User Login - multiple table session variables

I have 2 tables a client table and a product table. The username and password are stored in the product table as a client can log in to different websites depending on what product they have and they can use different usernames/passwords for each website.

On this particular website there are 2 login levels; a manager login and staff login. When a user logs in they are taken to the manager login and if they don't have the correct permissions they are redirected to the staff login.

My problem is the value that determines whether the user is manager or staff is stored in the clients table (usertype) as this will always be the same regardless of what products they have.

When the user logs in I can store session variables but only from the table where the username and password is stored.

I have tried creating a recordset on the manager login page to pull the 'clienttype' and then add the security access but it doesn't work. Is there anyway of storing this variable on login?

This is the page code...

$colname_client = "-1";
if (isset($_GET['Login_ClientID'])) {
$colname_client = $_GET['Login_ClientID'];
}
mysql_select_db($database_extratime, $extratime);
$query_client = sprintf("SELECT customercontacts.`Ref`, customercontacts.Title, customercontacts.Surname, customercontacts.FirstName, customercontacts.ClientType, customercontacts.ClientTypeLevel FROM customercontacts WHERE customercontacts.`Ref`=%s", GetSQLValueString($colname_client, "int"));
$client = mysql_query($query_client, $extratime) or die(mysql_error());
$row_client = mysql_fetch_assoc($client);
$totalRows_client = mysql_num_rows($client);
?>
<?php require_once( "../webassist/security_assist/helper_php.php" ); ?>
<?php
if (!WA_Auth_RulePasses("mlogin")){
WA_Auth_RestrictAccess("../login/index.php");
}


This is the securityhelper code

<?php

function WA_Auth_GetComparisonsForRule($ruleName){
$comparisons = array();

switch ($ruleName){
case "login":
$comparisons[0] = array(TRUE, "".$row_client['ClientTypeLevel'] ."", 1, "2");
break;
case "mlogin":
$comparisons[0] = array(TRUE, "".$row_client['ClientTypeLevel'] ."", 1, "1");
break;
}
return $comparisons;
}


function WA_Auth_GetGroup($groupName){
$group = Array();

switch($groupName){

}

return $group;
}

?>

using recordset values in the access rules won't work correctly.

This is because the recordset will always be added to the page after the code that attaches security assist to the page.

instead, you should create the recordset, then use the set session value behavior to save the ClientTypeLevel to a session, and use that session in the access rules.

you will need to make sure the code for the recordset and to save the session comes before the access rule.

I have tried doing it with Session variables but it still isn't working this is my code...

<?php session_start(); ?>
<?php require_once('../Connections/extratime.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php

$colname_client = "-1";
if (isset($_GET['Login_ClientID'])) {
$colname_client = $_GET['Login_ClientID'];
}
mysql_select_db($database_extratime, $extratime);
$query_client = sprintf("SELECT customercontacts.`Ref`, customercontacts.Title, customercontacts.Surname, customercontacts.FirstName, customercontacts.ClientType, customercontacts.ClientTypeLevel FROM customercontacts WHERE customercontacts.`Ref`=%s", GetSQLValueString($colname_client, "int"));
$client = mysql_query($query_client, $extratime) or die(mysql_error());
$row_client = mysql_fetch_assoc($client);
$totalRows_client = mysql_num_rows($client);
?>
<?php
if (!session_id()) session_start();
if("" == "") {
$_SESSION["clienttypelevel"] = "".$row_client['ClientTypeLevel'] ."";
}
?>
<?php require_once( "../webassist/security_assist/helper_php.php" ); ?>
<?php
if (!WA_Auth_RulePasses("mlogin")){
WA_Auth_RestrictAccess("../login/index.php");
}
?>


And the helpergroupsrulesphp...
<?php

function WA_Auth_GetComparisonsForRule($ruleName){
$comparisons = array();

switch ($ruleName){
case "login":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['clienttypelevel']))?$_SESSION['clienttypelevel']:"") ."", 1, "2");
break;
case "mlogin":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['clienttypelevel']))?$_SESSION['clienttypelevel']:"") ."", 1, "1");
break;
}
return $comparisons;
}


function WA_Auth_GetGroup($groupName){
$group = Array();

switch($groupName){

}

return $group;
}

?>

$_GET['Login_ClientID'] is not the correct variable to use. the ID is not saved to a get variable, it is saved to a Session Variable. assuming that Login_ClientID is the name of the session created by the login behavior, the run time value to use in the recordset is:
$_SESSION['Login_ClientID']

and you may need to add:
<?php @session_start(); ?>

at line 1 of the page.

duh! I should have spotted that thanks.

you're welcome.