0

Hey can anyone please help me :S . I have created a user table with different levels for instance type 0 to 2. If the user is type 1 then a certain page will open . I have placed my values in sessions then used a condition to verify. Please help me because when the type 0 it goes to the right page. but if its 1 or 2 it displays a blank page does even echo the message I put in to show that the type is different.

<?php require_once ("inc/session.php");?>
<?php require_once("inc/connection.php"); ?>
<?php 
$username=$_POST["txtuser"]; 
$password=$_POST['txtpass']; 
$hashed_password=sha1($password);
?>


<?php 

$query="Select `id`,`username`,`type` From `tblusers` Where username=\"$username\" and passwordc=\"$hashed_password\"";

$result=mysql_query($query,$connection);

if (mysql_num_rows($result)==1)
{
$found_user=mysql_fetch_array($result);
$_SESSION['username']=$found_user['username'];
$_SESSION['type']=$found_user['type'];

//echo "it works";
if($_SESSION['username']==$username && $_SESSION['type']==1){
echo "<script language=\"javascript\"> window.location.replace(\"http:\/\/\localhost\/\Sample\/\test\/\test.php\");</script>";}
}
//else{
//echo "it dont".mysql_error();
//

if(!$_SESSION['type']){

echo "It recons ".$_SESSION['type'];
}


?>
</body>
</html>
2
Contributors
2
Replies
3
Views
8 Years
Discussion Span
Last Post by mundetas
0

I would check that the 'type' being returned is an int and not a char. If it is a char change == to ===

0

its an int I put a singles = . Any sugguestions on the best way to authentication in terms of user levels? How can you protect your files on an server so that the user doesn't see the include files etc.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.