Click here to Skip to main content
14,773,751 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I have written a php code to grant access to logged in users with a privilege of "1" to a page and to login if logged in user does not have the access of "1". But when I test, it logs out all users instead

What I have tried:

<?php
session_start();

$conn = mysqli_connect("localhost","root", "","bosmak_properties");

echo $_SESSION['user_name'];

$query=mysqli_query($conn,"SELECT * from users WHERE user_name =".$_SESSION['user_name']);
while ($row=mysqli_fetch_array($query)){
$privileges=$row['privileges'];
}
if($privileges==1){
header ("Location: project_cost.php");
}
else{
	header ("Location: login/logout.php");
}
?>
Posted
Updated 15-Nov-20 1:29am
v3
Comments
Richard MacCutchan 15-Nov-20 6:30am
   
Use the debugger to find out what values are being returned from the database. No one here can guess the results.
akynyemi 15-Nov-20 6:42am
   
Thanks Richard for the swift response. How do I do this please?
Gerry Schmitz 15-Nov-20 11:08am
   
Better safe than sorry.
Richard Deeming 16-Nov-20 3:12am
   
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900