Hey everyone,

So I have another admin redirect problem. I have a file for user functions and login check/if exists..ect so the other redirect set of PHP paramaters won't work and all I want to do is redirect a user to access a page based on user_level. Whether the user_level is = 1 or = 0. I'm not sure what everyone needs needs to help me figure this out and to understand why it the way it needs to be but here it is:

if(!logged_in()){
    header('Location: index.php');
    exit();
}

if(!isset($_SESSION['user_level'])) {
  echo 'You are not allowed to access this page. Click <a href="index.php">here</a> to go back to the home page';
  exit();
}elseif(1 == (int)$_SESSION['user_level']){
  header('Location: create_album.php');
  exit;
}

I keep getting the message "You are not allowed to access this page..ect." and I get that respose for all users regardless of if the integer is 1 or 0 in the user_level field. Any Ideas? I've tried the var_dump SESSION and this is what I got as a result on the page "array
'user_id' => string '2' (length=1)"

Thanks for any help once again!

-Geneh23

Recommended Answers

All 35 Replies

your var_dump means, user_level is not set only user_id is set, so in your login page, you also need to set user_level in sesssion

how do I do that urtrivedi? Sorry I've been looking at this code for a while and it all seems jumbled now. I'll re-edit and add the login page script.

login.php

<?php
if(logged_in()){
$user_data = user_data('name');
}else{
?>
    <form action="" method="post">
        <p>
            Email: <input type="email" name="login_email" />
            Password: <input type="password" name="login_password" />
            <input type="submit" value="Log in" />
        </p>
    </form>

<?php
}

if(isset($_POST['login_email'], $_POST['login_password'])){
    $login_email = $_POST['login_email'];
    $login_password = $_POST['login_password'];

    $errors = array();

    if(empty($login_email) || empty($login_password)){
        $errors[] = 'Email and Password required';
    }else{
        $login = login_check($login_email, $login_password);

        if($login === false){
            $errors[] = 'Unable to log you in';
        }
    }

    if(!empty($errors)){
        foreach($errors as $error){
            echo $error, '<br />';
        }
    } else {
        $_SESSION['user_id'] = $login;
        header('Location: index.php');
        exit();
    }
}

?>

so I set my user_level..I think and now when I do the var_dump(); ..it outputs
"array
'user_id' => string '1' (length=1)
'user_level' => null"
what does this mean? that it doesn't exist?

 else {
        $_SESSION['user_id'] = $login;
        header('Location: index.php');
        exit();
    }

so you are setting user_id in session. But where are you setting user_level in session?

I don't think I did it right..how would I set user_level within that session user_id?

the same as you set the user_id.
$_SESSION['user_level']= $userlevel;
where in $userlevel, you already have to have the value of user level from the Database or set during the code.

@ Bukhari1986, I still get the same result when I do a var_dump.. "array
'user_id' => string '1' (length=1)
'user_level' => null" :/

after line 38 in your code, you have to set $_SESSION['user_level'] from database with query like

select user_level from usertable where useri_id='$login'

but isn't there something I have to do with the query line, like make it into a variable and then store it as something else before I can use it?

where is level stored in ur user table, send me login link and your mysql table sql script here

here is my user.func.php file with all my functions for users..

<?php

function logged_in(){
    return isset($_SESSION['user_id']);
}

function login_check($email, $password){
    $email = mysql_real_escape_string($email);
    $login_query = mysql_query("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `email`='$email' AND `password`='".md5($password)."'");
    return (mysql_result($login_query, 0) == 1) ? mysql_result($login_query, 0, 'user_id') : false;

}

function user_data(){

    $args = func_get_args();
    $fields = '`'.implode('`, `', $args).'`';

    $query = mysql_query("SELECT $fields FROM `users` WHERE user_id =".$_SESSION['user_id']) or die(mysql_error());
    $query_result = mysql_fetch_assoc($query);
    foreach($args as $field){
        $args[$field] = $query_result[$field];
    }
    return $args;
}

function user_register($email, $name, $password){
    $email = mysql_real_escape_string($email);
    $name = mysql_real_escape_string($name);
    mysql_query("INSERT INTO `users` VALUES ('', '$email', '$name', '".md5($password)."')");
    return mysql_insert_id();
}

function user_exists($email){
    $email = mysql_real_escape_string($email);
    $query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email'");
    return (mysql_result($query, 0) == 1) ? true : false;
}
?>

I also asked for table structure of user table, how is ur userleve stored?

