user privileges

[freemancomputer]

I just added a user log on page to my site that allows you to see the page only when logged in. I am also in the need to make some links shown only when an admin is logged in. The way I have it now is users are ranked 1 for admin and 2 for user. I was thinking of having a while statement of sorts that will only show a link if a user is ranked as a 1. the problem is I don't know how I would pass on the rank of the user in the session.

Thanks in advance.

here's what I have to create the session

PHP Code:

<?php
//connection info

$sql="SELECT * FROM user WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);


$count=mysql_num_rows($result);


if($count==1){
session_start(); 
$_SESSION['login'] = "1"; 
header ("Location:index.php");
} else { 
$errorMessage = "Invalid Login"; 
session_start(); 
$_SESSION['login'] = '';
} 
?>

and here's what I put in the header that will be on each page.

PHP Code:


<?php
session_start();
if(!$_SESSION['login']){
header("location:login.php");
}
?>

As this is my first user log in I will take any pointers on how to make it better.

[djmatt]

if you store the rank with the username and all their other information, simply assign it to a session variable:

$sql="SELECT * FROM user WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$data = mysql_fetch_array($result, MYSQL_ASSOC) ;
$_SESSION['rank'] = $data['rank'];

then,
if($_SESSION['rank'] == "1" ) { echo "you are an admin. Please enjoy these links."; }
else {echo "you are a nobody."; }


For simplicity, and to prevent problems, you should call the session_start() first, instead of repeating the code in both condition statements.
There is a lot of code missing from your post, so I will assume you are taking proper precautions in preventing injection attacks and properly protecting passwords.