Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

$_Session Help?

session

  • Please log in to reply
3 replies to this topic

#1 D3GG3RZ

D3GG3RZ

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 10 April 2012 - 06:22 PM

Well, I am new to using the session function and I'm getting stuck on one major thing.
I am having users log in to the site, and each user has a set "permissions" value.
The permissions are 0 for customer and 1 for admin.
I am wanting to use the session function to check the users permissions upon login and depending on what that value is depends on what is displayed on the homepage.
If they are admin I want an "Admin Panel" link but if they are a customer I want it hidden. It's the same for a lot of other things aswell.

Any help will be greatly appreciated!!!
  • 0

#2 papabear

papabear

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 472 posts
  • Location:DarkSide

Posted 11 April 2012 - 04:01 AM

can you provide us some snippet of your code? or your progress code so far?
so that I can help you correct your code and guide you through the process?
  • 0
Life has no CTRL+Z
Never Forget To HIT "LIKE" If I Helped

#3 Orjan

Orjan

    CC Mentor

  • Moderator
  • 2918 posts
  • Location:Karlstad, Sweden
  • Programming Language:C, Java, C++, C#, PHP, JavaScript, Pascal
  • Learning:Java, C#

Posted 11 April 2012 - 04:24 AM

The easiest part is to save the status in the $_SESSION variable, similar to $_SESSION['admin'] = true; or $_SESSION['admin'] = false;
depending on status. Then you can do something like this:

if ($_SESSION['admin']) {
  echo "Admin link";
}

I suppose you already have an active session with everything like start_session() etc?
  • 0

I'm a System developer at XLENT Consultant Group mainly working with SugarCRM.
Please DO NOT send mail or PM to me with programming questions, post them in the appropriate forum instead, where I and others can answer you.


#4 papabear

papabear

    CC Devotee

  • Senior Member
  • PipPipPipPipPipPip
  • 472 posts
  • Location:DarkSide

Posted 11 April 2012 - 06:41 AM

say for example you have a database named DBSin that database I have a table named USERS, and in users I have a
USERNAME, PASSWORD, PERMISSION fields... and I have USERNAME = "admin", Password = "pass", PERMISSION="1"

This will be my code for that:

<?php
   session_start();

//this function will return the permission of the user

public function getPermission($username, $password) {
   try {
			 $con = new PDO("mysql:host=localhost;dbname=DBS", 'root', ''); //create the connection object
			   $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //set the error mode

				 $sql = "SELECT * FROM USER WHERE username = :username and password = :password"; //this will be my sql query.. notice the :username and :password, those are named parameters

				 $stmt = $con->prepare($sql); //create a prepared statement
				 $stmt->bindValue(":username","admin",PDO::PARAM_STR); //this is where I assign the value of :username
				 $stmt->bindValue(":password","pass",PDO::PARAM_STR); //this is where I assign the value of :password
				 $stmt->execute(); //execute the query
				 $result = $stmt->fetch(); // get the result set


                $con = null; //close the connection

			    return $result['permission']; //return the permission
   }  catch (PDOException $e) {
         $con = null; //close the connection
		 echo $e->getMessage(); //if there is error go here for debugging purposes
   }
}


// this part will be our login code
try{
   $con = new PDO("mysql:host=localhost;dbname=DBS", 'root', ''); //the connection object
  $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //set the error mode

   $sql = "SELECT * FROM USER WHERE username = :username and password = :password"; //my sql query
   $stmt = $con->prepare($sql);
   $stmt->bindValue(":username","admin",PDO::PARAM_STR);
   $stmt->bindValue(":password","pass",PDO::PARAM_STR);
   $stmt->execute();
   $valid = $stmt->fetchColumn(); //see if there is record
   $con = null;
   if( $valid == false  ) {
	    echo "Invalid username/password"; //if no record
   } else {
	    $_SESSION['permission'] = getPermission("admin", "pass"); //if there is record call the getPermission function
   }
}  catch(PDOException $e) {
     $con = null;

	 echo $e->getMessage();
}
?>


I'm using PDO to connect to database because In my opinion it was for prepared statements and named parameters to avoid SQLinjection :) I explain the code in comments :)
  • 1
Life has no CTRL+Z
Never Forget To HIT "LIKE" If I Helped





Also tagged with one or more of these keywords: session

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download