PDO query with session doesn't return anything

Question

I'm starting to learn PDO and while doing this decided to rewrite my old mysql_* code. So I have a login form which according to userlevel redirects to different locations. This is done ( I think since I can login correctly ). Next when redirects me I have query which depending of userlevel show some result from database. The problem is that it doesn't return anything and there are no errors in the logfile. This is my login. Am I doing it correctly?

session_start();
if(isSet($_POST['submit'])) {
include 'misc/database.inc.php';
$pdo = Database::connect();

$username=$_POST['username']; 
$password=sha1($_POST['password']); 

    $stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username AND password = :password");

    $stmt->bindParam(':username', $username);
    $stmt->bindParam(':password', $password);

    $stmt->execute();

    $res  = $stmt -> fetch();

if ($res['userlevel'] == 1)
{
    // Save type and other information in Session for future use.
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
        $_SESSION['userlevel'] = $userlevel;

    header( "location: admins/main.php");   
}
elseif ( $res['userlevel'] >= 4 ) 
{
        $_SESSION['user_id'] = $id; 
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
        $_SESSION['userlevel'] = $userlevel;
        $_SESSION['firstname'] = $firstname;
        $_SESSION['lastname'] = $lastname;
        $_SESSION['user_image'] = $user_image;
        $_SESSION['email'] = $email;    
        header('Location: users/main.php');
}
else 
{
    header("location: index.php");
}
// Closing MySQL database connection 
$pdo = null;
} else {

And this is the query which I want to perform in main.php when login according to userlevel

<?php
include '../misc/database.inc.php';
$pdo = Database::connect();
$q = "SELECT * FROM ras AS r 
    LEFT JOIN user_ras AS r2u ON r.userlevel = r2u.ras_userlevel
    LEFT JOIN users AS u ON r2u.user_userlevel = u.userlevel where menu = '".$_SESSION['userlevel']."'";

foreach($pdo->query($q) as $res)
{
    echo '<a href="users/ras.php?rest_id='. $res['ras_id'] .'">'.$res['name'].'</a>';

 }
 Database::disconnect();
 ?>

As I said I'm completely new to PDO so please bear with me and if you can help me. Thank you.

Update - database.inc.php

<?php
class Database
{
private static $dbName = 'dbname' ;
private static $dbHost = 'localhost' ;
private static $dbUsername = 'user';
private static $dbUserPassword = 'pass';

private static $cont  = null;

public function __construct() {
    die('Init function is not allowed');
}

public static function connect()
{
   // One connection through whole application
   if ( null == self::$cont )
   {     
    try
    {
      self::$cont =  new PDO( "mysql:host=".self::$dbHost.";"."dbname=".self::$dbName, self::$dbUsername, self::$dbUserPassword); 
    }
    catch(PDOException $e)
    {
      die($e->getMessage()); 
    }
   }
   return self::$cont;
}

public static function disconnect()
{
    self::$cont = null;
}
}
?>

Answer 1

where are the variables defined that you are assigning to session $id, $userlevel, $firstname, $lastname, $user_image, $email ? They are undefined at this point:

    $_SESSION['user_id']   = $id; 
    $_SESSION['userlevel'] = $userlevel;
    $_SESSION['firstname'] = $firstname;
    $_SESSION['lastname']  = $lastname;
    $_SESSION['user_image']= $user_image;
    $_SESSION['email']     = $email; 

I think what you need is this

session_start();
if(isSet($_POST['submit'])) {
include 'misc/database.inc.php';
$pdo = Database::connect();

$username=$_POST['username']; 
$password=sha1($_POST['password']); 

    $stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username AND password = :password");

    $stmt->bindParam(':username', $username);
    $stmt->bindParam(':password', $password);

    $stmt->execute();

    $res  = $stmt -> fetch();

if ($res['userlevel'] == 1)
{
    // Save type and other information in Session for future use.
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
        $_SESSION['userlevel'] = $res['userlevel'];

    header( "location: admins/main.php");   
}
elseif ( $res['userlevel'] >= 4 ) 
{
        $_SESSION['user_id']   = $res['id'];
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;  
        $_SESSION['userlevel'] = $res['userlevel'];
        $_SESSION['firstname'] = $res['firstname'];
        $_SESSION['lastname']  = $res['lastname'];
        $_SESSION['user_image']= $res['user_image'];
        $_SESSION['email']     = $res['email']; 
        header('Location: users/main.php');
}
else 
{
    header("location: index.php");
}
}

Answer 2

Can you echo the contents of $res ? such as:

echo "<pre>";
print_r($res);
echo "<pre>";

and see what the result is, maybe your array doesn't know the value of $res['userlevel'] , your array might be accessed as $res[0]['userlevel'] or something like that.

Let me know if it works

Answer 3

You should check to see if you have a result set.

    if ($res) {

    foreach($pdo->query($q) as $res)
    {
        echo '<a href="users/ras.php?rest_id='. $res['ras_id'] .'">'.$res['name'].'</a>';

     }
    } else {
    echo '<p>no result</p>';
   }