Log In With A Role Value

[elexion]

I have a log in function on my website and it's currently working fine but i want to expand to giving curtain people more functions then others so i decided to give them a role. I'm not getting the values from that colum out of the database mainly because that line hasnt been written yet and i've tried a lot but it never gave result

<?phpsession_start ();?><!DOCTYPE htmlpublic "-//W3C//DTD XHTML 1.0 strict //EN""http://www.w3.org/TR/xhtmll/DTD/xhtmll-strict.dtd"><html><head><title> sending you back... </title></head><body><?phpinclude ("connect.php");$password= ($_POST["password"]);$query = "SELECT * from usersWHERE username = '{$_POST['username']}'AND password = '".$password."'";$result = mysql_query($query, $db) or die('the query failed');if (mysql_num_rows($result) > 0){$rij = mysql_fetch_array($result);echo $rij['usersname'];echo $rij['role'];$_SESSION['usersname']= "'{$_POST['usersname']}'";$_SESSION['role']= "'{$_POST['role']}'";header("location: index.php");}else{?><script LANGUAGE="Javascript"><!--alert("the usersname or password is wrong " + '\n' + " you'll be redirected back to give it another go");//--></SCRIPT><meta http-equiv="Refresh" content="2;url= logInForm.php" /><?php }?></body></html>

[chibineku]

If you're going to use a header redirect, you need to explicitly call session_write_close() after writing to the session. I don't know if that's your problem but it is a problem.

[elexion]

well that's a start thanks for your input.this is what ive been trying to work with but not sure if i'm on the right track

$query = "SELECT * from usersWHERE usersname = '{$_POST['usersname']}'AND password = '".$password."' AND role = '".$_POST['role']."'";

ends up with a undefined index problem

[Ingolme]

well that's a start thanks for your input.this is what ive been trying to work with but not sure if i'm on the right track

$query = "SELECT * from usersWHERE usersname = '{$_POST['usersname']}'AND password = '".$password."' AND role = '".$_POST['role']."'";

ends up with a undefined index problem

Most likely because you're looking for $_POST['username'] and your code says $_POST['userSname']

[elexion]

Most likely because you're looking for $_POST['username'] and your code says $_POST['userSname']

Sorry that's just a simple typo from translation

[Ingolme]

One thing is for sure: You have to test all your input variables before using them. Otherwise, PHP will keep giving notices that variables are undefined.

// Check to see if the variables exist$username = isset($_POST['username']) ? $_POST['username'] : "";$role = isset($_POST['role']) ? $_POST['role'] : "";// Generate the query$query = "SELECT * from usersWHERE usersname = '{$_POST['username']}'AND password = '".$password."' AND role = '".$_POST['role']."'";

[elexion]

sadly the bug lives on

[Ingolme]

Are you printing out the query to see if it looks like it's supposed to?The solution I gave is supposed to prevent the undefined index problem.You haven't explained what isn't working.

[elexion]

Are you printing out the query to see if it looks like it's supposed to?The solution I gave is supposed to prevent the undefined index problem.You haven't explained what isn't working.

Right now it's preventing me from logging on acording to the error message the "usersname and/or password are wrong which means it's adding something to the data i fill in since the query isnt working properly, I want to use Role to decide what curtain people get to see. If i'm right i should be doing that on the navigation bar but that's for later to worry about. and thanks for your help by the way feel a bit awkward asking so much

[Ingolme]

It sounds like you're either giving the wrong information or the information doesn't exist in the database.The query isn't extracting any rows.

[elexion]

should there be any reference to the "role" colum in my form? no right heh so annoying i know i've written this script once but i lost it both digitaly and in memory.

[Ingolme]

If you're referring to $_POST['role'] in your script, you obviously need a "role" input in your form.

[elexion]

though it's nothing something the user has to fill in himself. Does that mean i should make it a hidden field? the roles are inserted manually in into the database.

[Ingolme]

though it's nothing something the user has to fill in himself. Does that mean i should make it a hidden field? the roles are inserted manually in into the database.

Then you probably shouldn't be putting the role in your MySQL query. Just look for the username and password, extract the user information from the database and use the role after that.

[elexion]

Then you probably shouldn't be putting the role in your MySQL query. Just look for the username and password, extract the user information from the database and use the role after that.

Alright so my query like this is fine? then all i need to do is get the value from the database and display it on the menu bar(mainly for testing now) i've written this small line of code but the outcome is blank.

<?phpinclude("connect.php");$usersname = (isset($_SESSION['username'])) ? $_SESSION['username'] : "";$role = (isset($_SESSION['role'])) ? $_SESSION['role'] : "";if ($usersname != ""){	echo(" logged in as: $usersname");?><br /><?php	echo(" your role is: $role");?><br /><br ><?php	?>

[Synook]

You need to call session_start() before you can use the $_SESSION superglobal.As a note, you don't actually need parenthesis surrounding the argument for echo - it's a language construct, not a function.

