Jump to content

If statment?

avatar.alex

By avatar.alex
in PHP Coding Help

Recommended Posts

avatar.alex Member

avatar.alex

Posted
Posted

Ok im using this software script but I don't want it to be in this form:

<?php $allow = array (3, 4);include ("protect.php"); ?>

 

The code above allows users that have a access of 3,4 into the page. How would I incorperate it into a if statement like:

 

<?php
if ( $allow == array (3, 4) ) {
echo "You have access levels of 3 and 4<br />";
}
echo "You have to log in";
}
?>

Link to comment
https://forums.phpfreaks.com/topic/139768-if-statment/
Share on other sites
avatar.alex Member

avatar.alex

Posted
  • Author
Posted 

<?php

session_start ();

// --------------------------------THE VARIABLES---------------------------------- //

@include ("config.php");

// ----------------------------------THE CODE ------------------------------------ //

function clearance ($user_value, $pass_value, $level_value, $userlevel_value, $table_value, $column1, $column2, $path) { // Function to see if user can login

$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE username='$user_value' AND password='$pass_value'"); // Query to see if user exists

$verify = mysql_num_rows ($check);

if ($verify == 0) { // Check if passwords are hashed with MD5

	$md5 = md5 ($pass_value);

	$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE username='$user_value' AND password='$md5'"); // Query to see if user exists

	$verify = mysql_num_rows ($check);

}

if ($verify == 0) { // Check if passwords are hashed with SHA1

	$sha1 = sha1 ($pass_value);

	$check = mysql_query ("SELECT $userlevel_value FROM $table_value WHERE username='$user_value' AND password='$sha1'"); // Query to see if user exists

	$verify = mysql_num_rows ($check);

}

$get = mysql_fetch_array ($check);

if (count ($level_value) != 0) { // If the allow array contains userlevels

	if (in_array ($get[$userlevel_value], $level_value) && $verify > 0) { // Search allow to see if userlevels match

		$_SESSION['username'] = $user_value; // Register sessions
		$_SESSION['password'] = sha1 ($pass_value); // sha1 password for extra security
		$_SESSION['userlevel'] = $get[$userlevel_value];

	}

} else {

	if ($verify == 0) { // If attempt fails then redirect to login page

		$_SESSION = array();

		$error = "Sorry but your login details were incorrect";

		@include ("login.php");

		exit;

	}

	if ($verify > 0) { // If attempt is good then register the user

		$_SESSION['username'] = $user_value;
		$_SESSION['password'] = sha1 ($pass_value);

	}

}

}

function protect ($level_value, $password_value, $userlevel_value, $table_value, $column1, $path) { // Function to keep pages secure

if (!isset ($_SESSION['username'])) { // If session doesn't exist then get user to login

	if (isset ($_POST['username']) && isset ($_POST['password'])) {

		$error = "Sorry but your login details were incorrect";

	}

	$_SESSION = array();

	@include ("login.php");

	exit;

} else { // If user is logged in check to see if session is valid and that they have the required userlevel

	$check = mysql_query ("SELECT $password_value, $userlevel_value FROM $table_value WHERE $column1='$_SESSION[username]'"); // Query to see if user exists

	$verify = mysql_num_rows ($check);

	$get = mysql_fetch_array ($check);

	if ($verify == 0) {

		$_SESSION = array();

		$error = "Sorry but your login details were incorrect";

		@include ("login.php");

		exit;

	}

	if ($verify > 0 && count ($level_value) != 0) {

		if (!in_array ($get[$userlevel_value], $level_value)) { // Check to see if the users userlevel allows them to view the page

			$error = "Sorry but your login details were incorrect";

			@include ("login.php");

			exit; // Ensure no other data is sent

		}

	}	

}

}

if (isset ($_POST['username']) && isset ($_POST['password'])) { // If user submits login information then validate it

clearance ($_POST['username'], $_POST['password'], $allow, $userlevel, $table, $username, $password, $path);

}

protect ($allow, $password, $userlevel, $table, $username, $path);

mysql_close ($link); // Close the database connection for security reasons

// -----------------------------------THE END ------------------------------------ //

?>

 

Another thing I made is:

 

$admin=$_SESSION['username'];
$getadmin="SELECT * from bl_admin where username='$admin'";
$getadmin2=mysql_query($getadmin) or die("Cannot get admin");
$getadmin3=mysql_fetch_array($getadmin2);
if($getadmin3['userlevel']==3)
{

Link to comment
https://forums.phpfreaks.com/topic/139768-if-statment/#findComment-731234
Share on other sites
cytech Member

cytech

Posted
Posted

Hey,

 

$admin=$_SESSION['username'];
$getadmin="SELECT * from bl_admin where username='$admin'";
$getadmin2=mysql_query($getadmin) or die("Cannot get admin");
$getadmin3=mysql_fetch_array($getadmin2);
if($getadmin3['userlevel']==3)
{
// level 3
}else{
// other level
}

 

Would be the right idea, if you look in protect.php way at the bottom they search the array set right before they include the file. They are basically doing what you just did. They pull the users account and then just verify they can view the page. So your method will work as well.

 

 

Link to comment
https://forums.phpfreaks.com/topic/139768-if-statment/#findComment-731236
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.