Wont display link when logged in as admin

ive been following a tutorial to create a blog. ive got most of it all set up but when i log in as an admin the create a new thread doesnt appear.

this is the tutorial page - http://www.devshed.com/c/a/MySQL/Creating-the-Admin-Script-for-a-PHP-MySQL-Blogging-System/

the link im actually trying to get at has this bit of code around it:

<? if($_SESSION['level'] == "Admin") {?>
          <td width="17&#37;">&nbsp;</td>
          <td width="83%"><a href="new_post.php">Create New Thread </a></td>
        <? }?> 

it is checking the $session to see if the level of the user in the db is either Admin or Normal.

i couldnt seem to get it to work so i did print_r($_SESSION) and found that the level wasnt being printed so that was never going to work:

Array ( [time] => 09:39:19 AM [status] => logged [username] => the [level] => )

i then found out where the session array was being produced and i added a variable of my own and level:

//put in session vars
$mytime=date("H:i:s A",$mytime);
$_SESSION['time'] = $mytime;
$_SESSION['status'] = 'logged';
$_SESSION['username'] = $n;

unfortunatly that allowed every user with admin or normal rights to see the link. i am banging my head against the wall to get this link to work.

Thanks for looking and would appreciate the help.


that didnt work either. hmmmm this is odd. the level doesnt actually get printed.

this is what gets printed when i do print_r($_SESSION):

Array ( [time] => 14:40:34 PM [status] => logged [username] => test [level] => )

i thought this might fix it but unfortunatly it still doesnt display the level:

$_SESSION['level'] = $row['level'];

The $uname variable doesn’t exist.

If that still doesn’t work you can do a print_r of the $_SESSION variable to make sure ‘username’ is set.

You could also temporarily set $username to equal your admin account ($username = ‘the’) to make the link show.

the database structure is i have a table called user insde that i have fields:
level - this is text either Admin or Normal. and that is retrieved by a dropdown menu when you register

obviously im only focusing on level. but i cant seem to get your code to work.

at the top of my page. which is main.php i have:

include "../config.php";
include "functions.php";

$username = mysql_real_escape_string($_SESSION['username']);

$query = mysql_query('SELECT level FROM user WHERE username = "' . $uname . '"');

$row = mysql_fetch_assoc($query);

$isAdmin = $row['level'] == 'Admin' ? true : false; 


and then around my link i have your bit of code:

<?php if ($isAdmin == true){ ?>
          <td width="17&#37;">&nbsp;</td>
          <td width="83%"><a href="new_post.php">Create New Thread </a></td>
		<? }?>

unfortunatly that link still doesnt appear

When a user login, at the very moment you check the database, you should set the level variable…

that way you can have a look in the database, to see if the current user is a normal user or an admin user.

What I thought it would be was $_SESSION [‘level’] = $row[‘level’]; but that didn’t work. Any ideas where I’d go next?

Rather than setting the level when logging in, it’d be better to select it from the database at the start of the page, i.e:

$username = mysql_real_escape_string($_SESSION['username']);
$query = mysql_query('SELECT level FROM users WHERE username = "' . $username . '"');
$row = mysql_fetch_assoc($query);

$isAdmin = $row['level'] == 'Admin' ? true : false;

Then you can do:

<?php if ($isAdmin == true){ ?>
   <!-- Show link here -->
<?php } ?>

This assuming that the level column equals ‘Admin’, ‘Member’, etc and not an id (1,2,etc) as I can’t find the database structure for that tutorial.

Can you explain. I don’t really understand what you mean by having it as a variable.