Page 1 of 1

Session in login page problem.

Posted: Sun Feb 24, 2008 7:17 pm
by Kerotan
Im new to php, and im learning as i go along and ive decided to make a game with a login which ID's if a user is a admin or banned or what not.
Whilst doing this ive ran into a problem with using sessions to identify if the user is banned or is an admin..

The code ive got so far is this to make the sessions on the login page..

Code: Select all

$query="SELECT * FROM game_accounts";
$result=mysql_query($query);
 
$num=mysql_numrows($result);
        $i=0;
        while ($i < $num) {
 
        $UserID=mysql_result($result,$i,"UserID");
        $Admin=mysql_result($result,$i,"admin");
        $Banned=mysql_result($result,$i,"banned");
        
                $i++;
        }
 
$_SESSION['UserID'] = $UserID; // store session data
$_SESSION['IsAdmin'] = $Admin;
$_SESSION['IsBanned'] = $Banned;
 
//then redirect them to the members area
header("Location: overview.php");
On the overview page ive got a IF to check if hes banned or not, if he is he gets an error, if not the page loads.

Code: Select all

 
<?php
session_start();
 
    if ($_SESSION['IsBanned']=1){
echo ('<center><font color="red">Your account has been banned</font><br><a href="logout.php">Back</a></center>');
}
else {
}
and if hes not banned and is an admin it displays an extra link in the navigation..

Code: Select all

<link href="styles/style.css" rel="stylesheet" type="text/css" />
 
<center>
<a href="overview.php">Overview</a> - 
<a href="units.php">Units</a> - 
<a href="profile.php">Profile</a> - 
<?php
    if ($_SESSION['IsAdmin']=1){
    echo ('<a href="admin.php">Admin Panel</a> - ');
    echo ('<a href="logout.php">Logout</a>');
    }
    else{
    echo ('<a href="logout.php">Logout</a>');
    }
    
?>
 
</center>
This code doesn't work at all lol, but as i said, im new and im only playing around. Currently, when i try to log in with a user which is not banned i get the ban message even though i shouldnt :S
Most likley ive gone around it all the totally wrong way.
Anyway help will be appreciated ;)

Re: Session in login page problem.

Posted: Sun Feb 24, 2008 11:51 pm
by califdon
You're not all that far off, but to start with, every php script that either writes or reads session variables must have the line

Code: Select all

session_start();
before anything is done with session variables. Correct that and then come back with more questions.

Re: Session in login page problem.

Posted: Mon Feb 25, 2008 12:06 am
by Kerotan
Already have it, just havent posted the full code xP

Re: Session in login page problem.

Posted: Mon Feb 25, 2008 12:28 am
by califdon
OK. Well, your first script is going to read each record in the table and assign the 3 variables, which means that each record replaces the values that were in those variables before! So you will be left with the values that are in the last row of your results. That's what you are saving to session variables for the other scripts.

Let me suggest a simpler syntax to use, while I'm at it, although this doesn't address the above problem, except that I'll read the data into arrays.

Code: Select all

$query="SELECT * FROM game_accounts";
$result=mysql_query($query) or die(mysql_error());
$UserID = array;
$admin = array;
$banned = array;
$i=0;
while ($row=mysql_fetch_assoc($result)) {
    extract($row);
    $UserID[$i] = $UserID;
    $admin[$i] = $admin;
    $banned[$i] = $banned;
    $i++;
}
But that leaves you with the problem of what you want to save as session variables. You may need to think through the logic of what you want to happen. Why would you just use all the rows in the table?

Re: Session in login page problem.

Posted: Mon Feb 25, 2008 2:48 am
by Mordred

Code: Select all

if ($_SESSION['IsBanned']=1)
should be

Code: Select all

if ($_SESSION['IsBanned']==1)
(count the =)