user access control getting user level

Question

I have a login form with <form method="POST" action="formdata.php">
In formdata.php I have the variables as
$n=$_POST['name']; $p=$_POST['password'];

Then after succesful login I direct to the page "main.php" .

From main.php I want to check user level and based on user level restrict the pages that a user can access.

To get user level I included

$query=mysql_query("SELECT level FROM member WHERE  userName='$n'");
$level=mysql_fetch_array($query);
if ($level==3){
echo "level 3 user";
    }

But I don't think I get the user level from the database to the variable $level correctly as it doesn't executes if ($level==3) .

Can't I use $n in WHERE userName='$n' because $n is declared in formdata.php ?

How can I get the level field value from the database?

Answer 1

Your usage is wrong. It must be

if($level[0] == 3) 

or

if($level['level'] == 3) 

Answer 2

You should look into Sessions

When validating the login in formdata.php, save the user's data into session:

<?php
session_start();
// validate user credentials
$_SESSION['user_level'] = 3;
$_SESSION['user_name']  = 'John Smith';

You can then access this data in your main.php

<?php
session_start();
echo("Hello $_SESSION[user_name]!");

if ($_SESSION['user_level'] > 3) {
    echo "You have admin access";
} else {
    echo "You're a regular user";
}

Just remember to call session_start() on every page where you need to access session data. Also read up on the subject before using my sample, it's only a starting point.

Answer 3

mysql_fetch_array return array don't use it as a string

this condition would be

$level=mysql_fetch_array($query);
if ($level['level']==3){
     echo "level 3 user";
    }

Answer 4

The problem is here '$n'

check this : $query=mysql_query('SELECT level FROM member WHERE userName="'.$n.'"');