Getting infomation and making sessions work

Auxfusion

Hi guys! Can someone please tell me what I am doing wrong here. This is a process for an upload article script, what happens is the article is put in a table called article_review, a small description of the article is then displayed along with their username and rank from the users table and set a session with their username, password and rank for use on other pages. I can get all of this to work apart from the part where the user rank is displayed and the session is started. I'm relitaivly new to PHP, so forgive me if the answer to this is blatenly obvious:

$user = $_POST['username'];
$pass = $_POST['password'];
$title = $_POST['title'];
$body = $_POST['body'];
$description = $_POST['description'];
$catagory = $_POST['catagory'];

// encrypt password into md5 (random 32 characters)
$pass=md5($pass);

// search database to check for user
$request = "SELECT * FROM users WHERE password='".$pass."' AND username='".$user."'";
$rankgrab = "SELECT rank FROM users WHERE username='".$user."'";

// hand over the request
$results = mysql_query($request);
$rank = mysql_query ($rankgrab);

// if mysql returns any number of rows great than 0 then there is a succesful login
if(mysql_num_rows($results))
{
// get users id
$getid = "SELECT * FROM users WHERE username='".$user."' LIMIT 1";
$getidexec = mysql_query($getid);

while($r=mysql_fetch_array($getidexec)){
$userid = $r[userid];
}

// START process if username and password are approved

$print = "INSERT INTO `article_review` VALUES ('','$username','$title','$catagory','$description','$body')";
$result=mysql_query($print);
$num=mysql_numrows($result);

$i=0;
while ($i < $num) {

echo "$result";

++$i;
}

echo "Thanks <b>$user</b>, your article <b>$title</b>, has been submitted!<br><div align=center>Go <a href=backlog.php>here</a> to see the backlog.<br><br>";
echo "<table border=0 class=contentsubbox align=center width=100%>";
echo "<tr><td width=20%>Title</td><td width=80%><b>$title</b></td></tr>";
echo "<tr><td>Description</td><td><b>$description</b></td></tr>";
echo "<tr><td>Catagory</td><td><b>$catagory</td></tr></table>";

session_start();
$_SESSION['username'] = "$username";
$_SESSION['rank'] = "$rank";

echo "You, $username are a $rank";


}

// END process if username and password are approved
// START process if username and password are rejected
else

{

die("<table border=0 class=contentsubbox align=center width=100><tr><td>Your username or password was incorrect, please try again! If you need to register, <a href=signup.htm>click here</a></td></tr></table>");

}
// END process if username and password are rejected
?>

Thanks for your time.

peppeto

What is "$rank"; where do you get it?

Auxfusion

$rankgrab = "SELECT rank FROM users WHERE username='".$user."'";

// hand over the request
$results = mysql_query($request);
$rank = mysql_query ($rankgrab);

This part?

peppeto

You need to pull the rank from the table same like you do for username because now you are putting aray in session

Auxfusion

Ah, got it working, sorry it was somthing so simple, as I said I'm new to this. Thanks a lot 🙂

EDIT: There was one more thing I was wondering so I may as well ask now. Is saving the user rank into a session safe. Since sessions cannot be modified by the user there's no risk of say manually changing User to Admin? Thanks.