Jump to content


Photo

privileges


  • Please log in to reply
14 replies to this topic

#1 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 05 June 2006 - 12:27 PM

alright so whenever any user signs up to my site their priv table is set to "1"

i want this to be completely backended, i just want a script that will check for priv..and then an if statement like

if priv==1
whatever
}

if priv==10
echo " admin panel link";
include('admin/');
}

you guys get it right?

#2 AndyB

AndyB
  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 05 June 2006 - 01:16 PM

User login/password
Connect to database
Retrieve record (if doesn't exist, go back to login)
If priv == 10 {
// whatever admin stuff
} else {
// just do normal user stuff
}

... what specific problem do you have??
Legend has it that reading the manual never killed anyone.
My site

#3 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 05 June 2006 - 01:36 PM

the script to actually fetch from the database the user thats trying to do admin stuff has a privilege of 10

i want a file called check.php

and basically i want it to be run before doing any admin tasks

and i want it to check the user thats logged in, and their privilege wether its 1 or 10 and if its 10 to do certain things

#4 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 05 June 2006 - 02:04 PM

Something like this will do:

if ($priv !== 10) {
   die();
}

~ D Kuang

#5 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 05 June 2006 - 02:16 PM

true but the query...like

$user = $_SESSION['user'];

select username from $user

if logged in user priv==10

do this

i cant really explain it better

#6 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 05 June 2006 - 02:31 PM

exsplain slowly in deatail what your doing and what you need to do.


Do you need help with the select statement or what, as i can see the quistion has been ansawed.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#7 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 05 June 2006 - 02:34 PM

I need to know the script that I can have that does this:

- Checks the username
- Then checks their privilege.

The above 2 I need help with, the query's to check their username and what their privilege is.

- Then I need to know how to use it in an if statement like some said,

if($priv==10) {
// do this
} else {
// do this
}

This way, I can start protecting the admin panel, and the news submission, etc.

#8 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 05 June 2006 - 02:52 PM

<? session_start();

connect database

$query="select username from $user where user='$user'";

$result=mysql_query($query);

if(mysql_num_rows($result)==0) {

echo "sorry login";

}else{

if($prv==10) {

admin stuff

}

?>
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#9 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 05 June 2006 - 02:54 PM

like this:


$query2 = "SELECT * FROM users WHERE username==$user AND
priv==10";

then it has the user logged in with a priv of 10...wait

im lost, really confused...goddamn it

#10 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 05 June 2006 - 03:00 PM

$query2 = "SELECT * FROM users WHERE username='$user' AND 
priv='10'";



Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#11 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 05 June 2006 - 03:38 PM

this is what i have:

// Define the current logged in persons username
$user = $_SESSION['user'];

// Select all usernames with the username of the currently logged in persons (1)
$query = "SELECT * FROM users WHERE username=$user AND priv=10";
$result = mysql_query($query) or die('Cannot select all users with a privilege of 10 out of logged in user.');

// See how many match the above query, if it's 1, then they have admin privileges, if it's 0 they do not
$num=mysql_numrows($result);

if($num=1) {
echo "You have sufficient administrative privileges.";
} else {
echo "You do not have the privileges for this.";
}

now to figure out how to just use an include before all admin activity

#12 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 05 June 2006 - 06:41 PM

Simple, but functional.

$user = $_SESSION['user'];

mysql_query("SELECT priv FROM users WHERE priv=10 AND username='$user'");

if (mysql_num_rows == 0) {
   die();
}

Just remember to include this AFTER connecting to the database. If no rows are found, the script immediately stops execution.
~ D Kuang

#13 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 05 June 2006 - 06:48 PM

Would that not work the same? also I would need session start and connect to db right?

and then i could just put that on top of every form in the admin panel right?

#14 poirot

poirot
  • Members
  • PipPipPip
  • Advanced Member
  • 646 posts
  • LocationAustin, TX

Posted 05 June 2006 - 07:02 PM

Acutally, if the user is an admin, it does nothing; but if he/she isn't, it will abort the script.
This should do what you need, I guess.

And yes, you need to connect to the database and use session_start()
~ D Kuang

#15 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 05 June 2006 - 07:09 PM

Very interesting... so will this work...

<?php
session_start();
?>
<?php

/*
submit news script made by dann for access
from the admin panel
admin/
*/

include('../includes/connect.php');

$user = $_SESSION['user'];

mysql_query("SELECT priv FROM users WHERE priv=10 AND username='$user'");

if (mysql_num_rows == 0) {
   header('Location: ../index.php');
} else {

if($user) {

if(isset($_POST['submit'])) {

$username = $_POST['username'];
$title = $_POST['title'];
$description = $_POST['description'];
$ip = $_POST['ip'];
$date = $_POST['date'];

if($title==NULL || $description==NULL) {
echo "All fields must be filled in.";
} else {
$query = "INSERT INTO news (`username`, `title`, `description`, `ip`, `date`) VALUES ('$username', '$title', '$description', '$ip', '$date')";
$result = mysql_query($query) or die('Could not insert news into system contact Copernicus');

} // for submit button if
} // for if is NULL
} else { // for the logged in if statement
echo "you must be logged in.";
}
} // for priv check

?>
<style type="text/css">
<!--
.style1 {
    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: x-small;
}
-->
</style>
<form action="" method="POST">
<title>Submit News</title>
<p><input type="hidden" name="username" value="<?php echo $_SESSION['user']; ?> " />
  <Br>
  <span class="style1">Title:<Br>
  <input type="text" name="title" />
    <input type="hidden" name="ip" value=" <?php echo $_SERVER['REMOTE_ADDR']; ?> ">
  <input type="hidden" name="date" value=" <?php echo date('m/d/Y'); ?> ">
  <BR>
  Description:
  <Br>
  <input name="description" type="text" value="" height="50">
  <BR>
  <input type="submit" name="submit" value="Submit" />
  </span></form>
  </span></p>

BTW, Thanks for all your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users