Member Avatar for mundetas

Hey can anyone please help me :S . I have created a user table with different levels for instance type 0 to 2. If the user is type 1 then a certain page will open . I have placed my values in sessions then used a condition to verify. Please help me because when the type 0 it goes to the right page. but if its 1 or 2 it displays a blank page does even echo the message I put in to show that the type is different.

<?php require_once ("inc/session.php");?>
<?php require_once("inc/connection.php"); ?>
<?php 
$username=$_POST["txtuser"]; 
$password=$_POST['txtpass']; 
$hashed_password=sha1($password);
?>


<?php 

$query="Select `id`,`username`,`type` From `tblusers` Where username=\"$username\" and passwordc=\"$hashed_password\"";

$result=mysql_query($query,$connection);

if (mysql_num_rows($result)==1)
{
$found_user=mysql_fetch_array($result);
$_SESSION['username']=$found_user['username'];
$_SESSION['type']=$found_user['type'];

//echo "it works";
if($_SESSION['username']==$username && $_SESSION['type']==1){
echo "<script language=\"javascript\"> window.location.replace(\"http:\/\/\localhost\/\Sample\/\test\/\test.php\");</script>";}
}
//else{
//echo "it dont".mysql_error();
//

if(!$_SESSION['type']){

echo "It recons ".$_SESSION['type'];
}


?>
</body>
</html>
  • 2 Contributors
  • 2 Replies
  • 90 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by mundetas
Member Avatar for noelthefish

I would check that the 'type' being returned is an int and not a char. If it is a char change == to ===

Member Avatar for mundetas

its an int I put a singles = . Any sugguestions on the best way to authentication in terms of user levels? How can you protect your files on an server so that the user doesn't see the include files etc.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.