|
PHP - How Much To Store In Session Variable?
Currently I am adding the concept of "entitlements" to my website. In the past, my "article.php" script would simply look to the URL for which article was being requested and then load it. However now that I am also adding the concept of "premium content" for "paid members", I need a way to control who sees what. What I am wondering is - from a security standpoint - how much information I should load into the $_SESSION variable. For instance, right now when a user logs in, I think I just store the "memberID" and "FirstName" and possibly "Username". It would be more efficient when a Member logs in to also retrieve their "Membership Plan" and store that in the $_SESSION variable, so that as they browse my website, each page can simply grab $_SESSION['MembershipPlan'] and run that through a function that I need to build and then determine if the user gets to access said page. However, maybe it would be more secure to have it so when a user lands on page XYZ, I would look at their "memberID" and query the database to get their "MembershipPlan"? Any thoughts on each approach? Again, my main concern is *security*, but I also suppose this plays into "performance".
Similar TutorialsHi, I want to maintain users who log in a webpage and each time they leave, I want to record the current time, so this sounds silly but do I just set in my db table in a field that tracks a user's last log in with DEFAULT: CURRENT_TIMESTAMP? db structu user_id lastActivity lastSession (stores TIMESTAMP of last time user logged in) Any help much appreciated Anyone could help or giude how to secure this script by storing session into database?
login.php
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Get ip
function get_client_ip() {
$ipaddress = '';
if ($_SERVER['HTTP_CLIENT_IP'])
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if($_SERVER['HTTP_X_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if($_SERVER['HTTP_X_FORWARDED'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if($_SERVER['HTTP_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if($_SERVER['HTTP_FORWARDED'])
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if($_SERVER['REMOTE_ADDR'])
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$ip = get_client_ip();
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
/* if($login != '' || $password != '') {
if($login !='admin' && $ip !=''.$log_ip.''){
$errmsg_arr[] = 'Your IP <b>'.$ip.'</b> is not recognized...';
$errflag = true;
}
}
*/
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
//header("location: index.php");
echo ('<meta http-equiv="refresh" content="0;url=index.php">');
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".$_POST['password']."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_LOGIN_NAME'] = $member['login'];
$_SESSION['SESS_PASS'] = $member['passwd'];
session_write_close();
//header("location: member-index.php");
echo ('<meta http-equiv="refresh" content="0;url=member-index.php">');
exit();
}else {
//Login failed
//header("location: login-failed.php");
echo ('<meta http-equiv="refresh" content="0;url=login-failed.php">');
exit();
}
}else {
die("Query failed");
}
?>
auth.php (included on top of all php pages
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
//header("location: access-denied.php");
echo ('<meta http-equiv="refresh" content="0;url=access-denied.php">');
exit();
}
?>
Hello I have included a simple login system into my website. When a user logs in, a session is started and he stays connected throughout the whole website until logging out again. The user logs in via his e-mailaddress and a password, which are stored in a mysql database. Now I want to add a page on which a user that is logged in, can see and edit his own information (password, cellphone number, e-mail, etc.). Or easier: instead of showing "Welcome!" showing "Welcome, John!". I thought about storing the e-mailaddress into the session, and then trying to access it to select the correct record (to edit afterwards). But so far, I haven't booked any success. I have to say that this is the first time I'm working with sessions as well, so this is very new to me. Thank you in advance for any help! I have a class "Login" that handles login, registration, checking if someone's logged in and authorization stuff. I would prefer to be able to instantiate this just once per session and then reuse that. however, I don't know if there's drawbacks to storing this object in the session. For example, will this lead to too much memory usage of the session object? Is it slow to keep retrieving an object from session? Would it be faster and better on the server to just re-instantiate and then destroy the object every page request? Unfortunately I have no code for this yet cuz I don;t even know if its possible... I am programming an application that is used by a couple of stores, which could end up being a lot of stores. Anyways, the basis is that the stores would, though a separate application (and therefore separate database) create a username and password, I now want to use this username and password to do the following 1. Allow them to login to my application using the same username and password 2. I want the store the username in a session to pull tables based on the username from my database For instance, a user has the login store123, after loggin in it now pulls the information from the tables store123_items, store123_prices, store123_settings, etc. Now my database will have quite a lot of store###_tables I am, sadly, a noobie to PHP and I do recall seeing an article (somewhere on the net, and I stupidly forgot to bookmark it, knowing I would need it eventually) on how to access multiple databases easily. Now because they are both under my account I can use the same username and password for both, its accessing the MySQL username/password database and storing the info I know I am lacking on how to do it. Any ideas? What's the best way to store shopping cart information? I want things to stay in the cart for up to 2 weeks after they're added, without the need for somebody to log-in to their account to store them. Should I store the information in a database some how and then set a cookie referencing the cart_id in the db? Quote i need to store a variable from database like if i have "copies" in one of my column in my database then i have to store a particular value for copies store it to $copies here i want that i can store value of copies into $copies $update_book="update book set copies=copies-1 where bookid='$bookid'"; $result=mysql_query($update_book,$linkID1); if($result) { print "<html><body background=\"header.jpg\"> <p>book successfully subtracted from database</p></body></html>"; } else { print "<html><body background=\"header.jpg\"> <p>problem occured</p></body></html>"; } } It seems that in the following script I am not able to make $page contain some values as it always acts as it contains 0. The script will give you more idea about what I wanna do with it. Code: [Select] <?php include('dbinfo.inc'); session_start(); $connect= mysql_connect($host,$dbuser,$password) or die("connect to database fails"); mysql_select_db($dbname, $connect); //This will set the number of messages we want to display on each page $rows_per_page = 5; function show_msg() { echo "<tr align='center'> <td>$row[message]</td> </tr> <tr><td><strong>Sent By: $_SESSION[username] ON Date: $row[date]</strong></td></tr> <tr><td></td></tr>"; } //This will set the necessay variables required to set the page layout function page_vars() { $sql = "select * from msgs"; $result = mysql_query($sql, $connect); $numrows = mysql_num_rows($result); $total_pages = ceil($numrows/$rows_per_page); //Check whether page is given or not if(isset($_GET["page"])) { $page = $_GET["page"]; } else { $page = 1; } if($page < 1): { $page = 1; } elseif($page > $total_pages): { $page = $total_pages; } endif; } if($_SESSION[loggedin] == TRUE && $_SESSION[actype] == lecturer) { echo "<form action='postmsg.php' method='POST'>"; echo "<table width='80%' border='1'><tr align='center'><td><strong>To send a new message type it in the below box and press SUBMIT</strong> </td></tr>"; echo "<tr align='center'> <td><textarea name='msgarea' cols='40' row='5'></textarea></td> </tr> <tr align='center'> <td><input type='submit' value='Send Message' /></td> </tr> </table>"; $limit .= 'LIMIT '.($page - 1)*$rows_per_page.', '.