Page 1 of 1
quick authorisation question
Posted: Thu Dec 11, 2008 10:13 am
by barrowvian
Should hopefully be fairly straight forward, so here goes;
This is my admin page -
Code: Select all
<?php
session_start();
require_once("connect.php");
// Check his status.
if (!empty($_SESSION[username]) && ($_SESSION['admin'] == 1) ) // session validated
{
}
else // bad info.
{
header( "Location: http://localhost/dbmodule/login.php" );
}
?>
To be able to access the admin paid I want the user to be signed in, and to also have the value of 1 set in the mysql database. With the code Im currently using, it doesnt work. I know its only going to be a matter of changing 1 or 2 small things, but Im a bit stuck lol.
Re: quick authorisation question
Posted: Thu Dec 11, 2008 10:19 am
by jbolitho
you have no quotes around username???? Maybe?
Re: quick authorisation question
Posted: Thu Dec 11, 2008 10:37 am
by barrowvian
Well spotted. I've changed it to have quotes around both elements, and have tried it without quotes. Neither work!

Re: quick authorisation question
Posted: Thu Dec 11, 2008 10:38 am
by barrowvian
The thing is - if I remove the part regarding the admin and just use it from username, it works. It's just something about the second part it doesnt like :-/
Re: quick authorisation question
Posted: Thu Dec 11, 2008 10:46 am
by jbolitho
What does your code look like where you set session admin?
Re: quick authorisation question
Posted: Thu Dec 11, 2008 1:14 pm
by barrowvian
Code: Select all
if (!empty($row[admin]))
{
$_SESSION[admin] = $row[admin];
exit();
}
Re: quick authorisation question
Posted: Thu Dec 11, 2008 1:19 pm
by barrowvian
this is the entire section though;
Code: Select all
<?php
session_start();
// Check if he wants to login:
if (!empty($_POST[username]))
{
require_once("connect.php");
// Check if he has the right info.
$query = mysql_query("SELECT * FROM members
WHERE username = '".$_POST['username']."'
AND password = '".md5($_POST['password'])."'")
or header("location: http://localhost/dbmodule/login.php");
$row = mysql_fetch_array($query)
//this would display the error message, but the username and password fields would be removed - so decided against this method
//or die ("Error - Couldn't login user.");
or header("location: http://localhost/dbmodule/login.php");
if (!empty($row[username])) // he got it.
{
$_SESSION[username] = $row[username];
header("location: http://localhost/dbmodule/index.php");
exit();
}
else // bad info.
{
header("location: http://localhost/dbmodule/login.php");
exit();
}
if (!empty($row[admin]))
{
$_SESSION[admin] = $row[admin];
exit();
}
}
?>
Re: quick authorisation question
Posted: Thu Dec 11, 2008 1:42 pm
by jbolitho
my guess is $session['admin'] is never actually getting set. Have your tried adding an echo in your if statement where admin is getting set to 1 to ensure the "if" is actually firing?
Re: quick authorisation question
Posted: Thu Dec 11, 2008 1:49 pm
by barrowvian
nevermind, sorted it out
