Jump to content

Archived

This topic is now archived and is closed to further replies.

localhost

privileges

Recommended Posts

alright so whenever any user signs up to my site their priv table is set to "1"

i want this to be completely backended, i just want a script that will check for priv..and then an if statement like

if priv==1
whatever
}

if priv==10
echo " admin panel link";
include('admin/');
}

you guys get it right?

Share this post


Link to post
Share on other sites
User login/password
Connect to database
Retrieve record (if doesn't exist, go back to login)
If priv == 10 {
// whatever admin stuff
} else {
// just do normal user stuff
}

... what specific problem do you have??

Share this post


Link to post
Share on other sites
the script to actually fetch from the database the user thats trying to do admin stuff has a privilege of 10

i want a file called check.php

and basically i want it to be run before doing any admin tasks

and i want it to check the user thats logged in, and their privilege wether its 1 or 10 and if its 10 to do certain things

Share this post


Link to post
Share on other sites
Something like this will do:

[code]if ($priv !== 10) {
   die();
}[/code]

Share this post


Link to post
Share on other sites
true but the query...like

$user = $_SESSION['user'];

select username from $user

if logged in user priv==10

do this

i cant really explain it better

Share this post


Link to post
Share on other sites
exsplain slowly in deatail what your doing and what you need to do.


Do you need help with the select statement or what, as i can see the quistion has been ansawed.

Share this post


Link to post
Share on other sites
I need to know the script that I can have that does this:

- Checks the username
- Then checks their privilege.

The above 2 I need help with, the query's to check their username and what their privilege is.

- Then I need to know how to use it in an if statement like some said,

if($priv==10) {
// do this
} else {
// do this
}

This way, I can start protecting the admin panel, and the news submission, etc.

Share this post


Link to post
Share on other sites
<? session_start();

connect database

$query="select username from $user where user='$user'";

$result=mysql_query($query);

if(mysql_num_rows($result)==0) {

echo "sorry login";

}else{

if($prv==10) {

admin stuff

}

?>

Share this post


Link to post
Share on other sites
like this:


$query2 = "SELECT * FROM users WHERE username==$user AND
priv==10";

then it has the user logged in with a priv of 10...wait

im lost, really confused...goddamn it

Share this post


Link to post
Share on other sites
[code]
$query2 = "SELECT * FROM users WHERE username='$user' AND
priv='10'";
[/code]


Share this post


Link to post
Share on other sites
this is what i have:

[code]
// Define the current logged in persons username
$user = $_SESSION['user'];

// Select all usernames with the username of the currently logged in persons (1)
$query = "SELECT * FROM users WHERE username=$user AND priv=10";
$result = mysql_query($query) or die('Cannot select all users with a privilege of 10 out of logged in user.');

// See how many match the above query, if it's 1, then they have admin privileges, if it's 0 they do not
$num=mysql_numrows($result);

if($num=1) {
echo "You have sufficient administrative privileges.";
} else {
echo "You do not have the privileges for this.";
}
[/code]

now to figure out how to just use an include before all admin activity

Share this post


Link to post
Share on other sites
Simple, but functional.

[code]$user = $_SESSION['user'];

mysql_query("SELECT priv FROM users WHERE priv=10 AND username='$user'");

if (mysql_num_rows == 0) {
   die();
}[/code]

Just remember to include this AFTER connecting to the database. If no rows are found, the script immediately stops execution.

Share this post


Link to post
Share on other sites
Would that not work the same? also I would need session start and connect to db right?

and then i could just put that on top of every form in the admin panel right?

Share this post


Link to post
Share on other sites
Acutally, if the user is an admin, it does nothing; but if he/she isn't, it will abort the script.
This should do what you need, I guess.

And yes, you need to connect to the database and use session_start()

Share this post


Link to post
Share on other sites
Very interesting... so will this work...

[code]
<?php
session_start();
?>
<?php

/*
submit news script made by dann for access
from the admin panel
admin/
*/

include('../includes/connect.php');

$user = $_SESSION['user'];

mysql_query("SELECT priv FROM users WHERE priv=10 AND username='$user'");

if (mysql_num_rows == 0) {
   header('Location: ../index.php');
} else {

if($user) {

if(isset($_POST['submit'])) {

$username = $_POST['username'];
$title = $_POST['title'];
$description = $_POST['description'];
$ip = $_POST['ip'];
$date = $_POST['date'];

if($title==NULL || $description==NULL) {
echo "All fields must be filled in.";
} else {
$query = "INSERT INTO news (`username`, `title`, `description`, `ip`, `date`) VALUES ('$username', '$title', '$description', '$ip', '$date')";
$result = mysql_query($query) or die('Could not insert news into system contact Copernicus');

} // for submit button if
} // for if is NULL
} else { // for the logged in if statement
echo "you must be logged in.";
}
} // for priv check

?>
<style type="text/css">
<!--
.style1 {
    font-family: Verdana, Arial, Helvetica, sans-serif;
    font-size: x-small;
}
-->
</style>
<form action="" method="POST">
<title>Submit News</title>
<p><input type="hidden" name="username" value="<?php echo $_SESSION['user']; ?> " />
  <Br>
  <span class="style1">Title:<Br>
  <input type="text" name="title" />
    <input type="hidden" name="ip" value=" <?php echo $_SERVER['REMOTE_ADDR']; ?> ">
  <input type="hidden" name="date" value=" <?php echo date('m/d/Y'); ?> ">
  <BR>
  Description:
  <Br>
  <input name="description" type="text" value="" height="50">
  <BR>
  <input type="submit" name="submit" value="Submit" />
  </span></form>
  </span></p>
[/code]

BTW, Thanks for all your help.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.