I am adding 2 new lines after 38 in your login.php

 $_SESSION['user_id'] = $login;
 $retarr=user_data("user_level");
 $_SESSION['user_level']=$retarr['user_level'];

here is my table structure. Sorry I missed the part where you were asking that.

Table structure for table `users`
--

CREATE TABLE IF NOT EXISTS `users` (
  `user_id` int(11) NOT NULL AUTO_INCREMENT,
  `email` varchar(255) NOT NULL,
  `name` varchar(35) NOT NULL,
  `password` varchar(32) NOT NULL,
  `user_level` enum('0','1','2','3') NOT NULL DEFAULT '0',
  PRIMARY KEY (`user_id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

I am adding 2 new lines after 38 in your login.php

$_SESSION['user_id'] = $login;
 $retarr=user_data("user_level");
 $_SESSION['user_level']=$retarr['user_level'];

I am posting it again, Have you tried this.

@urtrivedi, yes, sorry I thought I had posted that I had put your two lines of code after line 38 and this is what it outputs:

Unknown column 'user_level' in 'field list'

nobody else can help?..

I am again adding 2 new lines after 38 in your login.php

$_SESSION['user_id'] = $login;


$query = mysql_query("SELECT user_level FROM `users` WHERE user_id =".$_SESSION['user_id']) or die(mysql_error());
    $query_result = mysql_fetch_assoc($query);


 $_SESSION['user_level']=$query_result['user_level'];

I'm still getting the message "Unknown column 'user_level' in 'field list'" after I add that bit of code. :/

you expecting us to solve everything for you. You can check that query syntax, see where is the problem, what is spelling of your user_level column

The point of posting in this forum is because one simply doesn't understand what is going on with what ever the issue may be. It doesn't mean that I'm just simply asking because I'm too lazy to find the anser myself..I wouldn't post these kinds of questions if I didn't at least try to search for a solution or try to figure it out myself for days. Therefore I'm asking for professional help. I ask questions because I don't understand and I'm trying to learn. I don't expect everyone to just "solve" everything for me. I'm learning but some of the questions may seem basic for the rest of you guys out there.

that is the spelling in the table script you posted. have you try to run that query in phpmyadmin?

yep, and it doesn't work for some reason, now correct me if I'm wrong, and sorry for the stupid question but do I add the session variable in the query? it would seem as though the database wouldn't recognize the session at the end of the query.

yes, I ran the query in phpmyadmin but of coarse I replaced the session with the actual value in the database and it ran fine.

send full script of pages you used to login and next page wher you wnat user_levle and also again send ddatbase script. and some sample data sql

Here is the login.php script

<?php
if(logged_in()){
$user_data = user_data('name');
}else{
?>
    <form action="" method="post">
        <p>
            Email: <input type="email" name="login_email" />
            Password: <input type="password" name="login_password" />
            <input type="submit" value="Log in" />
        </p>
    </form>

<?php
}

if(isset($_POST['login_email'], $_POST['login_password'])){
    $login_email = $_POST['login_email'];
    $login_password = $_POST['login_password'];

    $errors = array();

    if(empty($login_email) || empty($login_password)){
        $errors[] = 'Email and Password required';
    }else{
        $login = login_check($login_email, $login_password);

        if($login === false){
            $errors[] = 'Unable to log you in';
        }
    }

    if(!empty($errors)){
        foreach($errors as $error){
            echo $error, '<br />';
        }
    } else {
        $_SESSION['user_id'] = $login;
        $query = mysql_query("SELECT `user_level` FROM `users` WHERE `user_id` =".$_SESSION['user_id']) or die(mysql_error());
        $query_result = mysql_fetch_assoc($query);
        $_SESSION['user_level'] = $query_result['user_level'];
        header('Location: index.php');
        exit();
    }
}

?>

Here is the index.php (where I want the regular user to be redirected to)

