user level help?

tecmeister · August 8, 2008

I have added userlevel to the mysql.

But im having trouble with sorting out the access to the admin page.

This is the code that i have done:


<?php session_start()

$user = "user";

$dbhost = "localhost";
$dbname = "********";
$dbuser = "********";
$dbpass = "********";
$tbl_name = "Users";

mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");


$sql="SELECT * FROM $tbl_name WHERE userlevel = '$user'";
$result=mysql_query($sql)or die(mysql_error());
if(mysql_num_rows($result)==1){
while($row=mysql_fetch_assoc($result)){


$row['userlevel'] = $user;

echo "	YOU DO NOT HAVE ACCESS";

exit;

}

}else{

echo "Complete access";
exit;
}
?>

It says YOU DO NOT HAVE ACCESS with the admin all user levels.

DarkWater · August 8, 2008

Read these lines and tell me if it makes any sense:

$row['userlevel'] = $user;

$sql="SELECT * FROM $tbl_name WHERE userlevel = '$user'";

Why would their userlevel be "user"? And why are you setting $user to the userlevel in the array?

budimir · August 8, 2008

This code is not making any sense! Can you explain your logic a little bit???

abouchoud · August 8, 2008

I don't understand the it's coded!

Its normal that's always gona give you the echo " YOU DO NOT HAVE ACCESS";

because when your if condition is at true it will directly go through the If condition and the While also.

plus like they said, why are you affecting the $row variable with the $user value ?? I think what you wanted to do is to affect the $user variable with the $row['userlevel'] value.

Why is there the exit. By itself it doesnt do much ... you need to have another condition that when it's true ... the while loop would break and continue into your code....

but, you really need to revise your code cuz its wrong!.

thanks

GreenUser · August 8, 2008

if(mysql_num_rows($result)==1){
while($row=mysql_fetch_assoc($result)){


$row['userlevel'] != $user;

echo "	YOU DO NOT HAVE ACCESS";

exit;

}

Well, I think this might help. Without the ! and if the values are correct it will always stop at this part of the if statement.

EchoFool · August 8, 2008

if(mysql_num_rows($result)==1){
while($row=mysql_fetch_assoc($result)){


$row['userlevel'] != $user;

echo "	YOU DO NOT HAVE ACCESS";

exit;

}
Well, I think this might help. Without the ! and if the values are correct it will always stop at this part of the if statement.

that wont help cos the mysql query's where clause is checking to find all rows that have it set to user lol... to OP you've got your logic backwards here, read it like it was English words.. you should see your mistake... but i don't know what your attempting to achieve so i cannot tell you your mistake.

jonsjava · August 8, 2008

If I understand you, have a look at my code, and tell me if this will do the trick. Please note the comments.

<?php 
session_start();

$user = "user";

$dbhost = "localhost";
$dbname = "********";
$dbuser = "********";
$dbpass = "********";
$tbl_name = "Users";
$admin_level = "1"; //the value you are looking for to verify that they are an admin
mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");

$sql="SELECT * FROM $tbl_name WHERE userlevel = '$user'";
$result=mysql_query($sql)or die(mysql_error());
if(mysql_num_rows($result)==1){
while($row = mysql_fetch_assoc($result)){
	if ($row['userlevel'] != $admin_level){ //if they aren't an admin:
		echo "	YOU DO NOT HAVE ACCESS";
		exit;
	}
	else{
		echo "Complete access";
		exit;
	}
}
}

?>

DarkWater · August 8, 2008

@jonsjava: You have the else{ } on the if that checks the number of rows returned. Wrong place. And the query still makes little sense.

jonsjava · August 8, 2008

I noticed that, and fixed it before you posted. Thanks for the correction.

As for the query, it basically asks this:

"find the user that has this name, and get all their stuff. Ok, got it? Good. Now, if their userlevel does not match the userlevel defined as being an admin, block them, otherwise, allow them"

EDIT* Ok, actually it first asks "Did I find a match? if so, go on and check their credentials."

tecmeister · August 8, 2008

It is ok now i figured our where i went wrong.

This is the correct code anyway:


<?php session_start()
?>

<?
$dbhost = "localhost";
$dbname = "*******";
$dbuser = "*******";
$dbpass = "********";
$tbl_name = "Users";

mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");

$user = $_GET['user'];
$q = mysql_query ("SELECT * FROM $tbl_name WHERE username = '$user'"); 
$row = mysql_fetch_array($q);

$username = "user";

if($row['userlevel'] == $username){

echo "   YOU DO NOT HAVE ACCESS";
exit();
}else{

echo "   YOU HAVE BEEN GRANTED ACCESS ";
include "admin_cp.php";
exit();
}
?>

Thanks for all of your help.

Sign In

user level help?

Recommended Posts

tecmeister

Link to comment

Share on other sites

DarkWater

Link to comment

Share on other sites

budimir

Link to comment

Share on other sites

abouchoud

Link to comment

Share on other sites

GreenUser

Link to comment

Share on other sites

EchoFool

Link to comment

Share on other sites

jonsjava

Link to comment

Share on other sites

DarkWater

Link to comment

Share on other sites

jonsjava

Link to comment

Share on other sites

tecmeister

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information