Hello,

Great forum!

I have implemented a USER LOG-IN scheme in my site. Below is the code to build my session variable data:

//Create query
	$qry="SELECT * FROM volunteers WHERE Username='$login' AND Password='$password'";
	$result=mysql_query($qry);
	
	//Check whether the query was successful or not
	if($result) {
		if(mysql_num_rows($result) == 1) {
			//Login Successful
			session_regenerate_id();
			$member = mysql_fetch_assoc($result);
			$_SESSION['SESS_MEMBER_ID'] = $member['id'];
			$_SESSION['SESS_FIRST_NAME'] = $member['First_Name'];
			$_SESSION['SESS_LAST_NAME'] = $member['Last_Name'];
			$_SESSION['SESS_ADMIN'] = $member['ADMIN'];
			session_write_close();
			header("location: Service_Dates.php");
			exit();
		}else {
			//Login failed
			header("location: login-failed.php");
			exit();
		}
	}else {
		die("Query failed");
	}

Please notice the ADMIN variable.

How would I display a LINK only if ADMIN = ADMIN (True - checkbox)? Here is some code I wan to add that test to:

<div align="center"><img src="/VOH/Images/logo.jpg" width="703" height="144" longdesc="http://www.dwdataconcepts.com/VOH/index.php" />
  <br />
  <table width="703" border="0" align="center" cellpadding="2" cellspacing="2">
    <tr>
        <td width="54%" height="19"><div align="left" class="style3"><a href="Service_Dates.php">Service Dates</a></div></td>
      
      <td width="32%"><div align="right" class="style3"><a href="Admin_Options.php">Admin Options</a><a href="Service_Dates.php"></a></span></div></td>
      
      <td width="14%"><div align="right" class="style3"><a href="/VOH/logout.php">Log Out</a></span></div></td>
      </tr>
  </table>
</div>

If the SESSION::ADMIN = TRUE, then display this CODE.
Thanks!

Security is a big deal for me. I hate seeing code with holes in it and how easily it would be for someone to hack it.

I have a good login security login example I can post. If you want to see it let me know.

As for your question, just use an if statement.

$admin = false;
if ( $_SESSION['SESS_ADMIN'] == 'ADMIN' ) { //whatever the value is in the database for an admin
  $admin = true;
}

Then in your script where you want something for an admin only.

if ( $admin ) {
  echo 'html that only admins should see';
}

Really the best thing to do is seperate the user and admin areas completely.

Security is a big deal for me. I hate seeing code with holes in it and how easily it would be for someone to hack it.

I have a good login security login example I can post. If you want to see it let me know.

As for your question, just use an if statement.

$admin = false;
if ( $_SESSION['SESS_ADMIN'] == 'ADMIN' ) { //whatever the value is in the database for an admin
  $admin = true;
}

Then in your script where you want something for an admin only.

if ( $admin ) {
  echo 'html that only admins should see';
}

Really the best thing to do is seperate the user and admin areas completely.

Thanks! But I still don't have it.

I have a page called "header.php" which I use in ALL my pages as a INCLUDE () which brings in the logo banner display and the main LINKS (which I want to dynamically display based on the SESSION::ADMIN. Here is the code:

<style type="text/css">
<!--
.style3 {font-size: 11px; font-family: Verdana, Arial, Helvetica, sans-serif; font-weight: bold; }
-->
</style>

<div align="center"><img src="/VOH/Images/logo.jpg" width="703" height="144" longdesc="http://www.dwdataconcepts.com/VOH/index.php" />
  <br />

<?  
  $admin = false;
if ( $_SESSION['SESS_ADMIN'] == 'ADMIN' ) { //whatever the value is in the database for an admin
  $admin = true;
}
?>
 
  <table width="703" border="0" align="center" cellpadding="2" cellspacing="2">
    <tr>
      <td width="54%" height="19"><div align="left" class="style3">
	  
	  <? if ( $admin ) {echo '<a href="Service_Dates.php">Service Dates</a>';} ?></div></td>
	  <? //<a href="Service_Dates.php">Service Dates</a></div></td> ?>
      
      <td width="32%"><div align="right" class="style3">
	  
	  <? if ( $admin ) {echo '<a href="Admin_Options.php">Admin Options</a>';} ?></div></td>
	  <? //<a href="Admin_Options.php">Admin Options</a></span></div></td> ?>
      
      <td width="14%"><div align="right" class="style3"><a href="logout.php">Log Out</a></span></div></td>
      </tr>
  </table>
</div>

Does this look right? Is the DOUBLE EQUALS right in your statement:

if ( $_SESSION['SESS_ADMIN'] == 'ADMIN' ) { //whatever the value is in the database for an admin
  $admin = true;
}

Is it my HTML? Sigh...


Then in your script where you want something for an admin only.

if ( $admin ) {
  echo 'html that only admins should see';
}

Really the best thing to do is seperate the user and admin areas completely.

Now I know something is wrong with the IF Statements (unless I am not understanding the right syntex: Here is my code:

<style type="text/css">
<!--
.style3 {font-size: 11px; font-family: Verdana, Arial, Helvetica, sans-serif; font-weight: bold; }
-->
</style>

<div align="center"><img src="/VOH/Images/logo.jpg" width="703" height="144" longdesc="http://www.dwdataconcepts.com/VOH/index.php" />
  <br />


<?  
  $admin = false;
if ( $_SESSION['SESS_ADMIN'] == 'ADMIN' ) { //whatever the value is in the database for an admin
  $admin = true;
}

?>
 
  <table width="703" border="0" align="center" cellpadding="2" cellspacing="2">
    <tr>
      <td width="54%" height="19"><div align="left" class="style3">
	  
	  <? echo '<a href="Service_Dates.php">Service Dates</a></div></td>' ?>
	  <? //if ( $admin ) {echo '<a href="Service_Dates.php">Service Dates</a>'} ?></div></td>
	  </div></td>
	  
      
      <td width="32%"><div align="right" class="style3">
	  
	  <? echo '<a href="Admin_Options.php">Admin Options</a></div></td>' ?>
	  <? //if ( $admin ) {echo '<a href="Admin_Options.php">Admin Options</a>'} ?></div></td>
	  </div></td>
	  
      
      <td width="14%"><div align="right" class="style3"><a href="logout.php">Log Out</a></span></div></td>
      </tr>
  </table>
</div>

The commented out lines are the one I am trying to get to work. The UNcomments ones are the raw hyperlinks minus the IF statement.

I'd love to conquer this before I hit the bed ;-) Thanks again.

Security is a big deal for me. I hate seeing code with holes in it and how easily it would be for someone to hack it.

I have a good login security login example I can post. If you want to see it let me know.

May I please see the login code with the security? I am currently trying to make a login system and this will help me greatly. Thanks.