thefandango Posted June 24, 2015 Share Posted June 24, 2015 Hi In my sites admin panel I have created a form that writes a value to the database of either 1 for a seller account and 0 for a buyer account, keeping it as a value of "seller" within a table called "members". I thought it would be easy to fudge a query and show or hide a sellers form, but I'm not having any luck. My PHP skills are close to zero The file that generates the form I want to hide is below. How can I insert a db query into this page (?) that will only show this form to someone who is a seller and display a message only to someone who is a buyer? <?php include("include/config.php"); include("include/functions/import.php"); if ($_SESSION['USERID'] != "" && $_SESSION['USERID'] >= 0 && is_numeric($_SESSION['USERID'])) { $allowposting = "1"; $vonly = $config['vonly']; if($vonly == "1") { $uverified = $_SESSION['VERIFIED']; if($uverified != "1") { $allowposting = "0"; } } if($config['enable_levels'] == "1" && $config['price_mode'] == "3") { $timecheck = time() - 86400; $query = "select count(*) as total from posts where USERID='".mysql_real_escape_string($_SESSION['USERID'])."' AND time_added>='".mysql_real_escape_string($timecheck)."'"; $executequery=$conn->execute($query); $lastjobs = $executequery->fields['total']+0; $query = "select level from members where USERID='".mysql_real_escape_string($_SESSION['USERID'])."'"; $executequery=$conn->execute($query); $mlevel = intval($executequery->fields['level']); if($mlevel == "3") { $jlimit = $config['level3job']; } elseif($mlevel == "2") { $jlimit = $config['level2job']; } elseif($mlevel == "1") { $jlimit = $config['level1job']; } else { $jlimit = ""; } if($jlimit != "") { if($lastjobs >= $jlimit) { $allowposting = "2"; } } } if($allowposting == "1") { if($_POST['subform'] == "1") { $gtitle = cleanit($_REQUEST['gtitle']); $gcat = intval(cleanit($_REQUEST['gcat'])); $gdesc = htmlentities(strip_tags(stripslashes($_REQUEST['gdesc']), '<p><i><strong><br><font><span><em><ol><li>'), ENT_COMPAT, "UTF-8"); $ginst = cleanit($_REQUEST['ginst']); $gtags = cleanit($_REQUEST['gtags']); $gtags = str_replace(".", "", $gtags); $gdays = intval(cleanit($_REQUEST['gdays'])); $gyoutube = cleanit($_REQUEST['gyoutube']); $shipme = intval(cleanit($_REQUEST['shipme'])); $multipleme = intval(cleanit($_REQUEST['multipleme'])); $extrasme = intval(cleanit($_REQUEST['extrasme'])); $instanturl = cleanit($_REQUEST['instanturl']); if($gtitle == "") { $error = "<li>".$lang['92']."</li>"; } elseif(strlen($gtitle) > 200) { $error = "<li>".$lang['509']."</li>"; } if($shipme == "1") { include("new_ship.scriptolution.com.php"); } elseif($multipleme == "1") { $multiplemax = intval(cleanit($_REQUEST['multiplemax'])); if($multiplemax > 0) { $scriptolution_add_multiple = ", scriptolution_add_multiple='".mysql_real_escape_string($multiplemax)."'"; } $fiverrscriptdotcom = "1"; } elseif($extrasme == "1") { $scriptolution_process_extras = "1"; $fiverrscriptdotcom = "1"; } else { $fiverrscriptdotcom = "1"; } if($fiverrscriptdotcom == "1") { if($config['price_mode'] == "1") { $price = intval(cleanit($_REQUEST['gprice'])); if($price == "0") { $error = "<li>".$lang['127']."