$rows_per_page; echo $limit; $sql = "select * from 'msgs' $limit"; $result = mysql_query($sql); echo "<table width='80%' border='1'>"; $row = mysql_fetch_assoc($result); while($row) { show_msg(); } } else { page_vars(); $limit .= 'LIMIT '.($page - 1)*$rows_per_page.', '.$rows_per_page; $sql = "select * from msgs $limit"; $result = mysql_query($sql,$connect); echo "<table width='80%' border='1'>"; while($row = mysql_fetch_assoc($result)) { show_msg(); } echo "<tr align='center'> <td> <a href='$_SERVER[php_self]?page=1'>First Page</a> <a href='$_SERVER[php_self]?page=($page - 1)'>$page</a> <a href='$_SERVER[php_self]?page=$page'>$page</a> <a href='$_SERVER[php_self]?page=($page + 1)'>$page</a> <a href='$_SERVER[php_self]?page=($total_pages)'>>>>Last Page</a> </td> </tr>"; echo "</table>"; } ?> now when i echo $limit it always shows "-5, 5" , that's not what i want from this script. Instead I want limit to store "0, 1" with the same concept not direct because it will change according to what $_GET[page] holds. Hope I will get the solution here.... hello, um i got a form that stored an array of variables upon users clicks. it submits to another page fine as an array and i can print them using if(!empty($_POST['langSpoken'])) { echo "\n<p><strong>You selected the following LangSpoken:</strong></p>\n<ul>"; foreach($langSpoken as $lang) { // exclude any items with chars we don't want, just in case someone is playing if(!preg_match('/^[-A-Z0-9\., ]+$/iD', $lang)) continue; // print the lang echo "\n\t<li>" . htmlspecialchars($lang) . "</li>"; } echo "\n</ul>"; } else { echo "\n<p>No items selected</p>"; } it prints a list a of array like english spanish but i need to store each one in one variable so i can store in a database is there a way? thanks
//multi query
$sql= "SELECT option_value FROM settings WHERE option_name = 'email_temp_issue';"; //1
$sql .="SELECT title FROM books WHERE id = '$bookid';"; //2
$sql .="SELECT fullName from students WHERE email = '$username'"; //3
$sql_run = mysqli_multi_query($connection,$sql);
if(mysqli_num_rows($sql_run)>0)
{
foreach ($sql_run as $row)
{
$email_template = $row['option_value']; //retrieve from query 1
$title = $row['title']; //retrieve from query 2
$name = $row['fullName']; //retrieve from query 3
}
}
I am trying to store the data from the multi query into each variable, which I am not sure how to do..Anyone can help? :) the same page? My login script stores the user's login name as $_SESSION[ 'name'] on login. For some unapparent reason, i'm getting errors stating that $user and $priv are undefined variables, though I've attempted to define $user as being equal to $_SESSION['name'], using $user to look up the the user's privilege level (stored as the su column ) in the SQL table, and then where the result of the sql query is $priv which is then evaluated in an if statement. I can't seem to figure out why this might not be working. The code I'm using:
<?php
session_start();
function verify() {
//verify that the user is logged in via the login page. Session_start has already been called.
if (!isset($_SESSION['loggedin'])) {
header('Location: /index.html');
exit;
}
//if user is logged in, we then lookup necessary privleges. $_SESSION['name'] was written with the login name upon login. Privleges // are written in db as a single-digit integer of of 0 for users, 1 for administrators, and 2 for special users.
$user === $_SESSION['name'];
//Connect to Databse
$link = mysqli_connect("127.0.0.1", "database user", "password", "database");
if (!$link) {
echo "Error: Unable to connect to MySQL." . PHP_EOL;
echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
exit;
}
//SQL Statement to lookup privlege information.
if ($result = mysqli_query($link, "SELECT su FROM accounts WHERE username = $user", MYSQLI_STORE_RESULT)) {
//LOOP TO CYCLE THROUGH SQL RESULTS AND STORE Privlege information as vairable $priv.
while ($row = $result->fetch_assoc()) {
$priv === $row["su"];
}
}
// close SQL connection.
mysqli_close($link);
// Verify privleges and take action. Only a privlege of "1" is allowed to view this page. A privlege of "2" indicates special
//accounts used in other scripts that have certain indermediate additional functions, but are not trusted administrators.
