After logging in, main.php is loaded and instead of displaying the correct included page, it displays Main Page.

So what is wrong w/ my code?

Thanks in advance for any and all help...

this is placed inside the "main.php"

<?php 
    require('core/db.php');
    require('core/check.php');
?>
  
This is placed inside the check.php

<?php
    if (level == "1")  { include('page_1.php'); } 
     else 
    if (level == "2") { include('page_2.php'); }
     else 
    if (level == "3") { include('page_3.php'); }
?>   
Inside the pages I have 
<?php 
   echo "Page_Name";
?>

<?php
if (level == "1") { include('page_1.php'); }
else
if (level == "2") { include('page_2.php'); }
else
if (level == "3") { include('page_3.php'); }
?>

Shouldn't level be $level ?

Shouldn't level be $level ?

nav33n,
Yea, I changed level to $level, but it still didn't change anything. I am unsure what else needs to be changed as far as the login form is concerned.

Here is the code for everything I have:

Log In form:

<?php
  session_start();
  if(isset($_GET['reg'])) 
   {
    $reg=$_GET['reg'];
  }
   else
    {
     $reg="";
    }
   if($reg==1) 
    {
     $msg1="<font color=\"#FF0000\"><b>Your details have been added, 
            please login</b></font>"; }    
     elseif($reg==2) {
      $msg1="<font color=\"#FF0000\"><b>You have been successfully logged out.</b></font>";
}

     if(isset($_POST['submit'])) {
      if( empty($_POST['username']) && (empty($_POST['password']))) {
       header( "Location:core/Messages.php?msg=1" ); 
      exit();
}

//transfer to shorter var

$n=$_POST['username'];
$p=$_POST['password'];

//connect to db
  require_once('core/db.php');
   $query="select username, password from admin where username='$n' and password='$p' ";
   $result=mysql_query($query);
	
   $num=mysql_num_rows($result);
    if($num>0 ){
   
//put in session vars
   $_SESSION['status'] = 'logged';
   $_SESSION['username'] = $n;

//goto next page
   header("location:main.php");
    exit;
     } else {
      $_SESSION['status'] = 'not logged';

   header( "Location:core/Messages.php?msg=2" ); 
    exit();
    }
  }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Title goes here</title>
</head>

<body>
<form action='index.php' method='post' class="login_form">
<table border="0"cellpadding="2" cellspacing="2" >
<tr> 
 <td>Username:</td>
 <td><input name="username" type="text" id="username" size="30"></td>
</tr>
<tr> 
 <td>Password:</td>
 <td><input name="password" type="password" id="password" size="30" class="password"></td>
</tr>
<tr>
 <td colspan="2" align=center><input type='submit' name='submit' value='login'></td>
</tr>
</table>
</form>
</body>
</html>
___________________________________________________________________________________________
secure.php

<?php
  session_start();
  if (empty($_SESSION['username'])) 
   { header("location:../index.php");
     exit; 
  }
 ?>
___________________________________________________________________________________________
check.php

<?php
  if ($level == "1") { include('page_1.php'); } 
   else 
  if ($level == "2") { include('page_2.php'); }
  else 
  if ($level == "3") { include('page_3.php'); }
?>

Okay.. Where are you setting a value to $level ?

Okay.. Where are you setting a value to $level ?

I just realized I wasn't.
So I added

$_SESSION["level"] = 1; 
$_SESSION["level"] = 2; 
$_SESSION["level"] = 3;

Also, in check.php, don't forget to assign $_SESSION value to $level.

Now it works, it just displays page_1.php for all users logging in.

$_SESSION["level"] = 1; 
$_SESSION["level"] = 2;
$_SESSION["level"] = 3;


check.php source:

<?php
  if ($level = "1") { 
   include('page_1.php');  } 
   else 
  if ($level = "2") { include('page_2.php'); }

   else 
  if ($level = "3") { include('page_3.php'); }
?>

Its $level == "1" and so on.. And why not use just if conditions ? ie.,

$level = $_SESSION['level'];
if ($level == "1") {
  include "page_1.php";
}
if($level == "2") {
  include "Page_2.php";
} 
//and so on..

