Page 1 of 1

login script with rights

Posted: Sat Dec 13, 2008 5:25 am
by dourvas
hallo

i ve implemented a login script that works fine. then i realized that i want 2 kind of users to login in my page. the one kind should have access to some pages and the othe kind to other pages.

so, i changed my database. i added another field called class that takes only the values "1" and "2"
in my login script, after succesful login i put the class value in a session:
[if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
session_register("authenticated");
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
$_SESSION['SESS_CLASS'] = $member['class'];**************
session_write_close();
header("location: index.php");]

the i redirect the code to my index page. now the user is logged in. the $_SESSION['SESS_CLASS'] has its value (1 or 2)

then the user follows an inner site link to visit the teacher.php page. in the begining i check what kind of user he is in order to let him in or not
[
<?php
session_start();
if(!session_is_registered(authenticated)&& ($_SESSION['CLASS']=='1' )) {
////// access denied
else
show the page.
...]
it seems that it doesnt work. after some test i realized tha probably the $_SESSION['CLASS'] is empty.
with that code everyone can access the teacher page.
how can i keep the value of $_SESSION['CLASS'] when i use an inner link? is that posible?
are all my thoughts about implementing the task wright or i should do smtg else?

forgive my english

Re: login script with rights

Posted: Sat Dec 13, 2008 5:59 am
by cavemaneca
First, you used $_SESSION['SESS_CLASS'] when creating the session so you should probably use it when you check it, not $_SESSION['CLASS']

Also, use || not &&. With the latter, both have to be true to be blocked. If you use the first one, It will block the page if they aren't logged in, if they are in the wrong class, or both.
How you have it now, anyone not logged in will see the page, while those logged in as class 1 will see the block.

Re: login script with rights

Posted: Sat Dec 13, 2008 6:33 am
by dourvas
so stupid of me!!!!!
sorry me man for wasting your time. i had already seen the change && -> || but not the wrong name!!!
i ve been checking for 4 hours!!!!

thank u very much!!!!