Hello. I am working on a permission system for a site I am creating. First I will explain what I am trying to do, then I will explain the problem I am having. I am saving the active permissions for a user at login. The permissions are saved in a mysql database by group. My query gets the correct data which is then saved to an array. The user logs in using a standard login html login form. After login the users id is saved in a session variable ($_SESSION). This login form is in a seperate page which is then included into my main index file.

I am trying to save the permissions in that same session array. I am using a while loop to save a new session variable in the $_SESSION array for each permission set as active in the db. In the loop it does 2 things. First it sets the value of a temporary variable to the variable portion of the array string. In my example $temp = SESS_PERM1. The dynamic value is the number which is the id which was retrieved using my query.

The problem I'm having is with the login script that executes after the user clicks login. The user id and username are saved in the session array and accessible from all other pages in the site. When the login script is first loaded the session variables are empty. If I then refresh the page while the login script is still loaded the variables will be set and accessible from all other pages in the site. I have tested this by removing the redirect that normally sends the user back to the main index after login. I also tried using a meta tag to force the browser to not use cache on the login script. This is the first time I have tried using a dynamic variable so I'm not very sure what I could be doing wrong. Any help would be grateful. Here is the pertinent code from my login script.

//Check whether the query was successful or not
	if($result) {
		if(mysql_num_rows($result) == 1) {
            
            if($member[active] != 1) {
                echo 'Your account is disabled.';
                }
                else{
                    
            
			//Login Successful save member login info
			session_regenerate_id();			
			$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
			$_SESSION['SESS_NAME'] = $member['name'];            
				
//Save permission for current user in $_SESSION['SESS_PERM#'] variable where # = the permission id	
	while ($rowplist=mysql_fetch_array($result2)) {	
	$ptemp = 'SESS_PERM'.$rowplist['pid'].'';
	$_SESSION["$ptemp"] = 'true';		            
	}
    session_write_close();
        
    //header("location: ../httest.php");    
    echo '$ptemp = '.$ptemp.'';
    echo '$_SESSION[\'SESS_PERM1\'] = '.$_SESSION['SESS_PERM1'].'';
			exit();
            
		}							
		}else {
			//Login failed
			header("location: login-failed.php");
			exit();
		}   
	}
Member Avatar for diafol
while ($rowplist=mysql_fetch_array($result2)) {

shouldn't this be:

while ($rowplist=mysql_fetch_array($result)) {

I have 2 seperate queries. Result checks the username and password. Result2 gets the permission list.

Member Avatar for diafol

session_start() at the top?

session_start() at the top?

Yes it is. Like I said before if I set the login script to not redirect and then hit refresh on my browser the session variables get set and all is good. I just need it to set them the first time the script is run.

I have looked over my code again and the only thing I can think of that could cause this problem is if something is being ran in the wrong order but I cant seem to figure out what. Any ideas?

With the help of some people from another forum I got it working. The problem was that I had 2 mysql queries and only the first was being ran. I merged them and moved some code around to reflect the changes.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.