I have two types of users - guest and member - which are defined in a table called users, by a int called admin. A guest has an admin value of 0, while a member as an admin value of 1.
I have users login using a form on (index.php) which uses a pass-through page (login.php) that redirects them to their respective pages (guest.php or mem.php) and I have my user and password saved in the session. Below is (login.php), my pass-through page. I tried grabbing the value of the admin and saving it into the session, but when I use it to redirect, it doesn't allow me to get past the login.php page (refer to bottom of post where I am redirecting to guest.php). The value saved in the variable $adminrow, however, DOES work (refer to bottom of post where I am redirecting to mem.php). When trying to call $_SESSION["admin"] on other pages, this also seems to not work. Why is this so?
<?php
// Start session
session_start();
// Open database connection
include("includes/openDbConn.php");
//get the data from the form
$userID = $_POST["userID"];
$password = md5($_POST["password"]);
// Select firstName for identification purposes
$sql = "SELECT firstName FROM user WHERE userID='".$userID."' AND password = '".$password."'";
$result = mysql_query($sql);// Display results
$row = mysql_fetch_array($result);
if(empty($result)){
$num_results = 0;
}else{
$num_results = mysql_num_rows($result);
}
// Select admin status from database
$admin = "SELECT admin FROM user WHERE userID='".$userID."' AND password = '".$password."'";
$adminresult = mysql_query($admin);// Display results
$adminrow = mysql_fetch_array($adminresult);
//if firstName was recorded, then login is successful
if($num_results == 1)
{
// Set variables in session
$_SESSION["userID"] = $userID;
$_SESSION["password"] = $password;
$_SESSION["admin"] = $adminrow;
$_SESSION["errorMessage"] = "";
// Redirect based on administrative status
if ($adminrow["admin"] == 0){ // This works.
header ("Location: guest.php");
exit;}
else if ($_SESSION["admin"] == 1){ // This doesnt.
header ("Location: mem.php");
exit;}
}else{ [rest of the code goes here...]
I have users login using a form on (index.php) which uses a pass-through page (login.php) that redirects them to their respective pages (guest.php or mem.php) and I have my user and password saved in the session. Below is (login.php), my pass-through page. I tried grabbing the value of the admin and saving it into the session, but when I use it to redirect, it doesn't allow me to get past the login.php page (refer to bottom of post where I am redirecting to guest.php). The value saved in the variable $adminrow, however, DOES work (refer to bottom of post where I am redirecting to mem.php). When trying to call $_SESSION["admin"] on other pages, this also seems to not work. Why is this so?
<?php
// Start session
session_start();
// Open database connection
include("includes/openDbConn.php");
//get the data from the form
$userID = $_POST["userID"];
$password = md5($_POST["password"]);
// Select firstName for identification purposes
$sql = "SELECT firstName FROM user WHERE userID='".$userID."' AND password = '".$password."'";
$result = mysql_query($sql);// Display results
$row = mysql_fetch_array($result);
if(empty($result)){
$num_results = 0;
}else{
$num_results = mysql_num_rows($result);
}
// Select admin status from database
$admin = "SELECT admin FROM user WHERE userID='".$userID."' AND password = '".$password."'";
$adminresult = mysql_query($admin);// Display results
$adminrow = mysql_fetch_array($adminresult);
//if firstName was recorded, then login is successful
if($num_results == 1)
{
// Set variables in session
$_SESSION["userID"] = $userID;
$_SESSION["password"] = $password;
$_SESSION["admin"] = $adminrow;
$_SESSION["errorMessage"] = "";
// Redirect based on administrative status
if ($adminrow["admin"] == 0){ // This works.
header ("Location: guest.php");
exit;}
else if ($_SESSION["admin"] == 1){ // This doesnt.
header ("Location: mem.php");
exit;}
}else{ [rest of the code goes here...]