-2

I have a log in page.First, when the user enters the correct username and password he will move to managing page. But, I want to fetch his database information for another page. I mean I detect the username and password, then get other rows from that.

I know which I can use sessions, but session gives me one value and this is want I do not need.

<?php
    if(isset($_POST['username'])){
        if(isset($_POST['password'])){
            $user_id = $_POST['username'];
            $password = $_POST['password'];
            $result = mysql_query("SELECT * FROM `users`");
            while($row = mysql_fetch_array($result)){
                $db_id = $row[0];
                $db_user_id = $row["user_id"];
                $db_user_pass = $row["user_pass"];
                $db_user_type = $row["user_type"];
                $db_user_name = $row["user_name"];
                if($db_user_id == $user_id && $db_user_pass == $password && $db_user_type == "manager"){
                    header("Location: manager.php");
                    $_SESSION['currentmanager'] = $user_id;
                }elseif($db_user_id == $user_id && $db_user_pass == $password && $db_user_type == "user"){
                     $_SESSION['currentuser'] = $user_id;
                    header("Location: users.php");
                }elseif($db_user_id == $user_id && $db_user_pass == $password && $db_user_type == "teacher"){
                    $_SESSION['currentteacher'] = $user_id;
                    header("Location: teachers.php");
                }
            }
        }
    }
?>
IVIajid
  • 190
  • 9
  • 1
    *"but session gives me one value"* - What do you mean by "one" value? Plus, I highly suggest you add `exit;` after all your headers. – Funk Forty Niner Nov 15 '14 at 17:08
  • 1
    `$_SESSION['some_array'] = array(1,3,4);` – u_mulder Nov 15 '14 at 17:11
  • I mean you can put a variable in that. But you can't get other information using that session. My problem is to detect username and password entered in log in page for managing page to fetch information. – IVIajid Nov 15 '14 at 17:12
  • 1
    You can assign sessions to pretty much anything you want, even an array, as "u_mulder" stated, a fetched row for example. – Funk Forty Niner Nov 15 '14 at 17:13

1 Answers1

0
$_SESSION['some_array'] = array(1,3,4);

as @u_mulder said.

Thanks.

IVIajid
  • 190
  • 9
  • Enjoy the ride :) *Cheers* – Funk Forty Niner Nov 15 '14 at 17:27
  • 2
    Your present code is open to [**SQL injection**](http://stackoverflow.com/q/60174/). Use [**`mysqli` with prepared statements**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php), or [**PDO with prepared statements**](http://php.net/pdo.prepared-statements). This is a must nowadays. – Funk Forty Niner Nov 15 '14 at 17:27