I Have Solve The Problem From The Code But Now It Should Return The Array From The User_level But It Return In blank any idea from the error please
<?php
$user_level = $_GET['user_level'];
session_start();
include_once 'dbconnect.php';
if(!isset($_SESSION['user'])){
header("Location: index.php");
}
$res=mysql_query("SELECT user_level FROM users where user=".$_SESSION['user']);
while($rows=mysql_fetch_array($res)){
echo $rows['user_level'];
// close while loop
}
die();
?>
Hi hello I have perform this code but it seems to have an error can some one help me with please.
The error is
A página de bitcoinrotator.publiadds.org.pt is not working
bitcoinrotator.publiadds.org.pt can not process this request for time. 500
The Code is
<?php
$user_level = $row['user_level'];
$user_level = $_GET['user_level'];
session_start();
include_once 'dbconnect.php';
if(!isset($_SESSION['user'])) //if he isnt logged in
{
header("Location: index.php");
}
$res=mysql_query("SELECT user_level FROM users where user=".$_SESSION['user']);
$rows=mysql_fetch_array($res);
echo $user_level;
echo $rows['user_level'];
}
}
?>
You have a syntax error in your brackets and the way that you are getting your information. You have, first, leed of use mysql becasue this extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. Returning at your problem. Try this (Changes are commented):
<?php
session_start(); //put your session at the top
require_once 'dbconnect.php'; //not include_once, just require once
$user_level = $_GET['user_level'];
if(!isset($_SESSION['user'])) //if he isnt logged in
{
header("Location: index.php");
} //you are finish the if statement
else //you have to create an else of your if for determinate if your setence if is not complete or not true
{
//You have an error too in $_SESSION['user']. You have to close in " " or ' ' and use it after in your query. Also and in this example, we will save $_SESSION['user'] in a variable $user.
$user = $_SESSION['user'];
$res = mysql_query("SELECT user_level FROM users where user='$user' ");
//At this point, we will going to create a while for extract information of the query
while ($rows = mysql_fetch_array($res, MYSQL_NUM)) {
echo $user_level;
echo $rows['user_level'];
}
?>
Well I Finish To Discovery The Way To Do With A friend
There It is The Solution For
<?php
session_start();
include_once 'dbconnect.php';
if(!isset($_SESSION['user']))
{
echo "You are not logged in.";
}else{
}
$res=mysql_query("SELECT user_level FROM users where user_id=".$_SESSION['user'])or die("We didnt did a sql query".mysql_error());
$rows=mysql_fetch_array($res);
$user_level = $rows['user_level'];
echo $user_level;
?>
Tanks For The Help
Related
After logging, session will start. So i have to manage session.php in all my other files to manage session. Here is my login file:
<?php
if(isset($_POST['submit']))
{
include("connect.php");
$user=mysqli_real_escape_string($con, $_POST['email']);
$pass=mysqli_real_escape_string($con, $_POST['password']);
$sql="SELECT * FROM users WHERE email='".$user."' AND password='".$pass."' ";
$query=mysqli_query($con, $sql) or die(mysqli_error($con));
$count=mysqli_num_rows($query);
if($count==1)
{
$row=mysqli_fetch_array($query);
session_start();
$_SESSION['user_id']=$row['uid'];
}
else {
header("location:../index.php?error=1");
}
if(isset($_SESSION["user_id"])) {
header("location:../home.php");
}
}
?>
And in sessions.php:
<?php
session_start();
session_regenerate_id();
if($_SESSION["user_id"])
{
include("connect.php");
$m1 = "select * from users where uid='".$_SESSION['user_id']."'";
$m2 = mysqli_query($con, $m1);
$m3 = mysqli_fetch_array($m2);
$_SESSION['username'] = $m3['fname'].' '.$m3['lname'];
}
else
if(!isset($_SESSION['user_id']))
{
header("location:index.php");
}
?>
As the session is started in login.php itself, i get error in sessions.php 'Session is already started'. But if i remove session_start();, it redirects to index.php (login form). I am confused.
Can somebody help me in this?
Many commenters have pointed out issues with the question as asked. I can't comment, so I'll offer this bit of advice.
die(mysqli_error($con))
These errors should go to a log file, not printed for the user to see. Someone could find vulnerabilities in your system by reading the error message and exploit them. Don't make it easy for them!
