CodeMama Posted January 7, 2009 Share Posted January 7, 2009 Hi all, I am trying to load menu items based on a users admin level and it isn't working, could someone tell me what I'm not seeing in my snippet: <?php error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); include("inc/dbconn_open.php"); if (empty($_SESSION['AdminLogin']) OR $_SESSION['AdminLogin'] <> 'True' ){ header ("Location: LogOut.php"); } $query = "SELECT * FROM admin WHERE AdminID = AdminID"; $result = mysql_query ($query); $row = mysql_fetch_object ($result); ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>The NEW Work Order System </title> <LINK REL="STYLESHEET" HREF="inc/style.css"> </head> <body bgcolor="#006699"> <table width="180" border="0" cellpadding="0" cellspacing="0"> <tr> <td align="center"><BR> <div class="admin_Title" align="center">Work Order System<br> </div> </td> </tr> <tr> <td><HR>You are logged on as <?php echo $_SESSION['user'];?><HR></td> </tr> <tr> <td><div class="admin_link"><a href="Welcome.php?AdminID=<?php echo $_SESSION['AdminLogin']; ?>" target="mainFrame">Home</a> </tr> <tr> <td><div class="admin_link"><a href="LogOut.php" target="_parent">LogOut</a></div></td> </tr> <tr> <td align="center"><BR> <div class="admin_Title" align="center">Your Admin Tools</div></td> </tr> <?php if ($row-> AddEditAdmin == "YES") { ?> <tr> <td><div class="admin_link"><a href="AddAdmin.php?AdminID=<?php echo $_SESSION['user']; ?>" target="mainFrame">Add Admin</a></div></td> </tr> <tr> <td><div class="admin_link"><a href="ViewAdmin.php?AdminID=<?php echo $_SESSION['AdminLogin']; ?>" target="mainFrame">View Admin</a></div></td> </tr> <tr> <td><div class="admin_link"><a href="ChangePassword.php?AdminID=<?php echo $_SESSION['AdminLogin']; ?>" target="mainFrame">Change My Password</a></div></td> </tr> <?php } ?> Thanks in advance for the help! Quote Link to comment Share on other sites More sharing options...
jonsjava Posted January 7, 2009 Share Posted January 7, 2009 Hi all, I am trying to load menu items based on a users admin level and it isn't working, could someone tell me what I'm not seeing in my snippet: <?php error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); include("inc/dbconn_open.php"); if (empty($_SESSION['AdminLogin']) OR $_SESSION['AdminLogin'] <> 'True' ){ header ("Location: LogOut.php"); } $query = "SELECT * FROM admin WHERE AdminID = AdminID"; $result = mysql_query ($query); $row = mysql_fetch_object ($result); ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>The NEW Work Order System </title> <LINK REL="STYLESHEET" HREF="inc/style.css"> </head> <body bgcolor="#006699"> <table width="180" border="0" cellpadding="0" cellspacing="0"> <tr> <td align="center"><BR> <div class="admin_Title" align="center">Work Order System<br> </div> </td> </tr> <tr> <td><HR>You are logged on as <?php echo $_SESSION['user'];?><HR></td> </tr> <tr> <td><div class="admin_link"><a href="Welcome.php?AdminID=<?php echo $_SESSION['AdminLogin']; ?>" target="mainFrame">Home</a> </tr> <tr> <td><div class="admin_link"><a href="LogOut.php" target="_parent">LogOut</a></div></td> </tr> <tr> <td align="center"><BR> <div class="admin_Title" align="center">Your Admin Tools</div></td> </tr> <?php if ($row-> AddEditAdmin == "YES") { ?> <tr> <td><div class="admin_link"><a href="AddAdmin.php?AdminID=<?php echo $_SESSION['user']; ?>" target="mainFrame">Add Admin</a></div></td> </tr> <tr> <td><div class="admin_link"><a href="ViewAdmin.php?AdminID=<?php echo $_SESSION['AdminLogin']; ?>" target="mainFrame">View Admin</a></div></td> </tr> <tr> <td><div class="admin_link"><a href="ChangePassword.php?AdminID=<?php echo $_SESSION['AdminLogin']; ?>" target="mainFrame">Change My Password</a></div></td> </tr> <?php } ?> Thanks in advance for the help! I was working on your code, when it dawned on me: there is too much I need to "guess" to fix it. We need to know all the sessions, and how you set them, so we can verify that they are being set properly, etc. Without that, all my help is guesswork. Quote Link to comment Share on other sites More sharing options...
.josh Posted January 7, 2009 Share Posted January 7, 2009 Be more specific than "it's not working." Is the problem that the page is loading whether you're an admin or not? Something wrong with page info itself? First thing I see wrong is: $query = "SELECT * FROM admin WHERE AdminID = AdminID"; AdminID = AdminID is wrong. Should be AdminID = '$somevar' Beyond that, ^^ be more specific. Quote Link to comment Share on other sites More sharing options...
