I am trying to do a PHP session that only allows someone who is a Staff member of my CMS to access the administration panel. I am using a bool of, by default, is 0 for a regular member then a 1 for if we are a staff member.
Also, "Fatal error: Call to a member function prepare() on a non-object" is being displayed because the statement is not selecting the information from the database?
$session = ($_SESSION['members']);
$stmt = $db->prepare('SELECT * FROM members WHERE staff = :staff') or trigger_error(mysql_error());
$stmt->execute(array(':staff' == 1));
while($data = $stmt->fetch()) {
if($data == 1) {
include 'styles/headers/header.php';
include 'styles/content/articles.php';
include 'styles/footers/footer.php';
}
else {
echo '<meta http-equiv="refresh" content="0; url=../login.php">';
}
}
I am not sure how to add the session of them being logged in into the actual select statement of getting the bool for 1 or 0. Maybe I am doing all of this wrong? OR is there an even better way to do this session handling with PHP and PDO?