if ($priv !== 1) {
echo $_SESSION['name'];
echo "you have privlege level of $priv";
echo "<br>";
echo 'Your account does not have the privleges necessary to view this page';
exit;
}
}
verify();
?>
Hi, I want to be able to let user type in xml text and it will be parsed and uploaded to db, but it doesn't work, it just keeps redirecting me back to this form below! here is html form: Code: [Select] <html> <body> <form method='post' method='form.php'> <p> <textarea name="pastedXML" rows="10" cols="30"> Please paste your xml file here. </textarea> </p> <p> <input type="submit" value="Convert to SQL" name="textXML" /> </p> </form> </body> </html> Here is script (form.php;I just want to retrieve the contents typed in text area to store to variable...how??) Code: [Select] <?php //get the text in textarea and shred it! if(isset($_POST['textXML'])) print $_POST['pastedXML']; ?> Any help much appreciated! Hello everyone, I can get Test 2 to successfully operate the if statement using a variable variable. But when I try the same method using a session variable (Test 1) the if statement is not executed. Please could you tell me why the if statement in Test 1 is not being executed? Code: [Select] <?php # TEST 1 $_SESSION[test_variable] = "abcd"; $session_variable_name = "_SESSION[test_variable]"; if ($$session_variable_name == "abcd") { echo "<br>line 373, abcd<br>"; } # TEST 2 $test_variable = "efgh"; $test_variable_name = "test_variable"; if ($$test_variable_name == "efgh") { echo "<br>line 379, efgh<br>"; } ?> Many thanks, Stu Hi, I want to store files to variable array using glob() like $files[0] = xyz.txt $files[1] = pqr.txt . . . $files[n] = nfile.txt I know how to list files from directory using glob() Code: [Select] <?php foreach (glob("*.txt") as $filename) { echo "$filename size " . filesize($filename) . "\n"; } ?> How can I do that ? Hello all, I have an error handler that I need to append messages to (First name not right, Last name not right, etc) I'm using a session array to handle all error messages titled GORB. How come this code won't work? $_SESSION['GORB']['message'][] = "First name wrong"; $_SESSION['GORB']['message'][] = "Last name wrong"; How can I get it to work? I already have the handler output written and functioning fine, I just need to get it to loop over an array of errors instead of just one. I wonder whether someone can help me please. I'm using the script below to create a page whereby users are presented with a list of image folders they have created. Clicking on any of the folders allows the user to drill down and view the individual images. Code: [Select] <?php session_start(); $_SESSION['username']=$_POST['username']; $_SESSION['locationid']=$_POST['locationid']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <?php //This variable specifies relative path to the folder, where the gallery with uploaded files is located. $galleryPath = 'UploadedFiles/' . $_SESSION['username'] . '/' . $_SESSION['locationid'] . '/'; $absGalleryPath = realpath($galleryPath) . DIRECTORY_SEPARATOR; $descriptions = new DOMDocument('1.0'); $descriptions->load($absGalleryPath . 'files.xml'); $items = array(); for ($i = 0; $i < $descriptions->documentElement->childNodes->length; $i++) { $xmlFile = $descriptions->documentElement->childNodes->item($i); $path = $xmlFile->getAttribute('name'); $path = explode('/', $path); $t = &$items; for ($j = 0; $j < count($path); $j++) { if (empty($t[$path[$j]])) { $t[$path[$j]] = array(); } $t = &$t[$path[$j]]; } $t['/src/'] = $xmlFile->getAttribute('source'); $t['description'] = $xmlFile->getAttribute('description'); $t['size'] = $xmlFile->getAttribute('size'); } $basePath = empty($_GET['path']) ? '' : $_GET['path']; if ($basePath) { $basePath = explode('/', $basePath); for ($j = 0; $j < count($basePath); $j++) { $items = &$items[$basePath[$j]]; } } $files = array(); $dirs = array(); function urlpartencode(&$item, $index) { $item = rawurlencode($item); } foreach ($items as $key => $value) { if (isset($value['/src/'])) { $value['/src/'] = explode('/', $value['/src/']); array_walk($value['/src/'], 'urlpartencode'); $value['/src/'] = implode('/', $value['/src/']); $files[] = array( 'name' => $key, 'src' => $value['/src/'], 'description' => htmlentities($value['description'], ENT_COMPAT, 'UTF-8'), 'size' => htmlentities($value['size'], ENT_COMPAT, 'UTF-8') ); } else { $dirs[] = $key; } } $basePath = empty($_GET['path']) ? '' : $_GET['path']; $up = dirname($basePath); if ($up == '.') { $up = ''; } sort($files); sort($dirs); ?