Smackie Posted May 26, 2008 Share Posted May 26, 2008 Greetings, I been working on a forum. its almost complete.. but im having a problem (btw this forum is for only my site). I am calling all the categories out from a while loop and was wondering if someone could tell me how i can some of the categories were only selected members can view thie topics and stuff.? here is the page.. <table width="100%" height="20" border="0" bgcolor="000033" cellpadding="2" cellspacing="0"> <tr> <th class="txt" width="80%">Forum</th> <th class="txt" width="10%">Topics</th> <th class="txt" width="10%">Post</th> </tr> </table> <?php $get_category = mysql_query("SELECT * FROM category GROUP BY id") or die(mysql_error()); while($row = mysql_fetch_array($get_category)) { ?> <table width="100%" height="20" border="0" bgcolor="00255d" cellpadding="2" cellspacing="0"> <tr> <th class="txt" width="60%" align="left"><B><U><font size="2"><?php echo $row['category']; ?></font></u></b></th> </tr> </table> <table width="100%" border="1" bordercolor="CFC095" bgcolor="000033" cellpadding="3" cellspacing="0"> <?php $id = $_GET['id']; $get_topic = mysql_query("SELECT * FROM header WHERE catid=" . $row['id'] . " ORDER BY catid") or die(mysql_error()); while($topic_info = mysql_fetch_array($get_topic)) { $id = $topic_info['id']; $catid = $topic_info['catid']; $heading = stripslashes($topic_info['heading']); $description = $topic_info['description']; $get_num_topics = mysql_query("SELECT catid FROM forum_question WHERE catid = $catid"); $topics = mysql_num_rows($get_num_topics); $get_num_posts = mysql_query("SELECT catid FROM forum_answer WHERE catid = $catid"); $posts = mysql_num_rows($get_num_posts); ?> <tr> <td class="txt" width="80%" align="left"><a href="../index.php?seashadows=topic&catid=<?php echo $catid; ?>&id=<?php echo $id; ?>"><?php echo $heading; ?></a><br /><?php echo $description; ?></td> <td class="txt" width="10%"><?php echo $topics; ?></td> <td class="txt" width="10%"><?php echo $posts; ?></td> <?php if($_SESSION['user_level'] == 5) { ?> <tr> <td class="txt" align="right" colspan="3"><a class="two" href="../index.php?seashadows=header_functions&id=<?php echo $id; ?>">Edit</a> | <a class="two" href="../index.php?seashadows=header_functions&action=delete1&id=<?php echo $id; ?>">Delete</a></td> </tr> <tr> <td class="txt" align="right" colspan="3"><a href="../index.php?seashadows=add_heading"><strong>Create New Subject</strong></a></td> </tr> <?php } } } ?> </table> here is what the page looks like http://seashadows.uni.cc/index.php?seashadows=forum i need Promotion Review Board to only be shown to people who are selected. Thank you, Smackie Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 26, 2008 Share Posted May 26, 2008 add a field on the member table to indicate whether that member can view the page. i usually use an unsigned tinyint. then store a 0 or 1 in there to indicate whether they can't (0) or can (1) view the page. when a member attempts to load a protected page, check whether their member record has a 0 or 1 in that field. if the member isn't supposed to have access to that page, display an error or use header() and exit. Quote Link to comment Share on other sites More sharing options...
Smackie Posted May 26, 2008 Author Share Posted May 26, 2008 i don't want the page to be hidden from members.. i just want one of the catagories hidden from the members except for the people i let be in there. i have user_level set 0-5 but that ain't what i need. but think you anywaysBlueSkyIS Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 26, 2008 Share Posted May 26, 2008 same principle: you need a field to indicate whether the user is able to see 'whatever', whether it's a category or a page or anything else. the user must be differentiated, and a field on the user seems to me to be the most logical way to do it. Quote Link to comment Share on other sites More sharing options...
blueman378 Posted May 27, 2008 Share Posted May 27, 2008 just thought id point out you seem to be having some mysql errors : ERROR LOG oh yeah some security errors too ADMIN Files i know lets change your password.... Password change you need some better security mate oh yeah you need some security on your forum also, check out this link you allow iframes so simply using a page that has frame breakouts will redirect users away from your site... UH OH oh yeah dont worry im not doing anything malicious jsut simple stuff that wont cause any problems to help you Quote Link to comment Share on other sites More sharing options...