<?php
session_start();
$user_id = $_SESSION['user_id'];
if(isset($_POST['submit']))
{
include("connect.php");
$user=mysqli_real_escape_string($con, $_POST['email']);
$pass=mysqli_real_escape_string($con, $_POST['password']);
$sql="SELECT * FROM users WHERE email='".$user."' AND password='".$pass."' ";
$query=mysqli_query($con, $sql) or die(mysqli_error($con));
$count=mysqli_num_rows($query);
if($count==1)
{
$row=mysqli_fetch_array($query);
$_SESSION['user_id']=$row['uid'];
}
else {
header("location:../index.php?error=1");
}
if(isset($_SESSION["user_id"])) {
header("location:../home.php");
}
}
?>
And in sessions.php:
<?php
session_start();
session_regenerate_id();
if($user_id)
{
include("connect.php");
$m1 = "select * from users where uid='".$user_id."'";
$m2 = mysqli_query($con, $m1);
$m3 = mysqli_fetch_array($m2);
$_SESSION['username'] = $m3['fname'].' '.$m3['lname'];
}
else
if(!isset($user_id))
{
header("location:index.php");
}
?>
the problem is the session isn't destroyed when you logout so that you can still access some page that you ought not to access it, i placed an echo statement containing the login_user of the array $_SESSION and whenever you logout and paste the link of that page the login_user was printed successfully what's wrong with my code,I've even tried other ways than unset such as changing the value of login_user to "" nothing is changed.
login page code(named:HomeTest.php)
<?php
require("./config.php");
if ($_SERVER["REQUEST_METHOD"] == "POST"){
session_start();
....
if($count == 1) {
$_SESSION['login_user'] = $myusername;
header("location: welcome.php");
}else {
$error = "Your username or password is incorrect";
}
}
session.php :
<?php
require_once('./config.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysqli_query($conn,"select username from accounts where username = '$user_check' ");
$row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
$login_session = $row['username'];
if(!isset($_SESSION['login_user'])){
header("location:HomeTest.php");
}
?>
logout.php :
<?php
session_start();
if(session_destroy()) {
unset($_SESSION['login_user']);
header("Location: login.php");
}
?>
another page that shouldn't be accessed unless you're signed in :
<?php
require_once("./config.php");
require_once('./session.php');
if(!isset($_SESSION['login_user'])){
header("location:HomeTest.php");
die("");
}
?>
Use following code for logout.php
<?php
session_start();
session_destroy();
header("Location: login.php");
?>
Hope this will work
the probleme is because
if(session_destroy()) {}
does not return true
you can change that condition by
if(isset($_SESSION['login_user']))
Use the following code:
<?php
session_start();
session_unset();
I have started a session on config page, then $_SESSION['logged_out'] = 1; and on index page that:
if(isset($_SESSION['logged_out']))
{
echo "You have been logged out !";
unset($_SESSION['logged_out']);
}
But the echo not workig, like unset is before him. And i don`t understand why, please help me.
EDITED:
Config page:
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
ob_start();
session_start();
include 'connection.php';
include 'functions.php';
$logged_in = 0;
if(isset($_SESSION['username']) && isset($_SESSION['password']))
{
$username = sec($link, $_SESSION['username']);
$password = sec($link, $_SESSION['password']);
$udata = get_row($link, "SELECT * FROM accounts WHERE Username= '$username' && Password= MD5('$password')");
if(isset($udata['ID']))
{
$logged_in = 1;
if(isset($_GET['logout']))
{
unset($_SESSION['username']);
unset($_SESSION['password']);
$_SESSION['logged_out'] = "1";
mysqli_query($link, "UPDATE accounts SET rpgon = '0' WHERE Username = '$username'");
header('location: index.php');
}
}
} ?>
Index page:
if(isset($_SESSION['logged_out']))
{
echo "You have been logged out !";
unset($_SESSION['logged_out']);
}?>
This is it ...
If echo doesn't show anything is because the if condition is evaluated to false. This mean that $_SESSION['logged_out'] isn't set.
You have to start_session() on every page that uses the $_SESSION. In fact if you are using $_SESSION anywhere in your site, its best to start it on all your pages.
