Hi,
here is the sessions file i wrote to be in the header of each page on a site im working on. I need to be able to set th variable $access to 0 or 1 depending upon the visitor's username and pass coming out of a mysql database.
When testing I get results from the initial login (ie if($username && $password)) but it seems once the session is set it refuses to accept that $yourusername doesn't exist, and thus sets $access to empty.
It's probably something simple that ive missed, but can anyone help?
would it matter if i declared $access as a global variable?
<?
session_start();
//
// session_start() lets the server know to setup and expect session variables, it MUST always be in the headers of a file.
//
// if user and pass are here, then connect and check the DB to make sure that a user exists, fish out
// their details, store them in the session if for later use and set access to 1 giving full rights.
if($username && $password)
{
include("inc/connect.php4");
$result = mysql_query("select usr_id, fname, curdate() from admin_user where user = '$username' and pass = '$password' and include='1'");
$num = mysql_num_rows($result);
// print("<br>Number of rows:");
// echo $num;
// print("<br>");
if($num==1)
{
// print("numrows = 1 you are an authorised user<br>");
while ($myrow = mysql_fetch_array ($result))
{
session_register('yourusername');
session_register('yourpassword');
session_register('sess_id');
session_register('fname');
session_register('access');
$yourusername = $username;
$yourpassword = $password;
$sess_id = $myrow["usr_id"];
$fname = $myrow["fname"];
$time_out = $myrow["curdate()"];
$access = 1;
print("login successful<br>");
}
}
else
{
// print("numrows did not equal 1, you are not an authorised user<br>");
$access = 0;
print("login not successful<br>");
}
}
//
// if PHPSESSID does not exist then the session variables don't either, so set them up with session_register()
//
else if(!$PHPSESSID)
{
session_register('yourusername');
session_register('yourpassword');
session_register('sess_id');
session_register('fname');
session_register('access');
//
// set access rights for the user. 0 equals a whole bag of no access rights
//
$access = 0;
print("session = null, registers set<br>");
}
//
// if there is no username set, or the session is not sethow, then set them,
// this part below seems to be tripped all the time when executing
else if(!isset($yourusername) or !session_is_registered('yourusername'))
{
session_register('yourusername');
session_register('yourpassword');
session_register('sess_id');
session_register('fname');
session_register('access');
$access = 0;
print("yourusername not set");
}
print("<br>USER= ");
echo $yourusername;
print("<br>PASS= ");
echo $yourpassword;
print("<br>SESS_ID= ");
echo $sess_id;
print("<br>First Name=");
echo $fname;
print("<br>Time Out=");
echo $time_out;
print("<br>Access?=");
echo $access;
print("<br>");
if($yourusername && $yourpassword && $sess_id && $access==1)
{
print("read successful from session<br>");
}
else
{
print("readunsuccessful<br>");
}
if($logout)
{
session_destroy();
}
?>