Gighalen Posted May 27, 2008 Share Posted May 27, 2008 Blueman, Was it really necessary to post that last link Quote Link to comment Share on other sites More sharing options...
blueman378 Posted May 27, 2008 Share Posted May 27, 2008 jsut showing him all the possiblilities, atleast i didnt use any sql injections Quote Link to comment Share on other sites More sharing options...
Smackie Posted May 27, 2008 Author Share Posted May 27, 2008 just thought id point out you seem to be having some mysql errors : ERROR LOG oh yeah some security errors too ADMIN Files i know lets change your password.... Password change you need some better security mate oh yeah you need some security on your forum also, check out this link you allow iframes so simply using a page that has frame breakouts will redirect users away from your site... UH OH oh yeah dont worry im not doing anything malicious jsut simple stuff that wont cause any problems to help you first off seashadows.uni.cc is located on my hard drive its my testing area.. second off your only showing me the error log file i already new about which was caused from me changing something in the script and yeah. and change password im still working on that. like i said this is on my testing server. and another thing i don't use iframes i never have and never will.. i use tables.. and this site (when i say this site. i mean the real site) is only for people that play Dangerous Waters. but none of this is helping me solve my forum problem. Quote Link to comment Share on other sites More sharing options...
Smackie Posted May 27, 2008 Author Share Posted May 27, 2008 i see what you mean by iframes in forum yes i know about that working on bbcoding for it and once i get bbcoding on there it will deal away with the allowing html inputs. but im still looking on fixing the viewing files from each folder. but the forum im still working the access to it.. but i should have added this earlier but i was alittle hot from working outside getting everything cleaned up after the bad storm we had last night.. but thank you for the tips.. but can you give me a tip on how to get my category to work like i need it? lol Quote Link to comment Share on other sites More sharing options...
blueman378 Posted May 27, 2008 Share Posted May 27, 2008 sure, well lets assume you have in your users table details like username, password (which i hope is md5), email ect, it sounds like you also have one for level, so when the user logs in im guessing you would be setting sessions? so ill assume you have a session called level, so first you will want to check if the user is above a certian level, (im assuming 5 is admin 1 is normal user) in your categoires you should have a column called eg access, and have that of equal value to the lowest level you want to be able to access that, so if isset($_SESSION[level]) { $get_category = mysql_query("SELECT * FROM category WHERE access <= $_SESSION[level] GROUP BY id") or die(mysql_error()); } else { $get_category = mysql_query("SELECT * FROM category WHERE access = 1 GROUP BY id") or die(mysql_error()); } try something like that Quote Link to comment Share on other sites More sharing options...
Smackie Posted May 27, 2008 Author Share Posted May 27, 2008 That seems good ill try that out but i have level as user_level which there are 6 but 0 is deactivated users and yes my password is MD5() hehe.. but let me work on that and add access and see what i come up with.. Thank you blueman Quote Link to comment Share on other sites More sharing options...
blueman378 Posted May 27, 2008 Share Posted May 27, 2008 i proborably should have mentioned you will have to set the session when the user logs in, but yeah you get the gist Quote Link to comment Share on other sites More sharing options...
Smackie Posted May 27, 2008 Author Share Posted May 27, 2008 Well its someone of a success lol. i mean it hides the Promotion Review Board but wont show even for me.. here is what i got now as the if statement. if ($_SESSION[user_level]) { $get_category = mysql_query("SELECT * FROM category WHERE access <= $_SESSION[user_level] GROUP BY id") or die(mysql_error()); } else { $get_category = mysql_query("SELECT * FROM category WHERE access = 0 GROUP BY id") or die(mysql_error()); } while($row = mysql_fetch_array($get_category)) { Quote Link to comment Share on other sites More sharing options...
blueman378 Posted May 29, 2008 Share Posted May 29, 2008 hmm have you tried echoing $_SESSION[user_level] to make sure it is what you expect, also are the values in the database the values that you expect also? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.