/    Sign up×
Community /Pin to ProfileBookmark

session variables

Copy linkTweet thisAlerts:
Feb 26.2008

hi to everyone,
I am working on this project where I have to develop a system where the user is directed to specific areas of the website according to his role (admin – editor – publisher) and to the usergroup he belongs to (student – teacher – staff).
I have a table in the database where i store the username, password, user group and user role. When the user logs in I have the following logincheck.php where I validate the login form and register the 4 variables in a session.

[CODE]
<?php
include(“include/config.inc.php”);
$con=mysql_connect($dbServer,$dbUser,$dbPass)
or exit (“error connecting db”);

if(isset($_POST[“login”])){
//elements sent from registration form
$username=$_POST[“username”];
$password=md5($_POST[“password”]);

//check if username and password exist
$sql1=”SELECT * FROM users WHERE username=’$username’ AND password=’$password’ AND active=’1′”;
$res1=mysql_db_query($dbDatabase,$sql1);
$rows1=mysql_num_rows($res1);

$type=$res1[“user_type”];
$group=$res1[“user_group”];

if($rows1==1){

session_register(“username”);
session_register(“password”);
session_register(“type”);
session_register(“group”);
header(“location:login_success.php”);
}

else {
header(“location:login.php?status=1”);
}
}
?>
[/CODE]

the login_success.php is the following

[CODE]
<!–Check if session is not registered , redirect back to main page.
Put this code in first line of web page.–>
<?php
session_start();
if(!session_is_registered(“username”)){
header(“location:login.php”);
}
else
header(“location:index.php”);
?>
[/CODE]

when I am directed to index.php after a successful login how do I retrieve the variables I registered in the session?
What I want to do do is to check if a user is an teacher / student /staff and if he is an editor/author/admin to load different menus and links and content. So I guess there has to be some way to retrieve the user role and user group since I have stored it in the session. In he index page I do the following session_is_registered(“username”) but tha does not give u the value of username…

Any help is welcome.
Thnx in advance!
Yona

to post a comment
PHP

12 Comments(s)

Copy linkTweet thisAlerts:
@TheRaveFeb 26.2008 — [code=php]if ($_SESSION['group']=='student' {
//etc[/code]
Copy linkTweet thisAlerts:
@MrCoderFeb 26.2008 — [code=php]if ($_SESSION['group']=='student' {
//etc[/code][/QUOTE]

You may want to check if the session variable is valid first depending on your error logging level.
[code=php]
if(isset($_SESSION["group"]) && $_SESSION["group"] == "student")
{
// Do student stuff
}
[/code]
Copy linkTweet thisAlerts:
@yona_tauthorFeb 26.2008 — Unfortunately I cant make it work... I tried simply to echo the $_SESSION variables at the login check form but no result occured....

I did the following:
[CODE]
<?php
include("include/config.inc.php");
$con=mysql_connect($dbServer,$dbUser,$dbPass)
or exit ("error connecting db");

if(isset($_POST["login"])){
//elements sent from registration form
$username=$_POST["username"];
$password=md5($_POST["password"]);

//check if username and password exist
$sql1="SELECT * FROM users WHERE username='$username' AND password='$password' AND active='1'";
$res1=mysql_db_query($dbDatabase,$sql1);
$rows1=mysql_num_rows($res1);

$type=$res1["user_type"];
$group=$res1["user_group"];

if($rows1==1){

session_register("username");
session_register("password");
session_register("type");
session_register("group");
//header("location:login_success.php");
echo $_SESSION['group'];
}

else {
header("location:login.php?status=1");
}
}
?>
[/CODE]

any idea what might be wrong???
Copy linkTweet thisAlerts:
@TheRaveFeb 26.2008 — $group definetely ends up containing something?
Copy linkTweet thisAlerts:
@MrCoderFeb 26.2008 — Where is your session_start()?

Use the following to debug..
[code=php]
echo "<pre>".var_export($_SESSION, true)."</pre>";
[/code]

P.S. Your mysql query is open to injection, read up on mysql_real_escape_string() usage.
Copy linkTweet thisAlerts:
@MrCoderFeb 26.2008 — [code=php]
<?php
session_start();

$_SESSION["MyVar"] = "MyValue";

echo $_SESSION["MyVar"];
?>
[/code]
Copy linkTweet thisAlerts:
@chazzyFeb 26.2008 — don't you need a mysql_fetch_array/mysql_fetch_assoc in there somewhere?
Copy linkTweet thisAlerts:
@MrCoderFeb 26.2008 — Thats a good point lol!
Copy linkTweet thisAlerts:
@yona_tauthorFeb 26.2008 — you were right the problem was the mysql_fetch_array
Copy linkTweet thisAlerts:
@chazzyFeb 26.2008 — whew, i'm glad I still know PHP a bit.
Copy linkTweet thisAlerts:
@TheRaveFeb 26.2008 — See $group was empty. ^^

But tbh I didn't see the missing fetch.
Copy linkTweet thisAlerts:
@TheRaveFeb 26.2008 — As MrCoder said you def need to secure your query as at the moment anyone with basic know-how of SQL injection could get in.
×

Success!

Help @yona_t spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.5,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...