<?php
include 'init.php';
include 'template/header.php';
?>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="Downloads/jquery.cycle.lite.1.0.min.js"></script>
<script type="text/javascript" src="Downloads/jquery.loadImages.1.0.1.min.js"></script>
<script type="text/javascript">
$(document).ready (funtion () (
  $.loadImages({'images/landing.png,
   'images/img4.png',
   'images/img3.png',
   'images/img2.png',
   'images/img1.png'}, function() {
  $('#img').show().cycle();
  });
});
</script>
<!-- include jQuery library -->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>

<!-- include Cycle plugin -->
<script type="text/javascript" src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.74.js"></script>

<!--  initialize the slideshow when the DOM is ready -->
<script type="text/javascript">
$(document).ready(function() {
    $('.slideshow').cycle({
        fx: 'fade' // choose your transition type, ex: fade, scrollUp, shuffle, etc...
    });
});
</script>
</head>
<body>
<?php 
if(logged_in()){
    echo 'Welcome ' , $user_data['name'];
    echo '<br /><br />You may now start to <a style="text-decoration: underline;" href="create_album.php">create albums</a> and <a style="text-decoration: underline;" href="upload_image.php">upload images</a> or <a href="albums.php">view albums</a> ';
}else{
echo '<div class="slideshow">
<img src="images/landing.png" alt="slideshow"  width="750" height="267"/>
<img src="images/img1.png" alt="slideshow"  width="750" height="267"/>
<img src="images/img2.png" alt="slideshow"  width="750" height="267"/>
<img src="images/img3.png" alt="slideshow"  width="750" height="267"/>
<img src="images/img4.png" alt="slideshow"  width="750" height="267"/>
</div>
<noscript>
<div id="img">
<img src="images/landing.png" alt="slideshow" width="750" height="267"/>
</noscript>
</div>';
}

include 'template/footer.php';
?>

Here is the albums.php (where I want the admin with the user level of "1" to be redirected to)

<?php
include 'init.php';

if(!logged_in()){
    header('Location: index.php');
    exit();
}
include 'template/header.php';
?>

<h3>Albums</h3>

<?php

$albums = get_albums();

if(empty($albums)){
    echo '<p>You don\'t have any albums</p>';
} else{
    foreach($albums as $album){
        echo '<p style="padding: 5px; float: left;"><a href="view_album.php?album_id=', $album['id'], '">', $album['name'], '</a> (', $album['count'], ' images)<br />
        ', $album['description'], '...  <br />
        <a href="edit_album.php?album_id=', $album['id'], '">Edit</a> / <a href="delete_album.php?album_id=', $album['id'], '">Delete</a>
        </p>';
    }
}

include 'template/footer.php';
?>

Her is the table structure of the users table

CREATE TABLE IF NOT EXISTS `users` (
  `user_id` int(11) NOT NULL AUTO_INCREMENT,
  `email` varchar(255) NOT NULL,
  `name` varchar(35) NOT NULL,
  `password` varchar(32) NOT NULL,
  `user_level` enum('0','1','2','3') NOT NULL DEFAULT '0',
  PRIMARY KEY (`user_id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

the sql query that I put into the database

SELECT `user_level` FROM `users` WHERE `user_id` = '1'

also send code for init.php, header.php and footer.php

Here is my init.php file

<?php
ob_start();
session_start();

mysql_connect('127.0.0.1', 'root', '');
mysql_select_db('upload');
include 'func/user.func.php';
include 'func/album.func.php';
include 'func/image.func.php';
include 'func/thumb.func.php';

?>

header.php

 <!DOCTYPE HTML>
 <head>
 <title>Test</title>
 <link href="css/style.css" rel="stylesheet" type="text/css">
 </head>
 <body>

 <div id="menu">
      <?php include 'widgets/menu.php' ?>
 </div>
 <div id="container">
       <a href="index.php"><img src="images/logo.png" /></a>
       <span class="right">
             <?php include 'widgets/login.php' ?>
       </span>

       <div id="main">

Footer.php

           </div>

      </div>
      <div id="footer">
           &copy; <a href="#">YourWebsite.com</a> 2011. All rights reserved.
           <span class="right">Designed by <a href="#">Gene Howell</a></span>
      </div>

</body>
</html>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.