Home/ Questions/Q 7368017
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T03:36:41+00:00

I have a comment page, and where I have user roles(Global Admin(3), Admin(2), User(1)),

  • 0

I have a comment page, and where I have user roles(Global Admin(3), Admin(2), User(1)), they can all post comments on the page.

My problem is that the user role (1,2, or 3) is put into the table instead of the user name, Any ideas how to fix this? Here is the insert code.

<?
include 'dbconnect.php';
$userName = $_SESSION['user'];
$comment = $_REQUEST["comments"];
$game_ID = $_SESSION['id'];
$query = "INSERT INTO comments (userName, comment, page_ID) VALUES ('$userName',     '$comment', '$game_ID')";
mysql_query ($query);
echo "Thanks, your comment has been added!";
include 'close.php';
?>

Login Code:

$errorMessage = '';
if (!empty($_POST['txtuserName']) && !empty($_POST['txtpassword'])) {
include 'dbconnect.php';


$user   = $_POST['txtuserName'];
$password = $_POST['txtpassword'];

// check if the user id and password combination exist in database
$query = "SELECT userName, password, role FROM member WHERE userName = '$user' AND password = '$password'";

$output = mysql_query($query) or die('Query failed. ' . mysql_error()); 
$row = mysql_fetch_array($output);

if (mysql_num_rows($output) == 1 AND $row['role']==1) {
    // the user id and password match, 
    // set the session
    $_SESSION['user'] = true;
    // after login we move to the main page
    header('Location: games.php');
    exit;
}
elseif (mysql_num_rows($output) == 1 AND $row['role']==2) {
    // the user id and password match, 
    // set the session
    $_SESSION['admin'] = true;
    $_SESSION['user'] = true;
    // after login we move to the main page
    header('Location: games.php');
    exit;
}
elseif (mysql_num_rows($output) == 1 AND $row['role']==3) {
    // the user id and password match, 
    // set the session
    $_SESSION['admin'] = true;
    $_SESSION['user'] = true;
    $_SESSION['global'] = true;
    // after login we move to the main page
    header('Location: listUsers.php');
    exit;
}
else {
    $error = 'The supplied username and/or password was incorrect. Please try again.';
}

include 'close.php';
}
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Simply place userName into the session:

    $_SESSION['userName'] = $row['userName'];

    It will then be available in the rest of your application.

    Also keep in mind that you can place arrays into the session. So, you’d be able to refactor your code as:

    $_SESSION['user'] = array('userName'=>$row['userName'], 'role'=>$row['role']);

    And later in your code:

    if ($_SESSION['user']['role'] == 2) {
    // allow admin stuff
}
    • 0