Reputation: 23

PHP SESSION variables using $_SESSION

I'm trying to pass session variables using $_SESSION, so I can check if a user that is currently logged in has "admin" privileges, which is stored in my database table "login" as "login_privileges". If they have admin privileges they can access certain pages, if not they are just denied access, but not logged out. When a valid username and password is entered into the form I get a "Can't use function return value in write context" error. It must be an error with the SESSION, what is wrong?

<?php

require("dbconnectprojdev.php");
$con = mysql_connect($host, $username, $password);

$username = $_POST['username']; 
$password = $_POST['password']; 

$username = stripslashes($username); 
$password = stripslashes($password); 
$username = mysql_real_escape_string($username, $con); 
$password = mysql_real_escape_string($password, $con); 

$stmt=$dbh->prepare("SELECT * FROM login WHERE login_username = :username AND login_password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$count = $count + 1;
}

$privilege = $row['login_privileges'];

if($count==1){  

session_start();
$_SESSION('privilege') = $privilege;
$_SESSION('username') = $username; 
$_SESSION('password') = $password; 
header("location:logincorrect.php"); 

} else { 
echo "Invalid login details"; 
echo "<b></br><a href=default.php>Back to login</a>";
} 

?>

"dbconnectprojdev.php" looks like:

<?php
$host = "*****";
$database = "*****";
$username = "*****";
$password = "*****";

$dbh = new PDO("mysql:host=$host; dbname=$database; charset=utf8", $username , $password );
?>

Upvotes: 2