Nav33n,
I have tried to the code in every which way possible. Nothing I do works correctly.
All I get is page_1.php to load no matter what.

Here is the code that I have now...

index.php

$level = $_SESSION['level'];
$_SESSION["level"] = 1;
$_SESSION["level"] = 2;
$_SESSION["level"] = 3;

check.php

<?php
$level = $_SESSION['level'];
if ($level == "1") {  include "page_1.php"; }
else
if ($level == "2") {  include "page_2.php"; }
else
if ($level == "3") {  include "page_3.php"; }
?>

This displays nothing.
When I change it to:

<?php
if ($level = "1") {  include "page_1.php"; }
else
if ($level = "2") {  include "page_2.php"; }
else
if ($level = "3") {  include "page_3.php"; }
?>

This will display page_1 no matter what the level is...
Please excuse my ignorance. Thanks for any and all help.

$level = 1 isn't correct. Since you are comparing the value of $level, you need to use comparison operator. http://nl.php.net/operators.comparison
Secondly, where are you assigning the value to $_SESSION ? I think the value is being overwritten or something. Btw, there is no session_start() in check.php. When you assign the value to the session variable, check whats in it. In check.php, check print out the session variable value and cross check !

If anyone knows the solution please feel free to help. All is appreciated,

I thought that the following code set the variable in the index.php:

$level = $_SESSION['level'];
$_SESSION["level"] = 1;
$_SESSION["level"] = 2;
$_SESSION["level"] = 3;

Then in check.php I have,

<?php
session_start();
$_SESSION['level'];
$level = $_SESSION['level'];
if ($level == "1") { include "page_1.php"; }
else
if ($level == "2") { include "page_2.php"; }
else
if ($level == "3") {  include "page_3.php"; }
?>

I don't have anything in the page_1.php - page_3.php, should I?

Again thank you for the help.

Also,
Nav33n, I check the url, and I am reading it throughly, just not totally understanding everything. Thanks for all the help and understanding...

$level = $_SESSION;
$_SESSION["level"] = 1;
$_SESSION["level"] = 2;
$_SESSION["level"] = 3;

You are assigning 1, 2, 3 to $_SESSION. In the end, the value in $_SESSION would be 3. Here is a simple example.

//test.php
<?php
$value = 100;
if($value < 100 ) {
   $_SESSION['level'] = 1;
} elseif ($value == 100 ) {
    $_SESSION['level'] = 2;
} else {
    $_SESSION['level'] = 3;
}
include "check.php";
?>

And this is check.php

<?php
session_start();
echo $_SESSION['level'];
?>

This is just an example to show you how sessions work.

Ok, I looked at the pages, and I looked at the sample code.
Now, I see what you are saying now.

Any help in writing the actual code would be greatly helpful and appreciated as I am totally unsure how to accomplish this....

here is how this should work...
1: User logs in
2: level is checked
3: Appropiate page is loaded

Thanks again for the help

just looking through your code, i noticed many problems (mostly security). if you could explain what exactly you are trying to accomplish in more detail, i would be glad to type up some code for you.

kkeith29,

Thank you.

Stupid keyboard.

Login page:
Correct User Credentials
load main.php
checks user level to load correct page.

Incorrect User Credentials supplied:
( this part doesn't work correctly )
it loads an error message is displayed
above the form.

Other then that, I am sure how to explain it.

where does the level come from, the database? I almost have the code written i just need that piece of information.

Kkeith, Yes it is called from the database.
here is the current structure for my table..

