0

Im new to php and with working with mysql. I have table with users information: databse

In login I get execute query, get all information: my php

$query = "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
        //$result = mysql::query($query);
        $rows = mysql::select($query);
        // If result matched $myusername and $mypassword, table row must be 1 row

        if(count($rows) == 1) {
            $_SESSION['login_user'] = $username;
            if($rows['admin'] == 1) {
                $_SESSION['admin'] = true;
            } else {
                $_SESSION['admin'] = false;
            }
            header("location: index.php");
        } else {
            $error = "Your Login Name or Password is invalid";
        }

and then I log user in, it logs in all perfectly, but then I try to read if I'm an admin, and my tinyint value always the opposite other than it's in database.

Maybe it is something that php does, and I should switch my if permanently, or it's my fault?

Dona Tas
  • 3
  • 1
  • 3
  • 1
    [Edit] your question to include your code as text. – Kirk Beard May 25 '17 at 19:23
  • 1
    Can you post the table definition and a sample of the data where this problem is happening – Nigel Ren May 25 '17 at 19:23
  • Don't store passwords in plain text - http://php.net/manual/en/function.password-hash.php – Toastrackenigma May 25 '17 at 19:26
  • Little Bobby Tables approves of this question. – bishop May 25 '17 at 19:30
  • It would probably also be helpful to include the output of `var_dump($rows)` while you're adding info. – A C May 25 '17 at 20:01
  • I'm curious where mysql::select comes from. My guess would be that you aren't receiving an associative array so $rows['admin'] would never exist. – Keilaron May 25 '17 at 20:11
  • mysql::connect is from mysql class I created, and I'm receiving data, because I can log on, only problem is my $_SESSION['admin'] is false then in databse my tinyint named 'admin' is 1 and vice verca – Dona Tas May 25 '17 at 20:22
  • It looks like your `$_SESSION['login_user']` uses the value that was originally passed into the php script, and does not read the username back from the database result. I'd still be very interested in seeing a `var_dump($rows);` from right before the `if(count...` part, but failing that, what happens if you change your username code to be `$_SESSION['login_user'] = $rows['username'];` ? Does your username still get set properly? How about if you do `$rows[0]['username']` ? – A C May 25 '17 at 21:42

0 Answers0