I created a login script for my web page which passes the user access level using sessions.
Here's the authentication and session setting script.
//if username and password has been entered
//connect to database and check values
mysql_connect("localhost", "root", "netops") or die ("could not connect");
mysql_select_db("system_outage")or die ("could not select");
$sql = "SELECT * FROM login WHERE username ='$username' AND password = '$password'";
$result = mysql_query($sql) or die ("could not execute query");
$num = mysql_numrows($result);
while ($row = mysql_fetch_array($result)){
$accesstype = $row['accesstype'];
}
//if verification is succcesful then register a user session and redirect to protected admin site
if ($num == 1){
session_start();
session_register("SESSION");
session_register("SESSION_USER");
session_register("SESSION_AUTH");
$SESSION_USER = $username;
$SESSION_TYPE = $accesstype;
$SESSION_AUTH = "yes";
This is the script for the secured page which only users with an access level of 1 can enter. This is where I am having the problem. Whenever I try to login with an user of access level 1 I get the error message. I should only get the error message if the users access level is anything other than 1.
<?
session_start();
if ($SESSION_TYPE != '1') {
echo "<br><br><font color = red><center><p>AUTHORIZATION FAILED!</p>";
echo "<p>You must log-in before accessing this page <a href=\"login.php\">Log In!</a></p></font>
</center>";
exit();
}
?>
DISPLAY HTML
I can't see anything wrong with it myself but I've been looking at it so long I may be missing something really obvious. Any help would be greatly appreciate it.
