Jump to content

user level help?

tecmeister

By tecmeister
in PHP Coding Help

 Share

Recommended Posts

tecmeister Member

tecmeister

Posted
Posted

I have added userlevel to the mysql.

 

But im having trouble with sorting out the access to the admin page.

 

This is the code that i have done:

 


<?php session_start()

$user = "user";

$dbhost = "localhost";
$dbname = "********";
$dbuser = "********";
$dbpass = "********";
$tbl_name = "Users";

mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");


$sql="SELECT * FROM $tbl_name WHERE userlevel = '$user'";
$result=mysql_query($sql)or die(mysql_error());
if(mysql_num_rows($result)==1){
while($row=mysql_fetch_assoc($result)){


$row['userlevel'] = $user;

echo "	YOU DO NOT HAVE ACCESS";

exit;

}

}else{

echo "Complete access";
exit;
}
?>

 

It says YOU DO NOT HAVE ACCESS with the admin all user levels.

Link to comment
Share on other sites
DarkWater Member

DarkWater

Posted
Posted

Read these lines and tell me if it makes any sense:

 

$row['userlevel'] = $user;

 

$sql="SELECT * FROM $tbl_name WHERE userlevel = '$user'";

 

Why would their userlevel be "user"?  And why are you setting $user to the userlevel in the array?

Link to comment
Share on other sites
abouchoud Newbie

abouchoud

Posted
Posted

I don't understand the it's coded!

Its normal that's always gona give you  the echo " YOU DO NOT HAVE ACCESS";

because when your if condition is at true it will directly go through the If condition and the While also.

 

plus like they said, why are you affecting the $row variable with the $user value ?? I think what you wanted to do is to affect the $user variable with the $row['userlevel'] value.

 

Why is there the exit. By itself it doesnt do much ... you need to have another condition that when it's true ... the while loop would break and continue into your code....

 

but, you really need to revise your code cuz its wrong!.

 

thanks

Link to comment
Share on other sites
GreenUser Member

GreenUser

Posted
Posted 

if(mysql_num_rows($result)==1){
while($row=mysql_fetch_assoc($result)){


$row['userlevel'] != $user;

echo "	YOU DO NOT HAVE ACCESS";

exit;

}

 

Well, I think this might help.  Without the ! and if the values are correct it will always stop at this part of the if statement.

Link to comment
Share on other sites
EchoFool Advanced Member

EchoFool

Posted
Posted 

if(mysql_num_rows($result)==1){
while($row=mysql_fetch_assoc($result)){


$row['userlevel'] != $user;

echo "	YOU DO NOT HAVE ACCESS";

exit;

}

 

Well, I think this might help.  Without the ! and if the values are correct it will always stop at this part of the if statement.

 

that wont help cos the mysql query's where clause is checking to find all rows that have it set to user lol... to OP you've got your logic backwards here, read it like it was English words.. you should see your mistake... but i don't know what your attempting to achieve so i cannot tell you your mistake.

Link to comment
Share on other sites
jonsjava Member

jonsjava

Posted
Posted

If I understand you, have a look at my code, and tell me if this will do the trick. Please note the comments.

<?php 
session_start();

$user = "user";

$dbhost = "localhost";
$dbname = "********";
$dbuser = "********";
$dbpass = "********";
$tbl_name = "Users";
$admin_level = "1"; //the value you are looking for to verify that they are an admin
mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");

$sql="SELECT * FROM $tbl_name WHERE userlevel = '$user'";
$result=mysql_query($sql)or die(mysql_error());
if(mysql_num_rows($result)==1){
while($row = mysql_fetch_assoc($result)){
	if ($row['userlevel'] != $admin_level){ //if they aren't an admin:
		echo "	YOU DO NOT HAVE ACCESS";
		exit;
	}
	else{
		echo "Complete access";
		exit;
	}
}
}

?>

Link to comment
Share on other sites
jonsjava Member

jonsjava

Posted
Posted

I noticed that, and fixed it before you posted. Thanks for the correction.

 

As for the query, it basically asks this:

"find the user that has this name, and get all their stuff. Ok, got it? Good. Now, if their userlevel does not match the userlevel defined as being an admin, block them, otherwise, allow them"

 

EDIT* Ok, actually it first asks "Did I find a match? if so, go on and check their credentials."

Link to comment
Share on other sites
tecmeister Member

tecmeister

Posted
  • Author
Posted

It is ok now i figured our where i went wrong.

 

This is the correct code anyway:

 


<?php session_start()
?>

<?
$dbhost = "localhost";
$dbname = "*******";
$dbuser = "*******";
$dbpass = "********";
$tbl_name = "Users";

mysql_connect("$dbhost", "$dbuser", "$dbpass")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");

$user = $_GET['user'];
$q = mysql_query ("SELECT * FROM $tbl_name WHERE username = '$user'"); 
$row = mysql_fetch_array($q);

$username = "user";

if($row['userlevel'] == $username){

echo "   YOU DO NOT HAVE ACCESS";
exit();
}else{

echo "   YOU HAVE BEEN GRANTED ACCESS ";
include "admin_cp.php";
exit();
}
?>

 

Thanks for all of your help.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.