So add start_session() just after the first <?php to ensure it is always started for all pages
<php
start_session();
. . .
if(isset($_SESSION['logged_out']))
{
echo "You have been logged out !";
unset($_SESSION['logged_out']);
}
Added after additional info given
I think this may be one of your problems
$udata = get_row($link,
"SELECT * FROM accounts
WHERE Username= '$username'
&& Password= MD5('$password')"
);
The && should be AND, then this query should return a result. You should really be checking the result status from all query command like so:
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
session_start();
ob_start();
include 'connection.php';
include 'functions.php';
$logged_in = 0;
if(isset($_SESSION['username']) && isset($_SESSION['password']))
{
$username = sec($link, $_SESSION['username']);
$password = sec($link, $_SESSION['password']);
$udata = get_row($link, "SELECT * FROM accounts
WHERE Username= '$username'
AND Password= MD5('$password')"
);
// this would have shown the error in the sql query
// if it had been here before
if ( ! $udate ) {
echo mysqli_error($link);
exit;
}
// now this if will be executed
// although this if is probably no longer required
if(isset($udata['ID']))
{
$logged_in = 1;
if(isset($_GET['logout']))
{
unset($_SESSION['username']);
unset($_SESSION['password']);
$_SESSION['logged_out'] = "1";
mysqli_query($link, "UPDATE accounts SET rpgon = '0' WHERE Username = '$username'");
header('location: index.php');
// you should also follow a header() call with an exit;
exit;
}
}
}
?>
I am trying to create a logout page using session_destroy() but all i get is a blank page.
This is my code about logging in(I assume the problem has to be somewhere here but i am a beginner at this).
What i thought it will work is creating a session for the username since it is used at isset() but apparently its not working.
<?php
session_start();
$dbhost = "";
$dbuser = "";
$dbpassword = '';
$db= 'system_dev';
mysql_connect($dbhost,$dbuser,$dbpassword);
mysql_select_db($db);
include 'test.php';
if (isset($_POST['username'] )) {
$username=$_POST['username'];
$password=$_POST['password'];
$_SESSION['username']=$username;
$sql ="Select * FROM Company WHERE username='".$username."'AND password = '".$password."'LIMIT 1";
$sqlid = "Select CompanyId FROM Company WHERE username='".$username."'";
$result = mysql_query($sql);
$resultid= mysql_query($sqlid) or die('Query failed: '. mysql_error());
while ($row =mysql_fetch_array($resultid,MYSQL_ASSOC) ) {
echo "<tr>\n";
foreach ($row as $col_value){
echo "$col_value\n";
}
}
$company = mysql_free_result($resultid);
$_SESSION['CompanyId'] = $col_value;
}
if ( mysql_num_rows ($result)==1){
header ("Location: webdesign.php");
exit();
}
else {
echo "Invalid input";
exit();
}
?>
On the code of "logout.php" I have only written this:
<?php
session_start();
session_destroy();
header ("website.php");
?>
Thanks in advance and sorry if the answer is not how it should be. I have read the rules but this is the 2nd post so far. I believe i will get better someday :)
You should use Location in your header argument like header("Location: page.php");
you can place this header after you destroyed the session, that should not give any problems.
As Dorco said:
You should use Location in your header
So the logout function should looks like this:
session_destroy();
session_regenerate_id(TRUE);
header("Location: login.php");
die();
And I strongly suggest you, so not simply insert the post value into the SQL query. That will cause a SQL injection. Use prepare statement instead. PHP: Prepared Statement
I am trying to create two separate sessions- one for if the user is admin and another if the user is author. $type stored type as enum (can be either author or admin). But, I am not getting unique session id's for my sessions. I am new to PHP and MySQL . can somebody tell me where the error is in my code.
Please help
<?php
session_start();
?>
<?php
include("dbconnect.php");
$con= new dbconnect();
$con->connect();
//create and issue the query
$sql = "SELECT type FROM users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')";
$result = mysql_query($sql);
//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
$type_num=0;
//if authorized, get the values
while ($info = mysql_fetch_array($result)) {
$type =$info['type'];
}
if($type == "admin")
{
$_SESSION['type']=1;
$u = 'welcome.php';
header('Location: '.$u);
}
else
{
$_SESSION['type']=$type_num;
$u = 'welcome.php';
header('Location: '.$u);
}
}
else {
//redirect back to loginfailed.html form if not in the table
header("Location: loginfailed.html");
exit;
}
?>
welcome.php is as follows:
<?php
session_start();
?>
<html>
<body>
<h2>Welcome to SOD73.</h2>
<?
if($_SESSION['type']==1){
echo "You are of the usertype Admin and your session id is ";
echo session_id();
session_destroy();
}
else {
echo "You are of the usertype Author and your session id is ";
echo session_id();
session_destroy();
}
?>
</body>
</html>
You have to use session_regenerate_id() before call session_destroy() in the file welcome.php