Reputation: 17
$_Session['user'] not being recognised PHP
I would like a different message to appear depending on whether the user logged in is admin or not. I have two $_SESSION variables in my session.php that take me either to a member's page or an admin page depending on the username/password combination. That works fine, however when I am trying to display a different message for each session, only the first message is displayed, and I have tried heaps of variations of this code and searched online but I can't find an answer. Help!
<?php
include 'session.php';
include 'Header.php';
?>
<div id="main">
<?php
if(isset($_SESSION['login_admin'])){
echo "HELLO admin";
}
elseif(isset($_SESSION['login_user'])) {
echo "Hello";
}
?>
</div>
So my webpage is recognising 'login_admin' but when i login as 'login_user' it displays the admin message, not the user message.
EDIT: session_start() is in all of my pages.
Login Code:
<body>
<?php
include 'Header.php';
?>
<div id="main">
<div id="login">
<center>
<h2>Login</h2><br />
<form action = "session.php" method = "post" name="log">
<label>UserName :</label><input type = "text" name = "username" class = "box"/><br /><br />
<label>Password :</label><input type = "password" name = "password" class = "box" /><br/><br />
<input type = "submit" value = " Submit "/><br />
</form>
</center>
</div>
<br />
</div>
<?php
include 'footer.php';
?>
</body>
Session.php
<?php
session_start();
$con = mysqli_connect("localhost","root","", "movies");
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($con,$_POST['username']);
$mypassword = mysqli_real_escape_string($con,$_POST['password']);
$sql = "SELECT ID FROM login WHERE username = '$myusername' and password = '$mypassword'";
$result = mysqli_query($con,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$_SESSION['login_user'] = $myusername;
$_SESSION['login_admin'] = $myusername;
header("location: MembersPage.php");
}
if($_SESSION['login_admin'] == 'admin'){
$_SESSION['login_admin'] = $myusername;
header("location: admin.php");
}
else {
echo "Your Login Name or Password is invalid";
}
}
?>
Logout.php
<?php
session_start();
if(session_destroy()) {
header("Location: Login.php");
}
?>
Upvotes: 0
Views: 2508
Answers (2)
Reputation: 7294
You forget to use session_start();. Add this at the top of page.
I would suggest if you are checking session in each or most pages then add session_start on header.php (if you created). this will save you from such problmes
This is the problem
if($count == 1) {
$_SESSION['login_user'] = $myusername;
$_SESSION['login_admin'] = $myusername;
header("location: MembersPage.php");
}
you are setting login_admin,login_user every time either user login or admin so this $_SESSION['login_admin'] always has value show you are getting always welcome admin
Create a field in your table name user_role and place value for admin and user like
1 for admin
2 for user
at the time of login check this field value and if it is 1 then set only login_admin and if it is 2 then set only login_user like
$sql = "SELECT ID,user_role FROM login WHERE username = '$myusername' and password = '$mypassword'";
$result = mysqli_query($con,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
if($row['user_role'] == 1){
$_SESSION['login_admin'] = 'admin';
header("location: admin.php");
}
else{
$_SESSION['login_user'] = 'user';
header("location: MembersPage.php");
}
}
Upvotes: 1
Reputation: 8361
You forgot to call session_start(); Method which is required if you want to Start a New Session or If you want to resume existing session.
Upvotes: 0