Hello. I am working on a permission system for a site I am creating. First I will explain what I am trying to do, then I will explain the problem I am having. I am saving the active permissions for a user at login. The permissions are saved in a mysql database by group. My query gets the correct data which is then saved to an array. The user logs in using a standard login html login form. After login the users id is saved in a session variable ($_SESSION). This login form is in a seperate page which is then included into my main index file.
I am trying to save the permissions in that same session array. I am using a while loop to save a new session variable in the $_SESSION array for each permission set as active in the db. In the loop it does 2 things. First it sets the value of a temporary variable to the variable portion of the array string. In my example $temp = SESS_PERM1. The dynamic value is the number which is the id which was retrieved using my query.
The problem I'm having is with the login script that executes after the user clicks login. The user id and username are saved in the session array and accessible from all other pages in the site. When the login script is first loaded the session variables are empty. If I then refresh the page while the login script is still loaded the variables will be set and accessible from all other pages in the site. I have tested this by removing the redirect that normally sends the user back to the main index after login. I also tried using a meta tag to force the browser to not use cache on the login script. This is the first time I have tried using a dynamic variable so I'm not very sure what I could be doing wrong. Any help would be grateful. Here is the pertinent code from my login script.
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
if($member[active] != 1) {
echo 'Your account is disabled.';
}
else{
//Login Successful save member login info
session_regenerate_id();
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_NAME'] = $member['name'];
//Save permission for current user in $_SESSION['SESS_PERM#'] variable where # = the permission id
while ($rowplist=mysql_fetch_array($result2)) {
$ptemp = 'SESS_PERM'.$rowplist['pid'].'';
$_SESSION["$ptemp"] = 'true';
}
session_write_close();
//header("location: ../httest.php");
echo '$ptemp = '.$ptemp.'';
echo '$_SESSION[\'SESS_PERM1\'] = '.$_SESSION['SESS_PERM1'].'';
exit();
}
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}