I have searched the forum and Google but there was nothing that would give me a clue what's wrong with my code. I'm just starting PHP and I'm trying a few things. :)

I have a page with login. Logging in works wonderfully, storing sessions with username does too. However, each user also has a user group assigned (stored in database), so I can control what the users can access.

I'm getting the group value from the DB and into the session name. When I (admin) log in, the session is set correctly to 'admin' right after. However, on the next page and upon refresh, the session changed to 'user'. Any ideas what is causing this?


<?php include("includes/header.php"); ?>
<form name="login" method="post" action="login.php">  <table width=35% border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<td width="300" align="right">Username:</td>
<td width="200"><input name="username" type="text" id="username" size="20"></td>
<tr><td align="right">Password:</td>
<td width="294"><input name="password" type="password" id="password" size="20"></td>
<br />
<input type="submit" name="Submit" value="Login"> <input type="reset" name="reset" value="REset">
<?php include("includes/footer.php"); ?>


include ("includes/config.php") ; //file with database info, password, etc.

$tbl_name = 'user';

/* data from login form */
$myusername = $_POST['username'];
$mypassword = $_POST['password'];

/* pass is encrypted */
$encrypted_mypassword = md5($mypassword);

/* for mysql injection */
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

/* mysql query */
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";

// Mysql_num_row is counting table row
// If result matched $myusername and $mypassword, table row must be 1 row

$row = mysql_fetch_array($result);
$mygroup = $row['group'];

/* If ok, set sessions */
if ($count == 1){
$_SESSION['username'] = $myusername;
$_SESSION['group'] = $mygroup;
//echo $_SESSION['group'];  -> gives me the right group
header("Location: start.php");

else {
echo "Wrong Username or Password";


session_start(); // start session

if(isset($_SESSION['username']) && isset($_SESSION['group'])) {
  $loggedin = "Already logged in as <b>".$_SESSION['username'] . "</b> (" . $_SESSION['group'] . "). <a href='logout.php'>Logout.</a>";

else {
  header( "Location: index.php" );

/* if user belongs to 'user group', has restricted access */
if ($_SESSION['group'] = "user") {
  $menu = "<ul><li><a href='start.php'>Start</a></li><li><a href='menu1.php'>Menu 1</a></li><li><a href='menu2.php'>Menu 2</a></li></ul>";

/* if they are admin, they have all access */
else {
  $menu = "<ul><li><a href='start.php'>Start</a></li><li><a href='menu1.php'>Menu 1</a></li><li><a href='menu2.php'>Menu 2</a></li><li><a href='restricted1.php'>Restricted 1</a></li><li><a href='restricted2.php'>Restricted 2</a></li></ul>";

include("includes/header.php"); // header, HTML + $loggedin annoucement


<?php echo $_SESSION['group']; ?> //if logging as admin, it gives me 'user'

<?php include("includes/footer.php"); ?>

Any help greatly appreciated!

Recommended Answers

All 3 Replies

did you check the group you have defined in your database?

Yeah, the groups are all as they should be.

Yeah, so I got to the problem. :D Shoot me now. It was this line:

if ($_SESSION['group'] = "user")

correct one is:

if ($_SESSION['group'] == "user")
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.