</li>"; } $comper = intval($config['commission_percent']); $count1 = $comper / 100; $count2 = $count1 * $price; $ctp = number_format($count2, 2, '.', ''); } elseif($config['price_mode'] == "3") { $PACID = intval(cleanit($_REQUEST['gprice'])); $query = "select pprice,pcom from packs where ID='".mysql_real_escape_string($PACID)."'"; $executequery=$conn->execute($query); $price = intval(cleanit($executequery->fields['pprice'])); $comper = intval(cleanit($executequery->fields['pcom'])); if($price == "0") { $error = "<li>".$lang['435']."</li>"; } $count1 = $comper / 100; $count2 = $count1 * $price; $ctp = number_format($count2, 2, '.', ''); } elseif($config['price_mode'] == "2") { $price = intval($config['price']); $comper = intval($config['commission_percent']); $count1 = $comper / 100; $count2 = $count1 * $price; $ctp = number_format($count2, 2, '.', ''); } else { $price = intval($config['price']); $mysetc = $config['commission']; $ctp = number_format($mysetc, 2); } } if($gcat == "0") { $error .= "<li>".$lang['93']."</li>"; } if($gdesc == "") { $error .= "<li>".$lang['94']."</li>"; } elseif(strlen($gdesc) > 5000) { $error = "<li>".$lang['510']."</li>"; } if($ginst == "") { $error .= "<li>".$lang['95']."</li>"; } if($gtags == "") { $error .= "<li>".$lang['96']."</li>"; } if(scriptolution_banned_words_chk($gtitle)) { $error .= "<li>".$lang['556']."</li>"; } if(scriptolution_banned_words_chk($gdesc)) { $error .= "<li>".$lang['586']."</li>"; } if(scriptolution_banned_words_chk($gtags)) { $error .= "<li>".$lang['587']."</li>"; } if(scriptolution_banned_words_chk($ginst)) { $error .= "<li>".$lang['588']."</li>"; } if($gdays == "0") { if($instanturl=="" && $_FILES['instantfile']['tmp_name']=="") { $error .= "<li>".$lang['97']."</li>"; } } if($instanturl!="" || $_FILES['instantfile']['tmp_name']!="") { include("new_instant.scriptolution.com.php"); } $gphoto = $_FILES['gphoto']['tmp_name']; if($gphoto != "") { $ext = substr(strrchr($_FILES['gphoto']['name'], '.'), 1); $ext2 = strtolower($ext); if($ext2 == "jpeg" || $ext2 == "jpg" || $ext2 == "gif" || $ext2 == "png") { $theimageinfo = getimagesize($gphoto); if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3) { $error .= "<li>".$lang['100']."</li>"; } } else { $error .= "<li>".$lang['100']."</li>"; } } else { $error .= "<li>".$lang['101']."</li>"; } if($gyoutube != "") { $gyoutube = str_replace("https://", "http://", $gyoutube); $pos = strpos($gyoutube, "http://www.youtube.com/watch?v="); $posb = strpos($gyoutube, "http://www.youtu.be/"); $posc = strpos($gyoutube, "http://youtu.be/"); if ($pos === false) { if ($posb === false) { if ($posc === false) { $error .= "<li>".$lang['133']."</li>"; } } } } if($error == "") { $approve_stories = $config['approve_stories']; if($approve_stories == "1") { $active = "0"; } else { $active = "1"; } $query="INSERT INTO posts SET USERID='".mysql_real_escape_string($_SESSION['USERID'])."', gtitle='".mysql_real_escape_string($gtitle)."',gtags='".mysql_real_escape_string($gtags)."', gdesc='".mysql_real_escape_string($gdesc)."', ginst='".mysql_real_escape_string($ginst)."', days='".mysql_real_escape_string($gdays)."', youtube='".mysql_real_escape_string($gyoutube)."', category='".mysql_real_escape_string($gcat)."', price='".mysql_real_escape_string($price)."', time_added='".time()."', date_added='".date("Y-m-d")."', pip='".$_SERVER['REMOTE_ADDR']."', active='$active', ctp='".mysql_real_escape_string($ctp)."' $scriptolution_add_multiple $addship $scriptolution_add_instant"; $result=$conn->execute($query); $pid = mysql_insert_id(); if($scriptolution_process_extras == "1") { include("new_extras.scriptolution.com.php"); } if($gphoto != "") { $thepp = $pid."