login script with rights
Posted: Sat Dec 13, 2008 5:25 am
hallo
i ve implemented a login script that works fine. then i realized that i want 2 kind of users to login in my page. the one kind should have access to some pages and the othe kind to other pages.
so, i changed my database. i added another field called class that takes only the values "1" and "2"
in my login script, after succesful login i put the class value in a session:
[if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
session_register("authenticated");
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
$_SESSION['SESS_CLASS'] = $member['class'];**************
session_write_close();
header("location: index.php");]
the i redirect the code to my index page. now the user is logged in. the $_SESSION['SESS_CLASS'] has its value (1 or 2)
then the user follows an inner site link to visit the teacher.php page. in the begining i check what kind of user he is in order to let him in or not
[
<?php
session_start();
if(!session_is_registered(authenticated)&& ($_SESSION['CLASS']=='1' )) {
////// access denied
else
show the page.
...]
it seems that it doesnt work. after some test i realized tha probably the $_SESSION['CLASS'] is empty.
with that code everyone can access the teacher page.
how can i keep the value of $_SESSION['CLASS'] when i use an inner link? is that posible?
are all my thoughts about implementing the task wright or i should do smtg else?
forgive my english
i ve implemented a login script that works fine. then i realized that i want 2 kind of users to login in my page. the one kind should have access to some pages and the othe kind to other pages.
so, i changed my database. i added another field called class that takes only the values "1" and "2"
in my login script, after succesful login i put the class value in a session:
[if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
session_register("authenticated");
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
$_SESSION['SESS_CLASS'] = $member['class'];**************
session_write_close();
header("location: index.php");]
the i redirect the code to my index page. now the user is logged in. the $_SESSION['SESS_CLASS'] has its value (1 or 2)
then the user follows an inner site link to visit the teacher.php page. in the begining i check what kind of user he is in order to let him in or not
[
<?php
session_start();
if(!session_is_registered(authenticated)&& ($_SESSION['CLASS']=='1' )) {
////// access denied
else
show the page.
...]
it seems that it doesnt work. after some test i realized tha probably the $_SESSION['CLASS'] is empty.
with that code everyone can access the teacher page.
how can i keep the value of $_SESSION['CLASS'] when i use an inner link? is that posible?
are all my thoughts about implementing the task wright or i should do smtg else?
forgive my english