PHP Login System

[nielcleo]

You need to use session_start on the login page also, it doesn't look like you are. Also, check your names:$_SESSION["user"] = array("login"=>true, "username"=> $myusername, "is_admin"=>true);if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){This isn't correct either:if($_SESSION['user']['logged_in']['is_admin'])It's just $_SESSION['user']['is_admin'].

its still not working sir.. here's the edited one sirchecklogin.php

<?php$host="localhost";$username="testdb";$password="123";$db_name="db_table";$tbl_name="members";mysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB");$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);$myusername = mysql_real_escape_string($myusername);$mypassword = mysql_real_escape_string($mypassword);$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);$count=mysql_num_rows($result);if($count==1){session_start();  $_SESSION["user"] = array("logged_in"=>true, "username"=> $myusername, "is_admin"=>true);   //you will need to determine the admin part by checking the result of   your query  header("location:admin.php");}else {echo "Wrong Username or Password";}?>

admin.php

<?session_start();if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){  //user has logged in authenticated, etc  //do admin check to show admin stuff if you need  if($_SESSION['user']['is_admin']){    echo "admin page";  };};?>

[justsomeguy]

Your first file has the long PHP tags and the second one has the short tag, use the long tag for both files.I'm also not a general, you don't need to call me "sir", I'm just some guy.

[nielcleo]

sorry for saying "sir" im showing my respect on you guys because of your status attained and the effort you give to us like me im only a kid starting learning in PHP..thanks a lot by helping me..the login system work fine.. but its only works for only admin logins i want to try putting permission between admin and a regular member. in this code it is possible sir?

[justsomeguy]

You need a field in the database that says whether or not they are an admin, and put that field in the session for is_admin.

[nielcleo]

You need a field in the database that says whether or not they are an admin, and put that field in the session for is_admin.

here's my new checklogin.php with userlevelchecklogin.php

  if($count==1){$_SESSION["user"] = array("logged_in"=>true, "username"=> $myusername, "is_admin"=>$userlevel);	header("location:admin.php");}

i got confused authenticating the login and determine if its admin or notcontrolpanel.php

<?phpsession_start();if(isset($_SESSION['user']) && $_SESSION['user']['logged_in']){  //user has logged in authenticated, etc  //do admin check to show admin stuff if you need  if($_SESSION['user']['is_admin=true']){	echo "ADMIN PAGE";  };else{ echo "MEMBER PAGE";};};?>

[birbal]

if($_SESSION['user']['is_admin=true'])

it should be

if($_SESSION['user']['is_admin']=true

[nielcleo]

it should be

if($_SESSION['user']['is_admin']=true

my value in userlevel is a true and false how about if i will change that in to a digit 1 - 0.. it is fine to do this ['is_admin']=1?

[birbal]

sorry for missleading you there i had some typo. It should be

if($_SESSION['user']['is_admin']==true

'== ' will compare it where single '=' will assign value.0 will evaluate false and 1 will evaluate true if you compare it against lossly '=='

[justsomeguy]

You can also just do this:if($_SESSION['user']['is_admin'])If you don't compare it with any value then it checks if that value evaluates to true or false. This page lists the values that are considered to be false:http://www.php.net/manual/en/language.types.boolean.phpMost of them make sense, but note that the empty string and the string "0" both evaluate to false, but the string "false" evaluates to true. If you have the string "false" you need to compare it against the same thing:if ($val === 'false')

[nielcleo]

You can also just do this:if($_SESSION['user']['is_admin'])If you don't compare it with any value then it checks if that value evaluates to true or false. This page lists the values that are considered to be false:http://www.php.net/manual/en/language.types.boolean.phpMost of them make sense, but note that the empty string and the string "0" both evaluate to false, but the string "false" evaluates to true. If you have the string "false" you need to compare it against the same thing:if ($val === 'false')

if im not mistaken i can do like this..if($_SESSION['user']['is_admin']) <-- this will be redirected to admin areaand if i will use only this if($_SESSION['user'])<-- it will be redirected to members area

[justsomeguy]

Things in the session don't get redirected, I'm not sure if you're just confusing the terminology. The session holds whether or not they are logged in, and whether or not they are an admin. The $_SESSION['user'] array holds both of those. You can check that whenever you want on any page to determine if they are logged in and whether or not they are an admin, and do whatever you want if those are or aren't true.

[thescientist]

if im not mistaken i can do like this..if($_SESSION['user']['is_admin']) <-- this will be redirected to admin areaand if i will use only this if($_SESSION['user'])<-- it will be redirected to members area

if statements only test for the truthiness of a statement, that is it. nothing will be done unless you put statements within the context of your if statements. and even then you could have it do something completely different than the intent of what the if statement was checking for. it would be pointless, but it's meant to demonstrate that you still have to define your own logic and flow. The if statement just gives you a hook into a condition so that you can do something with it.