> <head> <title>View Image Folders</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link href="Styles/style.css" rel="stylesheet" type="text/css" /> <script src="Libraries/jquery/jquery-1.4.3.min.js" type="text/javascript"></script> <style type="text/css"> <!-- .style1 { font-size: 14px; margin-top: 5px; margin-right: -50px; } --> </style> <body style="font-family: Calibri; color: #505050; margin-right: 160px; margin-left: -180px;"> <div align="right" class="style1"> <a href = "index.php" /> Add Images <a/> → <a href = "javascript:document.imagefolders.submit()"> View All Images </a> </div> <form id="imagefolders" name="imagefolders" class="page" action="gallery.php" method="post" enctype="application/x-www-form-urlencoded"> <div id="container"> </div> <div id="center"> <div class="aB"> <div class="aB-B"> <?php if ('Uploaded files' != $current['title']) :?> <?php endif;?> <div class="demo"> <input name="username" type="hidden" id="username" value="IRHM73" /> <input name="locationid" type="hidden" id="locationid" value="1" /> <div class="inner"> <div class="container"> <div class="gallery"> <table class="gallery-link-table" cellpadding="0" cellspacing="0"> <thead> <tr class="head"> <th class="col-name"> Name </th> <th class="col-size"> Size </th> <th class="col-description"> Description </th> </tr> </thead> <tbody> <tr class="directory odd"> <td class="col-name"> <a href="?path=<?php echo rawurlencode($up); ?>">..</a> </td> <td class="col-size"> </td> <td class="col-description"> </td> </tr> <?php $i = 1; ?> <?php foreach ($dirs as $dir) : ?> <tr class="directory <?php $i++; echo ($i % 2 == 0 ? 'even' : 'odd'); ?>"> <td><a href="?path=<?php echo rawurlencode(($basePath ? $basePath . '/' : '') . $dir); ?>"><?php echo htmlentities($dir, ENT_COMPAT, 'UTF-8'); ?></a></td> <td>Folder</td> <td></td> </tr> <?php endforeach; ?> <?php foreach ($files as $file) : ?> <tr class="<?php $i++; echo ($i % 2 == 0 ? 'even' : 'odd'); ?>"> <td><a target="_blank" href="<?php echo $galleryPath . $file['src']; ?>"><?php echo htmlentities($file['name'], ENT_COMPAT, 'UTF-8'); ?></a></td> <td><?php echo htmlentities($file['size'], ENT_COMPAT, 'UTF-8'); ?></td> <td><?php echo htmlentities($file['description'], ENT_COMPAT, 'UTF-8'); ?></td> </tr> <?php endforeach; ?> </tbody> </table> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </form> </body> </html> I can create the list of folders, but when I click on any of these, instead of being able to view the images, I receive the following error: Quote Warning: DOMDocument::load() [domdocument.load]: I/O warning : failed to load external entity "/homepages/2/d333603417/htdocs/development/UploadedFiles/files.xml" in /homepages/2/d333603417/htdocs/development/imagefolders.php on line 16 Warning: Invalid argument supplied for foreach() in /homepages/2/d333603417/htdocs/development/imagefolders.php on line 52 Line 16 is this line Code: [Select] $descriptions->load($absGalleryPath . 'files.xml'); and line 52 is this Code: [Select] foreach ($items as $key => $value){ However, if I change this line Code: [Select] $galleryPath = 'UploadedFiles/' . $_SESSION['username'] . '/' . $_SESSION['locationid'] . '/'; to Code: [Select] $galleryPath = 'UploadedFiles/' . 'IRHM73' . '/' . '1' . '/'; i.e. replacing the 'Session Variables' with the actual values, the page works. I've been working on this for days now, and I just can't find the solution. I just wondered whether someoen could perhaps have a look at this and let me know where I'm going wrong. Many thanks and regards Hi I am using very simple code. Here it is Code: [Select] <?php session_start(); $user = "guest"; $uid = "1"; echo $_SESSION['user']."