Page 1 of 1

User Session Problem

Posted: Wed Nov 27, 2002 10:00 am
by DRTechie
I created a login script for my web page which passes the user access level using sessions.


Here's the authentication and session setting script.


quote:
--------------------------------------------------------------------------------

//if username and password has been entered
//connect to database and check values

mysql_connect("localhost", "root", "netops") or die ("could not connect");
mysql_select_db("system_outage")or die ("could not select");
$sql = "SELECT * FROM login WHERE username ='$username' AND password = '$password'";
$result = mysql_query($sql) or die ("could not execute query");

$num = mysql_numrows($result);

while ($row = mysql_fetch_array($result)){
$accesstype = $row['accesstype'];
}

//if verification is succcesful then register a user session and redirect to protected admin site
if ($num == 1){

session_start();
session_register("SESSION");
session_register("SESSION_USER");
session_register("SESSION_AUTH");
$SESSION_USER = $username;
$SESSION_TYPE = $accesstype;
$SESSION_AUTH = "yes";

--------------------------------------------------------------------------------



This is the script for the secured page which only users with an access level of 1 can enter. This is where I am having the problem. Whenever I try to login with an user of access level 1 I get the error message. I should only get the error message if the users access level is anything other than 1.

quote:
--------------------------------------------------------------------------------

<?

session_start();

if ($SESSION_TYPE != '1') {

echo "<br><br><font color = red><center><p>AUTHORIZATION FAILED!</p>";
echo "<p>You must log-in before accessing this page <a href=\"login.php\">Log In!</a></p></font>
</center>";
exit();
}

?>

DISPLAY HTML

--------------------------------------------------------------------------------



I can't see anything wrong with it myself but I've been looking at it so long I may be missing something really obvious. Any help would be greatly appreciate it.

Posted: Wed Nov 27, 2002 10:04 am
by mydimension
if you are using PHP >4.1 then you should go with this: $_SESSION['SESSION_TYPE']

Posted: Wed Nov 27, 2002 10:15 am
by BigE
Yes, you need to use $_SESSION most likely, if your using PHP 4.2.x then register_globals is now off by default which means you should use the superglobals. For more information read php.net/sessions and viewtopic.php?t=511 Hope that helps.

Posted: Wed Nov 27, 2002 10:36 am
by DRTechie
I a newbie at PHP so bear with me here.... so I am using $_SESSION['SESSION_TYPE'] when setting the session in my login page or is it in the page I am being redirected to?

Posted: Wed Nov 27, 2002 10:39 am
by mortadelle
May be you should define the vars before registering them ?

like :

$SESSION_USER = $username;
$SESSION_TYPE = $accesstype;
$SESSION_AUTH = "yes";
session_register("SESSION");
session_register("SESSION_USER");
session_register("SESSION_AUTH");

That's the way it works i think ... (?)

Posted: Wed Nov 27, 2002 10:45 am
by BigE
$_SESSION['SESSION_TYPE'] was an example. If you read the page in the manual that I posted in my post, you would understand that $_SESSION['var'] = 'blah'; is the same as doing $var = 'blah'; session_register($var); So now I tell you to go read the manual and try to understand it.

Posted: Wed Nov 27, 2002 10:46 am
by DRTechie
The order doesn't really matter. I can echo $SESSION_USER & $ SESSION_TYPE and get the values just fine.

Posted: Wed Nov 27, 2002 11:01 am
by DRTechie
Thanks BigE...a side note, some people can read the manual and understand everything. Then you get your newbies like me and the manual only serves as a further source of confusion.

Anyways the problem turned out to be that I wasn't registering "SESSION_TYPE". Thanks again.

Posted: Wed Nov 27, 2002 11:03 am
by BigE
I understand that, I was a newbie once also. I just encourage people to read as much as possible and explain what they don't understand as well as possible becaues it makes it easier on me to help and I always like helping when I know someone acually took the time to try and understand it.