-1"; if($theimageinfo[2] == 1) { $thepp .= ".gif"; } elseif($theimageinfo[2] == 2) { $thepp .= ".jpg"; } elseif($theimageinfo[2] == 3) { $thepp .= ".png"; } if($error == "") { $myvideoimgnew=$config['pdir']."/".$thepp; if(file_exists($myvideoimgnew)) { unlink($myvideoimgnew); } move_uploaded_file($gphoto, $myvideoimgnew); do_resize_image($myvideoimgnew, "380", "265", false, $config['pdir']."/t/".$thepp); do_resize_image($myvideoimgnew, "102", "72", false, $config['pdir']."/t2/".$thepp); do_resize_image($myvideoimgnew, "678", "458", false, $config['pdir']."/t3/".$thepp); do_resize_image($myvideoimgnew, "214", "132", false, $config['pdir']."/t4/".$thepp); if(file_exists($config['pdir']."/".$thepp)) { $query = "UPDATE posts SET p1='$thepp' WHERE PID='".mysql_real_escape_string($pid)."'"; $conn->execute($query); } } } $gphoto2 = $_FILES['gphoto2']['tmp_name']; if($gphoto2 != "") { $ext = substr(strrchr($_FILES['gphoto2']['name'], '.'), 1); $ext2 = strtolower($ext); if($ext2 == "jpeg" || $ext2 == "jpg" || $ext2 == "gif" || $ext2 == "png") { $theimageinfo = getimagesize($gphoto2); if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3) { $gstop = "1"; } else { $gstop = "0"; } } if($gstop == "0") { $thepp = $pid."-2"; if($theimageinfo[2] == 1) { $thepp .= ".gif"; } elseif($theimageinfo[2] == 2) { $thepp .= ".jpg"; } elseif($theimageinfo[2] == 3) { $thepp .= ".png"; } $myvideoimgnew=$config['pdir']."/".$thepp; if(file_exists($myvideoimgnew)) { unlink($myvideoimgnew); } move_uploaded_file($gphoto2, $myvideoimgnew); do_resize_image($myvideoimgnew, "380", "265", false, $config['pdir']."/t/".$thepp); do_resize_image($myvideoimgnew, "102", "72", false, $config['pdir']."/t2/".$thepp); do_resize_image($myvideoimgnew, "678", "458", false, $config['pdir']."/t3/".$thepp); do_resize_image($myvideoimgnew, "214", "132", false, $config['pdir']."/t4/".$thepp); if(file_exists($config['pdir']."/".$thepp)) { $query = "UPDATE posts SET p2='$thepp' WHERE PID='".mysql_real_escape_string($pid)."'"; $conn->execute($query); } } } $gphoto3 = $_FILES['gphoto3']['tmp_name']; if($gphoto3 != "") { $ext = substr(strrchr($_FILES['gphoto3']['name'], '.'), 1); $ext2 = strtolower($ext); if($ext2 == "jpeg" || $ext2 == "jpg" || $ext2 == "gif" || $ext2 == "png") { $theimageinfo = getimagesize($gphoto3); if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3) { $gstop = "1"; } else { $gstop = "0"; } } if($gstop == "0") { $thepp = $pid."-3"; if($theimageinfo[2] == 1) { $thepp .= ".gif"; } elseif($theimageinfo[2] == 2) { $thepp .= ".jpg"; } elseif($theimageinfo[2] == 3) { $thepp .= ".png"; } $myvideoimgnew=$config['pdir']."/".$thepp; if(file_exists($myvideoimgnew)) { unlink($myvideoimgnew); } move_uploaded_file($gphoto3, $myvideoimgnew); do_resize_image($myvideoimgnew, "380", "265", false, $config['pdir']."/t/".$thepp); do_resize_image($myvideoimgnew, "102", "72", false, $config['pdir']."/t2/".$thepp); do_resize_image($myvideoimgnew, "678", "458", false, $config['pdir']."/t3/".$thepp); do_resize_image($myvideoimgnew, "214", "132", false, $config['pdir']."/t4/".$thepp); if(file_exists($config['pdir']."/".