Jump to content

need to check db table for author, and if author does not match up, do not allow

bradkenyon

By bradkenyon
in PHP Coding Help

Recommended Posts

bradkenyon Regular Member

bradkenyon

Posted
Posted

I have an update function w/ a query of this:

 

$queryupd = "select * from calendar_items where id = $id";

 

I list the data into the update form, from the table calendar_items.

 

I want to restrict it, so only the person who created the calendar item (event), will be able to update it.

 

I have an author column w/i the calendar_items table.

 

I was thinking something along the lines of:

$queryupd = "select * from calendar_items where id = $id AND author = $HTTP_SESSION_VARS['valid_username']";

 

I wanted it to be almost an if statement, "if you're not the author of this event, then print out msg saying: You do not have the right to edit this event."

trq Prolific Member

trq

Posted
Posted 
<?php

  // connect

  $sql = "SELECT * FROM calendar_items WHERE id = $id AND author = '{$_SESSION['valid_username']}'";
  if ($result = mysql_query($sql)) {
    if (mysql_num_rows($result)) {
      // do the update
    } else {
      // display your unauthorised message
    }
  }

?>

  • 1 month later...
bradkenyon Regular Member

bradkenyon

Posted
  • Author
Posted

currently it is:

$sql = "SELECT * FROM calendar_items WHERE id = $id AND author = '{$_SESSION['valid_username']}'";

 

would it be?

 

$sql = "SELECT * FROM calendar_items WHERE id = $id AND author = '{$_SESSION['valid_username']}' AND user_level = '1'";

 

user_level being a super user account.

DarkWater Member

DarkWater

Posted
Posted

No, you'd need to make sure that the user trying to access it had the right user level.  Read up on joins.

 

SELECT * FROM calendar_items INNER JOIN users ON users.user_id = {$_SESSION['user_id']} WHERE users.user_level >= calendar_items.user_level;

 

Possibly.  Read up on it and tailor it to your needs.

bradkenyon Regular Member

bradkenyon

Posted
  • Author
Posted

@thorpe:

 

Your sql query did the trick, and I made a modification to the update process, only allowing the original author to make an update to their original post.

 

here is the other post (i think you might have a good idea what might be going wrong) i opened up for help, any help would be appreciated.

 

http://www.phpfreaks.com/forums/index.php/topic,211395.0.html

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.