I have a simple members table in my mySQL database with the following fields: memberID, username, password, role .
I want to print a text, when a specific role is logged in. I tried it with the username and here it works very well:
<?php if ($_SESSION['username'] == 'Barbara') : ?>
<span>Hello Admin!</span>
<?php endif; ?>
But when I try to do the same thing with the role , it is not printing anything.
<?php if ($_SESSION['role'] == 'admin') : ?>
<span>Hello Admin!</span>
<?php endif; ?>
What could be the reason?
This is my login script:
<?php
require_once('includes/config.php');
if( $user->is_logged_in() ){ header('Location: memberpage.php'); }
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password)){
$_SESSION['username'] = $username;
header('Location: memberpage.php');
exit;
} else {
$error[] = 'Wrong username or password or your account has not been activated.';
}
}
$title = 'Login';
require('layout/header.php');
?>
you try below code
<?php session_start();
$_SESSION['name']='urname';
$_SESSION['role']='admin';
if($_SESSION['role']=='admin')
{?>
<span>your logged as a admin</span>
Updated the User.php class with a new method to fetch the userData based on a username. You only need to use the username once pr. execution (unless you would like to load another users data )
Then updated the session setter to fetch the role data, and set it.
Best Jonas
Try and update your User.php file with this:
<?php
include('password.php');
class User extends Password{
private $_db;
private $_userData;
function __construct($db){
parent::__construct();
$this->_userData = null;
$this->_db = $db;
}
private function get_user_hash($username){
try {
$stmt = $this->_db->prepare('SELECT password FROM members WHERE username = :username AND active="Yes" ');
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row['password'];
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->password_verify($password,$hashed) == 1){
$_SESSION['loggedin'] = true;
return true;
}
}
public function getUserData($username = null)
{
if( is_null( $this->_userData ) && is_null( $username ) )
{
return null;
}
if( !is_null( $this->_userData ) && is_null( $username ) )
{
return $this->_userData;
}
if( !is_null($username) )
{
try {
$stmt = $this->_db->prepare('SELECT username,role FROM members WHERE username = :username AND active="Yes" ');
$stmt->execute(array('username' => $username));
$this->_userData = $stmt->fetch(PDO::FETCH_OBJ);
return $this->_userData;
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
}
public function logout(){
session_destroy();
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
}
?>
And then, do like this:
<?php
require_once('includes/config.php');
if( $user->is_logged_in() ){ header('Location: memberpage.php'); }
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if($user->login($username,$password)){
$userData = $user->getUserData( $username );
// This is where you set your username session
$_SESSION['username'] = $username;
// Set your role session here aswell
$_SESSION['role'] = $userData->role;
header('Location: memberpage.php');
exit;
} else {
$error[] = 'Wrong username or password or your account has not been activated.';
}
}
$title = 'Login';
require('layout/header.php');
?>
Your session is just storing the username not the role, you'll need to load the role from the database ie
<?php
$rUserInfo=mysql_query("select * from members where username='".addslashes($_SESSION['username'])."'");
if($aUserInfo=mysql_fetch_array($rUserInfo))
{
if($aUserInfo['role']=='admin')
{
?>
<span>Hello Admin!</span>
<?php
}
}
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.