CREATE TABLE IF NOT EXISTS `admin` (
  `id` int(11) NOT NULL auto_increment,
  `username` varchar(20) default NULL,
  `password` varchar(255) default NULL,
  `level` char(1) NOT NULL,
  `email` varchar(255) default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;

--
-- Dumping data for table `admin`
--

INSERT INTO `admin` (`id`, `username`, `password`, `level`, `email`) VALUES
(1, 'admin', 'admin', '1', 'admin@url.com'),
(2, 'user', 'user', '2', 'user@url.com'),
(3, 'guest', 'guest', '3', 'guest@url.com');

Again,

Thanks for the help, i really appreciate it.

i wrote the code but i ran into a security issue. you want it set up where it includes a page depending on level, the problem with this is that i could go to the page itself even without the having that level of clearance and get access to things i shouldn't see. i fixed it but you are going to have add some code to all of the pages.

HERE IS THE LOGIN PAGE:

test it to make sure there are no errors, i didn't have time to check it.

<?php

session_start();

//Set page name
$thispage = 'index.php';

//If in the database info below.
$dbHost = '';
$dbUser = '';
$dbPass = '';
$dbDB   = '';

$con = mysql_connect($dbHost,$dbUser,$dbPass) or die('Could not connect');
mysql_select_db($dbDB) or die('Could not selected database');

if (!isset($_SESSION['username'])) {
	if (isset($_POST['submit'])) {
		$user = mysql_real_escape_string($_POST['username']);
		$pass = mysql_real_escape_string($_POST['password']);
		$msg = '';
		$error = 0;
		if ($user == '') {
			$msg .= 'Username is blank<br />';
			$error++;
		}
		if ($pass == '') {
			$msg .= 'Password is blank<br />';
			$error++;
		}
		if ($error > 0) {
			$errmsg = $msg;
		}
		else {
			$sql   = "SELECT * FROM `admin` WHERE `username` = '" . $user . "' AND `password` = '" . $pass . "'";
			$query = mysql_query($sql) or die('Error: ' . mysql_error());
			$num   = mysql_num_rows($query);
			if ($num > 0) {
				$errmsg = 'Username and/or Password incorrect';
			}
			else {
				$res = mysql_fetch_assoc($query);
				$level = $res['level'];
				$_SESSION['username'] = $user;
				$_SESSION['level']    = $level;
				switch($level) {
					case 1:
						$location = 'page_1.php';
					break;
					case 2:
						$location = 'page_2.php';
					break;
					case 3:
						$location = 'page_3.php';
					break;
				}
				header('Location: ' . $location);
				die();
			}
		}
	}
$html =<<<HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Title goes here</title>
</head>
<body>
<form action="index.php" method="post" class="login_form">
<table border="0"cellpadding="2" cellspacing="2" >
<tr>
 <td colspan="2">$errmsg</td>
</tr>
<tr>
 <td>Username:</td>
 <td><input name="username" type="text" id="username" size="30"></td>
</tr>
<tr> 
 <td>Password:</td>
 <td><input name="password" type="password" id="password" size="30" class="password"></td>
</tr>
<tr>
 <td colspan="2" align=center><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
HTML;
}
else {
	$level = $_SESSION['level'];
	switch($level) {
		case 1:
			$location = 'page_1.php';
		break;
		case 2:
			$location = 'page_2.php';
		break;
		case 3:
			$location = 'page_3.php';
		break;
	}
	header('Location: ' . $location);
	die();
}

echo $html;

mysql_close($con);

?>

HERE IS THE CODE FOR THE 3 PAGES:

you just need to change the $level variable to the appropiate number.

<?php

session_start();

//Change this to the level of the page
$level = 1;

if (isset($_SESSION['level'])) {
	if ($_SESSION['level'] !== $level) {
		header('Location: index.php');
		die();
	}
}
else {
	header('Location: index.php');
	die();
}

?>

Keith,

Thanks man,

I am checking it the best I can for errors and such. However, I am not sure why but when I test it it just displays the error message, even though the user/pass is correct.

Thank you for your time, and help. I really do appreciate it.

my bad, i screwed up.

replace $num > 0 with $num == 0. that should fix the problem

Keith,

I don't get it... Now nothing is being displayed...

i'll pm you the fixed code.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.