I'm still new to PHP and the script I've been using keeps returning and error. I have set this up from a sample code I found, but I can't get it to work. If anyone can see whats wrong with this code, please help me. Or if you have any suggestion on how to achieve what I need I'd love to hear them.

The errors are:
Notice: Undefined index: auth_level in c:\inetpub\wwwroot\login\Login.php on line 34

Notice: Undefined index: auth_level in c:\inetpub\wwwroot\login\Login.php on line 37

Notice: Undefined index: auth_level in c:\inetpub\wwwroot\login\Login.php on line 40

The code I've been using is:

Code: Select all

<?php
//start sessions 
ob_start(); 
session_start(); 

//ie error checking 
header("Cache-control: private"); 

//connect to database 
mysql_connect("localhost","XXX","XXX"); 
mysql_select_db("XXX") or die("could not select db"); 

$username = "";

//extract user information from database 
if ($username && $password) 
{ 

// if the user has just tried to log in 
$query = "select * from users " . "where username='$username' " . " and passwd='$password' "; 
$result = mysql_query($query); 
$row = mysql_fetch_assoc($result); 

  if (mysql_num_rows($result) >0) 
  { 
    // if they are in the database register the user id 
    $_SESSION['valid_user'] = $row['username']; 
    $_SESSION['pass'] = $_POST['password']; 
    $_SESSION['auth_level'] = $row['auth_level']; 
     } 
} 

if ($_SESSION['auth_level']==1){ 
            header("Location: Menu1.php"); 
         } 
         else if($_SESSION['auth_level']==2){ 
          header("Location: Menu2.php"); 
         }
		 else if($_SESSION['auth_level']==3){ 
          header("Location: Menu3.php"); 
         }
?>
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

#1. How come you're query is so wierd? :P You can just use this:

Code: Select all

<?php
$query = "SELECT * FROM users WHERE username='$username' AND passwd='$password' "; 
?>
#2. Try echoing out $_SESSION['auth_level'] and $row['auth_level'] inside the loop that you set them in. If neither of them output a value then something is wrong, which is probably causing the Undefined Index error.

So:

Code: Select all

<?php
  if (mysql_num_rows($result) >0) 
  { 
    // if they are in the database register the user id 
    $_SESSION['valid_user'] = $row['username']; 
    $_SESSION['pass'] = $_POST['password']; 
    $_SESSION['auth_level'] = $row['auth_level'];
    echo $_SESSION['auth_level'] . "<br />";
    echo $row['auth_level']; 
     } 
?>
gam99
Forum Newbie
Posts: 3
Joined: Wed Feb 04, 2004 6:39 am

Post by gam99 »

You're right, there is no out put when I run the echo test. I don't know PHP very well. Do you have any idea what the error may be? Any help appreciated.
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

You are probably just spelling the field name incorrectly. If you have phpMyAdmin (and if not I suggest you get it) then go into the "users" table and check out what the field name is for "auth_level". It may be "auth_lvl" or "authlevel" or some other variation and you just spelled it wrong in you PHP code.

Then just change it to:

Code: Select all

<?php
$_SESSION['auth_level'] = $row['auth_level'];
//OR
$_SESSION['auth_level'] = $row['auth_lvl'];
//OR
$_SESSION['auth_level'] = $row['authlevel'];
?>
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

I'd switch register globals off if you can. Access $username & password from the appropriate superglobal (POST is preferred to GET in a form).

Setting $username = ""; isn't going to help...

Sticking this in at various points in a script can help to track down a problem:

Code: Select all

<?php
$location = __FILE__ . ' | line ' . __LINE__ . '<br />';
die('<b>Script halted at: </b><br />' . $location);
?>
Last edited by McGruff on Tue Aug 09, 2005 7:57 pm, edited 1 time in total.
gam99
Forum Newbie
Posts: 3
Joined: Wed Feb 04, 2004 6:39 am

Post by gam99 »

I have checked the names and table name definately auth_level. I can't see any errors here. I'm at a loss to the cause of the problem.
Post Reply