Page 1 of 1

quick authorisation question

Posted: Thu Dec 11, 2008 10:13 am
by barrowvian
Should hopefully be fairly straight forward, so here goes;

This is my admin page -

Code: Select all

 
 
<?php
session_start();
 
require_once("connect.php");
 
// Check his status.
if (!empty($_SESSION[username]) && ($_SESSION['admin'] == 1) ) // session validated
 
{
 
}
else // bad info.
{
    header( "Location: http://localhost/dbmodule/login.php" );
}
?>
 
 
To be able to access the admin paid I want the user to be signed in, and to also have the value of 1 set in the mysql database. With the code Im currently using, it doesnt work. I know its only going to be a matter of changing 1 or 2 small things, but Im a bit stuck lol.

Re: quick authorisation question

Posted: Thu Dec 11, 2008 10:19 am
by jbolitho
you have no quotes around username???? Maybe?

Re: quick authorisation question

Posted: Thu Dec 11, 2008 10:37 am
by barrowvian
Well spotted. I've changed it to have quotes around both elements, and have tried it without quotes. Neither work! :-(

Re: quick authorisation question

Posted: Thu Dec 11, 2008 10:38 am
by barrowvian
The thing is - if I remove the part regarding the admin and just use it from username, it works. It's just something about the second part it doesnt like :-/

Re: quick authorisation question

Posted: Thu Dec 11, 2008 10:46 am
by jbolitho
What does your code look like where you set session admin?

Re: quick authorisation question

Posted: Thu Dec 11, 2008 1:14 pm
by barrowvian

Code: Select all

 
    if (!empty($row[admin]))
    {
        $_SESSION[admin] = $row[admin];
        exit();
    }
 

Re: quick authorisation question

Posted: Thu Dec 11, 2008 1:19 pm
by barrowvian
this is the entire section though;

Code: Select all

 
<?php
session_start();
// Check if he wants to login:
if (!empty($_POST[username]))
{
    require_once("connect.php");
 
    // Check if he has the right info.
    $query = mysql_query("SELECT * FROM members
                            WHERE username = '".$_POST['username']."'
                            AND password = '".md5($_POST['password'])."'")
    or header("location: http://localhost/dbmodule/login.php");
    
    $row = mysql_fetch_array($query)
    //this would display the error message, but the username and password fields would be removed - so decided against this method
    //or die ("Error - Couldn't login user.");
    or header("location: http://localhost/dbmodule/login.php");
    
    if (!empty($row[username])) // he got it.
    {
        $_SESSION[username] = $row[username];
        header("location: http://localhost/dbmodule/index.php");
        exit();
    }
    else // bad info.
    {
        header("location: http://localhost/dbmodule/login.php");
        exit();
    }
    
    if (!empty($row[admin]))
    {
        $_SESSION[admin] = $row[admin];
        exit();
    }
 
}
?>
 

Re: quick authorisation question

Posted: Thu Dec 11, 2008 1:42 pm
by jbolitho
my guess is $session['admin'] is never actually getting set. Have your tried adding an echo in your if statement where admin is getting set to 1 to ensure the "if" is actually firing?

Re: quick authorisation question

Posted: Thu Dec 11, 2008 1:49 pm
by barrowvian
nevermind, sorted it out :D