quick authorisation question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
barrowvian
Forum Commoner
Posts: 47
Joined: Tue Aug 19, 2008 3:49 pm

quick authorisation question

Post by barrowvian »

Should hopefully be fairly straight forward, so here goes;

This is my admin page -

Code: Select all

 
 
<?php
session_start();
 
require_once("connect.php");
 
// Check his status.
if (!empty($_SESSION[username]) && ($_SESSION['admin'] == 1) ) // session validated
 
{
 
}
else // bad info.
{
    header( "Location: http://localhost/dbmodule/login.php" );
}
?>
 
 
To be able to access the admin paid I want the user to be signed in, and to also have the value of 1 set in the mysql database. With the code Im currently using, it doesnt work. I know its only going to be a matter of changing 1 or 2 small things, but Im a bit stuck lol.
jbolitho
Forum Newbie
Posts: 4
Joined: Thu Dec 11, 2008 9:41 am

Re: quick authorisation question

Post by jbolitho »

you have no quotes around username???? Maybe?
barrowvian
Forum Commoner
Posts: 47
Joined: Tue Aug 19, 2008 3:49 pm

Re: quick authorisation question

Post by barrowvian »

Well spotted. I've changed it to have quotes around both elements, and have tried it without quotes. Neither work! :-(
barrowvian
Forum Commoner
Posts: 47
Joined: Tue Aug 19, 2008 3:49 pm

Re: quick authorisation question

Post by barrowvian »

The thing is - if I remove the part regarding the admin and just use it from username, it works. It's just something about the second part it doesnt like :-/
jbolitho
Forum Newbie
Posts: 4
Joined: Thu Dec 11, 2008 9:41 am

Re: quick authorisation question

Post by jbolitho »

What does your code look like where you set session admin?
barrowvian
Forum Commoner
Posts: 47
Joined: Tue Aug 19, 2008 3:49 pm

Re: quick authorisation question

Post by barrowvian »

Code: Select all

 
    if (!empty($row[admin]))
    {
        $_SESSION[admin] = $row[admin];
        exit();
    }
 
barrowvian
Forum Commoner
Posts: 47
Joined: Tue Aug 19, 2008 3:49 pm

Re: quick authorisation question

Post by barrowvian »

this is the entire section though;

Code: Select all

 
<?php
session_start();
// Check if he wants to login:
if (!empty($_POST[username]))
{
    require_once("connect.php");
 
    // Check if he has the right info.
    $query = mysql_query("SELECT * FROM members
                            WHERE username = '".$_POST['username']."'
                            AND password = '".md5($_POST['password'])."'")
    or header("location: http://localhost/dbmodule/login.php");
    
    $row = mysql_fetch_array($query)
    //this would display the error message, but the username and password fields would be removed - so decided against this method
    //or die ("Error - Couldn't login user.");
    or header("location: http://localhost/dbmodule/login.php");
    
    if (!empty($row[username])) // he got it.
    {
        $_SESSION[username] = $row[username];
        header("location: http://localhost/dbmodule/index.php");
        exit();
    }
    else // bad info.
    {
        header("location: http://localhost/dbmodule/login.php");
        exit();
    }
    
    if (!empty($row[admin]))
    {
        $_SESSION[admin] = $row[admin];
        exit();
    }
 
}
?>
 
jbolitho
Forum Newbie
Posts: 4
Joined: Thu Dec 11, 2008 9:41 am

Re: quick authorisation question

Post by jbolitho »

my guess is $session['admin'] is never actually getting set. Have your tried adding an echo in your if statement where admin is getting set to 1 to ensure the "if" is actually firing?
barrowvian
Forum Commoner
Posts: 47
Joined: Tue Aug 19, 2008 3:49 pm

Re: quick authorisation question

Post by barrowvian »

nevermind, sorted it out :D
Post Reply