Mysql result to set session variable

Question

I want to use the result of a mysql query to set a session variable however at present I am struggling to make it set.

My code I have is:

<?php

ob_start("ob_gzhandler");

?>
<?php 
// Include required MySQL configuration file and functions 
require_once('config.inc.php'); 
require_once('functions.inc.php'); 

// Start session 
session_start(); 

// Check if user is already logged in 
if ($_SESSION['logged_in'] == true) { 
          // If user is already logged in, redirect to main page 
          redirect('../index.php'); 
} else { 
          // Make sure that user submitted a username/password and username only consists of alphanumeric chars 
          if ( (!isset($_POST['username'])) || (!isset($_POST['password'])) OR 
               (!ctype_alnum($_POST['username'])) ) { 
                        redirect('../login.php'); 
          } 

          // Connect to database 
          $mysqli = @new mysqli(DB_HOSTNAME, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
// Check connection 
          if (mysqli_connect_errno()) { 
                        printf("Unable to connect to database: %s", mysqli_connect_error()); 
                        exit(); 
          } 

          // Escape any unsafe characters before querying database 
          $username = $mysqli->real_escape_string($_POST['username']); 
          $password = $mysqli->real_escape_string($_POST['password']); 

          // Construct SQL statement for query & execute 
          $sql              = "SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . md5($password) . "'"; 
          $result = $mysqli->query($sql); 

// If one row is returned, username and password are valid 
          if (is_object($result) && $result->num_rows == 1) { 
                        // Set session variable for login status to true 

                        $_SESSION['auth_lvl'] = $Auth_lvl;
                        $_SESSION['logged_in'] = true;


                        redirect('../index.php'); 
          } else { 
                        // If number of rows returned is not one, redirect back to login screen 
                        redirect('../login.php'); 
          } 
} 
?>

I am then testing the session variables with:

<?php 
session_start(); 
echo "Login Status is:".$_SESSION['logged_in'];
echo "<br/>";
echo "Auth status is level:".$_SESSION['auth_lvl'];
?>

On my testing page the session logged in works fine displaying the correct information however the auth lvl variable displays nothing.

I can only assume that I am not calling the information correctly that I am setting the variable with in the first place.

Any help would be appreciated.

Alan.

Something I have notice and I have been trying the suggestions is that if I set a definative rather than trying to retreive a value from the database that value will return on my test page. i.e.

$_SESSION['auth_lvl'] = 'test';

This tells me it is the way in which I am pulling the data from the database and trying to set it as $_SESSION['auth_lvl'] that is causing the problem.

Please provide the columns of the users table. $Auth_lvl does not have a value and this results in null being set to $_SESSION['auth_lvl']. You most likely need to assign a value to $Auth_lvl: $row = $result->fetch_row(); $Auth_lvl = $row['auth_lvl']; — Kenny
– Kenny, Commented Apr 19, 2012 at 14:54
@Kenny The columns are: id(Auto inc) username password Auth_lvl I tried your suggested piece of code but no joy. — Burdie87
– Burdie87, Commented Apr 19, 2012 at 15:17
Above $_SESSION['auth_lvl'] = $Auth_lvl; add the following: $row = $result->fetch_row(); var_dump($row); and see what $row contains. — Kenny
– Kenny, Commented Apr 19, 2012 at 15:27
@Kenny I put the code suggested however I am not sure what or where is is supposed to display something?? The page that sets the session forwards the user onto the index page once they are logged in. — Burdie87
– Burdie87, Commented Apr 21, 2012 at 8:42

Burdie87 · Accepted Answer · 2012-04-21 09:00:13Z

2

Found the problem.

the code read:

$result = $mysqli->query($sql); 

// If one row is returned, username and password are valid 
if (is_object($result) && $result->num_rows == 1) { 

// ADD THIS SET OF LINES
$data = mysql_fetch_assoc( $result );

// Replace auth_lvl with the name of your database column name
$Auth_lvl = $data['Auth_lvl'];


// Set session variable for login status to true 
$_SESSION['auth_lvl'] = $Auth_lvl;
$_SESSION['logged_in'] = true;

Because I had used mysqli on this code I had not notice that on the //ADD THIS SET OF LINES piece of code that an 'i' was missing. When I changed the code to:

$data = mysqli_fetch_assoc( $result );

Everything fired into life.

Thanks for your help guys.

answered Apr 21, 2012 at 9:00

Burdie87

1233 silver badges14 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

jon · Accepted Answer · 2012-04-19 14:54:15Z

1

I can't see anywhere that you have assigned $Auth_lvl with a value, so when you do:

$_SESSION['auth_lvl'] = $Auth_lvl;

It's presumably getting assigned null.

answered Apr 19, 2012 at 14:54

jon

6,2865 gold badges30 silver badges35 bronze badges

1 Comment

Burdie87 Over a year ago

thats correct it displays nothing Auth status is level: Im trying to set it in the area of code Dan is talking about however with little avail. I have tried the code dan suggests however it makes no difference.

Dan Joseph · Accepted Answer · 2012-04-19 14:54:02Z

0

I'm not seeing where you are setting $Auth_lvl. After you check for the results being there, and rows, you're going straight to setting a session variable against an empty variable.

      if (is_object($result) && $result->num_rows == 1) { 
                    // ADD THIS SET OF LINES
                    $data = mysql_fetch_assoc( $result );

                    // Replace auth_lvl with the name of your database column name
                    $Auth_lvl = $data['auth_lvl']'

                    // Set session variable for login status to true 

                    $_SESSION['auth_lvl'] = $Auth_lvl;
                    $_SESSION['logged_in'] = true;


                    redirect('../index.php');

Then with your logged_in session variable, you're setting it as a boolean, true, and then trying to echo it out as normal text.

if ( $_SESSION['logged_in'] ) { echo "Login status is: True"; }

I hope that helps.

-Dan

answered Apr 19, 2012 at 14:54

Dan Joseph

891 silver badge7 bronze badges

3 Comments

Burdie87 Over a year ago

Dan your right about echoing the boolean result but this is only testing to see that when I added in this new auth lvl piece of code that the original was working so it did not have to be pretty or read nicely on screen

jon Over a year ago

Small typo dan, $Auth_lvl = $data['auth_lvl']' -> $Auth_lvl = $data['auth_lvl'];

Dan Joseph Over a year ago

It almost sounds like you're losing your session somewhere. Are you on a single server, or using any type of different session handling other than file level?

Collectives™ on Stack Overflow

Mysql result to set session variable

3 Answers 3

Comments

1 Comment

3 Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

Comments

1 Comment

3 Comments

Your Answer

Sign up or log in

Post as a guest

Related