[elexion]

You need to call session_start() before you can use the $_SESSION superglobal.As a note, you don't actually need parenthesis surrounding the argument for echo - it's a language construct, not a function.

this is my navigation bar in whch i want to display the role value

<?php session_start(); ?><html><head></head><body><div class='menu' ><ul><?phpinclude("connect.php");$usersname = (isset($_SESSION['username'])) ? $_SESSION['username'] : "";$role = (isset($_SESSION['role'])) ? $_SESSION['role'] : "";if ($usersname != ""){	echo " logged in as: $usersname";?><br /><?php	echo " you are a: $role";?><br /><br ><?php	?>

that's more like it right? however the output now apears as: you are a: blank space which means it still doesnt get a value.any ideas?

[Synook]

Try calling print_r($_SESSION) to see what really is in the session.

[elexion]

Try calling print_r($_SESSION) to see what really is in the session.

when i print that i get the following "Array ( [usersname] => 'admin' )" So the array is goodjust not sure what the rest of the code after gives me.

[Synook]

Ah, well, you've spelled usersname wrong:

$usersname = (isset($_SESSION['username'])) ? $_SESSION['username'] : "";

And there's no role value in your session, as revealed by the print_r().

[elexion]

Ah, well, you've spelled usersname wrong:

$usersname = (isset($_SESSION['username'])) ? $_SESSION['username'] : "";

And there's no role value in your session, as revealed by the print_r().

the usersname thing is a minor translation typo nothing to worry about the question is why isnt the role value in my session?

[Synook]

Well, maybe you aren't assigning anything to it - check your code where you retrieve the value from the database.

[elexion]

<?phpsession_start();?><!DOCTYPE htmlpublic "-//W3C//DTD XHTML 1.0 strict //EN""http://www.w3.org/TR/xhtmll/DTD/xhtmll-strict.dtd"><html><head><title> sending you back... </title></head><body><?phpinclude ("connect.php");$password = ($_POST["password"]);$query = "SELECT * from tableWHERE username = '{$_POST['username']}'AND password = '".$password."'";$result = mysql_query($query, $db) or die('the query failed');if (mysql_num_rows($result) > 0){$rij = mysql_fetch_array($result, $query);echo $rij['username'];$_SESSION['username']= "'{$_POST['username']}'";session_write_close();header("location: index.php");}else{?><script LANGUAGE="Javascript"><!--alert("error message " + '\n' + " sending back to form");//--></SCRIPT><meta http-equiv="Refresh" content="2;url= logInForm.php" /><?php }?></body></html>

clueless right now i've pretty much tried everything i know myself

[Ingolme]

<?phpsession_start();?><!DOCTYPE htmlpublic "-//W3C//DTD XHTML 1.0 strict //EN""http://www.w3.org/TR/xhtmll/DTD/xhtmll-strict.dtd"><html><head><title> sending you back... </title></head><body><?phpinclude ("connect.php");$password = ($_POST["password"]);$query = "SELECT * from tableWHERE username = '{$_POST['username']}'AND password = '".$password."'";$result = mysql_query($query, $db) or die('the query failed');if (mysql_num_rows($result) > 0){$rij = mysql_fetch_array($result, $query);echo $rij['username'];$_SESSION['username']= "'{$_POST['username']}'";session_write_close();header("location: index.php");}else{?><script LANGUAGE="Javascript"><!--alert("error message " + '\n' + " sending back to form");//--></SCRIPT><meta http-equiv="Refresh" content="2;url= logInForm.php" /><?php }?></body></html>

clueless right now i've pretty much tried everything i know myself

Where is the $_SESSION['role'] = [something] line?You're not setting $_SESSION['role'] anywhere. You're supposed to extract the role from the database once the user has been logged in and then assign it to the 'role' session variable.A little logic: If you didn't set it, it won't be there.

[elexion]

Where is the $_SESSION['role'] = [something] line?You're not setting $_SESSION['role'] anywhere. You're supposed to extract the role from the database once the user has been logged in and then assign it to the 'role' session variable.A little logic: If you didn't set it, it won't be there.

$rij = mysql_fetch_array($result, $query);echo $rij['username'];$_SESSION['username']= "'{$_POST['username']}'";$_SESSION['role'] = "'{$_POST['role']}'";session_write_close();header("location: index.php");

that does give me a better output on the whole picture yes;Array ( [username] => 'admin' [role] => '' ) but when i add another AND to my query to get the role value out of the database i get a error while logging in.