<br />"; echo $_SESSION['uid']; ?> it displays this error Code: [Select] Notice: Undefined index: user in C:\wamp\www\DealDash\index.php on line 5 Notice: Undefined index: uid in C:\wamp\www\DealDash\index.php on line 6 how can I solve this problem? Help please hi all , i am working on a script which is oop driven and i m not much familiar with it, i appericiate if someone can help me to solve this problem , so basicaly current script is only setting one session variable to true if user login $_SESSION['is_successful_login'] , here is my code <?php include('files/db.php'); class ajaxLoginModule { private $timeout = null; private $target_element = null; private $wait_text = null; private $form_element = null; private $wait_element = null; private $notify_element = null; function __construct() { include ('config.php'); $msql = new Db; $msql->connect(); $this->is_login(); } function get_config() { $this->set_ajax_config(); } function set_ajax_config() { $this->timeout = AJAX_TIMEOUT; $this->target_element = AJAX_TARGET_ELEMENT; $this->wait_text = AJAX_WAIT_TEXT; $this->wait_element = AJAX_WAIT_ELEMENT; $this->notify_element = AJAX_NOTIFY_ELEMENT; $this->form_element = AJAX_FORM_ELEMENT; } function initLogin($arg = array()) { $this->get_config(); $this->login_script(); } function initJquery() { return "<script type='text/javascript' src='files/jquery-1.3.2.min.js'></script>"; } function login_script() { include ('files/login_script.php'); } function is_login() { if(isset($_POST['username'])) { $username = $_POST['username']; $password = $_POST['password']; $strSQL = "SELECT * FROM ".USERS_TABLE_NAME." WHERE username ='$username' AND password = '$password' "; $result = mysql_query ($strSQL); $row = mysql_fetch_row($result); /* //THIS IS WHAT I NEED $_SESSION['user'] = $row['username']; $_SESSION['id'] = $row['id']; */ $exist = count($row); if($exist >=2) { $this->jscript_location(); } else { $this->notify_show();} exit; } } function notify_show() { echo "<script>$('.".AJAX_NOTIFY_ELEMENT."').fadeIn();</script>"; } function jscript_location() { $this->set_session(); echo "<script> $('#container').fadeOut();window.location.href='".SUCCESS_LOGIN_GOTO."'</script>"; } function set_session() { session_start(); $_SESSION['is_successful_login'] = true; } } ?> i comment that line what i need is username and id to store in those session variables $_SESSION['user'] = $row['username']; $_SESSION['id'] = $row['id'] i tried to add code in function set_session but did not helped, appreciate for any help. Thanks Need help declaring some session variable guys. I have a login form where the member enters his 1. Pilot Callsign 2. Password I want to declare that Pilot Callsign as the session variable on authentication. Using that Pilot Callsign session variable, I will fetch data from the database relevant to his profile. I already have the whole login page coded along with the restricted access pages (not coded by me). Check this out 1. Page is coded like this and working PERFECTLY --- Code: [Select] <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['pilot_callsign'])) { $loginUsername=$_POST['pilot_callsign']; $password=$_POST['password']; mysql_select_db($database_brn_system, $brn_system); $LoginRS__query=sprintf("SELECT pilot_callsign, password, staff_level, firstname FROM pilots WHERE activated = 1 AND pilot_callsign=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $brn_system) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'staff_level'); if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; ?> --- 2. As you can see, there already is a session variable declared for Pilot Callsign But on the next page "Restricted Access Page", when I try to call this same Session Variable, it doesn't work. I tried doing this <?php echo $_SESSION['MM_Username'] ?> Moreover, I even tried to fetch data from the table like this - SELECT * FROM pilots WHERE pilot_callsign=$_SESSION['MM_Username'] Doesn't work |
|||||||