$thepp)) { $query = "UPDATE posts SET p3='$thepp' WHERE PID='".mysql_real_escape_string($pid)."'"; $conn->execute($query); } } } if($approve_stories == "1") { $message = $lang['126']; if($config['scriptolution_notify_gigval'] == "1") { $scriptolution_notify_gigval_email = $config['scriptolution_notify_gigval_email']; if($scriptolution_notify_gigval_email != "") { $sendername = $config['site_name']; $from = $config['site_email']; $subject = $lang['553']; $sendmailbody = $lang['554']."<br><br>"; $sendmailbody .= $lang['555']."<br>"; $sendmailbody .= "<a href=".$config['baseurl']."/administrator/gigs_validate.php>".$config['baseurl']."/administrator/gigs_validate.php</a><br><br>"; $sendmailbody .= $lang['23'].",<br>".stripslashes($sendername); mailme($scriptolution_notify_gigval_email,$sendername,$from,$subject,$sendmailbody,$bcc=""); } } } else { $gurl = $config['baseurl']."/".get_cat_seo($gcat)."/".$pid."/".seo_clean_titles($gtitle); $feurl = $config['baseurl']."/feature?id=".$pid; header("Location:$feurl");exit; } } else { STemplate::assign('gtitle',$gtitle); STemplate::assign('gcat',$gcat); STemplate::assign('gdesc',$gdesc); STemplate::assign('ginst',$ginst); STemplate::assign('gtags',$gtags); STemplate::assign('gdays',$gdays); STemplate::assign('gyoutube',$gyoutube); } } else { $gtitle = cleanit($_REQUEST['quicktitle']); STemplate::assign('gtitle',$gtitle); } $templateselect = "new.tpl"; } elseif($allowposting == "2") { $error = $lang['498']; $templateselect = "new2.tpl"; } else { $error = $lang['445']; $templateselect = "new2.tpl"; } $pagetitle = $lang['61']; STemplate::assign('pagetitle',$pagetitle); } else { header("Location:$config[baseurl]/");exit; } //TEMPLATES BEGIN STemplate::assign('sm0',"1"); STemplate::assign('error',$error); STemplate::assign('message',$message); STemplate::display('scriptolution_header.tpl'); STemplate::display($templateselect); STemplate::display('scriptolution_footer_nobottom.tpl'); //TEMPLATES END ?> Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted June 24, 2015 Share Posted June 24, 2015 you need a user/permission system. see the following basic example - // roles define('BUYER',0); define('SELLER',1); // other roles would go here... // permissions define('CREATE_LISTING',1); define('POST_REPLY',2); // other permissions would go here.... class user { private $permissions = array(); public function __construct($user_id){ // this code retrieves the user's permissions based on their assigned role // define permissions to roles. this would normally be in a database table // for demo purposes, these are just assigned here... $permissions[BUYER][] = POST_REPLY; $permissions[SELLER][] = CREATE_LISTING; $permissions[SELLER][] = POST_REPLY; // fake code to assign a role based on dummy user id's // actual code would retrieve the role from wherever it is stored if($user_id == 123){ // a dummy buyer $role = BUYER; } if($user_id == 456){ // a dummy seller $role = SELLER; } $this->permissions = $permissions[$role]; // store this user's permissions } public function has_permission($var) { return in_array($var,$this->permissions); } } $_SESSION['USERID'] = 123; // a fake user - with role of buyer // example usage - $user = new user($_SESSION['USERID']); // get this user's permissions if($user->has_permission(CREATE_LISTING)){ // code for creating or processing a listing... echo 'you can create a listing'; } if(!$user->has_permission(CREATE_LISTING)){ // note the ! (not) echo 'you cannot access this page'; } if($user->has_permission(POST_REPLY)){ echo 'you can post a reply'; } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.