stakeknife

Hi again all, I have written a new addition to my program that allows a user to login, it checks what sort of class the user can be (Member, Admin or Head Admin).

Here are some snippets explaining whats going on

I catch the username like so>>>
$username = $_POST['username'];

do the database connection thing

then this code checks the username and pwassword with that in the db and the program then starts adding stuff to the sessions:

if($_POST['username'] == $fetch_em["user_name"] && $_POST['password'] == $fetch_em["user_password"])
{

session_start();
session_register("sessionvar");

$num=mysql_num_rows($sql);
$i=0;
while($i<$num)
{
$userclass = mysql_result($sql,$i,"user_class");
++$i;
}
$id = session_id(); //gets the session id if cookies are disabled
session_register($username);
session_register($userclass);
$url = "Location: admin_launch.php?sid=" . $id;
header($url);

The really snazzy part is meant to be the next part. In the users.php file users can add/edit and delete users and user classes. Logically i need to lock this down. So this is where the userclass variable above comes into play.

So users.php starts with the usual
session_start();
session_id();
and then checks if the sessionvar (see above) is registered if it is then the program runs, if it doesnt back to login, all fairly okay up to now.

So i have a section that adds the new user class but before the code inside here is executed we check the userclass of the user like so:

if ($_SESSION['userclass']=="Admin" || $_SESSION['userclass']=="Head Admin")
{
do code to add user class
}
else
{
?>
<p>Members do not have access to these pages</p>
<?
}

This should work from what i know, but it doesnt, the user class doesnt appear to be held, though i can put it in the address bar if i write

$url = "Location: admin_launch.php?sid=" . $id .$userclass;

Anyway, it doesnt appear to hold the value as it always goes to the else statement and it never prints username when its called.

The apache error log shows me the following errors..........

[Tue Apr 12 21:08:31 2005] [error] PHP Notice: Undefined index: username in c:\\web\\core\\admin\\admin_launch.php on line 34
[Tue Apr 12 21:09:39 2005] [error] PHP Notice: Undefined index: username in c:\\web\\core\\admin\\admin_launch.php on line 34
[Tue Apr 12 21:18:27 2005] [error] PHP Notice: Undefined index: userclass in c:\\web\\core\\admin\\users.php on line 30
[Tue Apr 12 21:18:27 2005] [error] PHP Notice: Undefined index: userclass in c:\\web\\core\\admin\\users.php on line 30
[Tue Apr 12 21:18:27 2005] [error] PHP Notice: Undefined index: userclass in c:\\web\\core\\admin\\users.php on line 50

ANY IDEAS?

Really stuck on this at the moment...

System is Win32, Apache 1.3 and PHP 4

Thanks in advance

BlazingWolf

Undefined Index would mean that your $_POST varibles aren't set which means you made an error either on that page that sumbits the varibles to those pages or an error on those pages.

Make sure the name attributes are set and correspond with the calls the the $_POST varibles.

__________________
_______________________________
BlazingWolf

tempest

Undefined index doesn't specifically mean that $_POST isn't set, more that the index "userclass" of the $_POST array isn't defined.

A few questionable lines of code
[php]
session_register("sessionvar");
...
session_register($username);
session_register($userclass);
[/php]

The first segment is cool and all, but that basically just intializes $_SESSION["sessionvar"] with no value. Which you never seem to use so that just kind of confused me a little bit.

The next section, assuming the username and userclass are fred and admin respectivly, initialize $_SESSION["fred"] and $_SESSION["admin"] with no values. The only way to retreive these values later is a bit trivial. My guess is you want this...

[php]session_register("username");
session_register("userclass");
$_SESSION['username'] = $username;
$_SESSION['userclass'] = $userclass;[/php]

Also you use user_class and userclass session array index's throughout your program, you may want to fix that and change them all to one or the other. After that, i'd have to see all of your code.

__________________