CodeMama Posted January 7, 2009 Author Share Posted January 7, 2009 Thanks guys...well I bet its the AdminID= AdminID (the problem is that the page loads even if you don't have the admin rights the row AddEditAdmin can be NO but it will still put those menu items in the menu for anyone....not good. I set two sessions vars one is $adminlogin one is $user here is the snippets from the login page where the sessions get set <?php error_reporting(E_ALL); ini_set('display_errors', '1'); //start session session_start(); //db connection include include("inc/dbconn_open.php") ; if (isset($_POST['UserName'])) {$UserName = $_POST['UserName'];} else {$UserName = '';} if (isset($_POST['Password'])) {$Password = $_POST['Password'];} else {$Password = '';} $msg = ''; if (!empty($UserName)) { $sql = "SELECT * FROM admin WHERE UserName='$UserName' and Password='$Password'"; $result = mysql_query ($sql); $row = mysql_fetch_object ($result); If (mysql_num_rows($result) > 0) { $_SESSION['AdminLogin'] = true; $_SESSION['user']=$UserName; header ('Location: Main2.php'); exit; } else { $msg = "Sorry You Entered An Invalid Login<br>Please Try Again<br>Click to Contact <a href='mailto:email@blahblah.com'><b>someone</b></a> If You Need Help"; } } ?> I guess I'm confused at how to set a variable before I query the db? for the AdminID = AdminID thanks again Quote Link to comment Share on other sites More sharing options...
jonsjava Posted January 7, 2009 Share Posted January 7, 2009 I *think* I cleaned it up enough: <?php error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); include("inc/dbconn_open.php"); if (empty($_SESSION['AdminLogin']) || $_SESSION['AdminLogin'] != true){ header ("Location: LogOut.php"); } $query = "SELECT * FROM `admin` WHERE `AdminID` = `{$_SESSION['user']}"; $result = mysql_query ($query); $row = mysql_fetch_assoc($result); ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>The NEW Work Order System </title> <LINK REL="STYLESHEET" HREF="inc/style.css"> </head> <body bgcolor="#006699"> <table width="180" border="0" cellpadding="0" cellspacing="0"> <tr> <td align="center"><BR> <div class="admin_Title" align="center">Work Order System<br> </div> </td> </tr> <tr> <td><HR>You are logged on as <?php echo $_SESSION['user'];?><HR></td> </tr> <tr> <td><div class="admin_link"><a href="Welcome.php?AdminID=<?php echo $_SESSION['user']; ?>" target="mainFrame">Home</a> </tr> <tr> <td><div class="admin_link"><a href="LogOut.php" target="_parent">LogOut</a></div></td> </tr> <tr> <td align="center"><BR> <div class="admin_Title" align="center">Your Admin Tools</div></td> </tr> <?php if ($row-> AddEditAdmin == "YES") { ?> <tr> <td><div class="admin_link"><a href="AddAdmin.php?AdminID=<?php echo $_SESSION['user']; ?>" target="mainFrame">Add Admin</a></div></td> </tr> <tr> <td><div class="admin_link"><a href="ViewAdmin.php?AdminID=<?php echo $_SESSION['user']; ?>" target="mainFrame">View Admin</a></div></td> </tr> <tr> <td><div class="admin_link"><a href="ChangePassword.php?AdminID=<?php echo $_SESSION['user']; ?>" target="mainFrame">Change My Password</a></div></td> </tr> <?php } ?> Quote Link to comment Share on other sites More sharing options...
CodeMama Posted January 7, 2009 Author Share Posted January 7, 2009 ??? It was a good try, but returned these errors: Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /var/www/vhosts/getpublished.news-leader.com/httpdocs/WOSystemN/Menu.php on line 16 Notice: Trying to get property of non-object in /var/www/vhosts/getpublished.news-leader.com/httpdocs/WOSystemN/Menu.php on line 49 I even changed the query to `UserName` = `{$_SESSION['user']}"; because the AdminID would never = the username because they are two different fields... from the login I create $username from the user session and that doesn't work either in the query... I'm lost Quote Link to comment Share on other sites More sharing options...
jonsjava Posted January 7, 2009 Share Posted January 7, 2009 ??? It was a good try, but returned these errors: Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /var/www/vhosts/getpublished.news-leader.com/httpdocs/WOSystemN/Menu.php on line 16 You aren't using my code, then. I changed it to mysql_fetch_assoc($result) from mysql_fetch_object. Quote Link to comment Share on other sites More sharing options...
CodeMama Posted January 7, 2009 Author Share Posted January 7, 2009 I have another question, when I try and login and load the sequence of pages without passing anything in the url it just logs out, which means the sessions aren't really working right..sorry pretty new at this ...I have 2 books and still feel lost. Quote Link to comment Share on other sites More sharing options...
CodeMama Posted January 7, 2009 Author Share Posted January 7, 2009 I made sure I picked up the assoc_array in the code that time and it made these errors: Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /var/www/vhosts/getpublished.news-leader.com/httpdocs/WOSystemN/Menu.php on line 15 Notice: Trying to get property of non-object in /var/www/vhosts/getpublished.news-leader.com/httpdocs/WOSystemN/Menu.php on line 47 I echo'd the $result and got this: Resource id #4 Quote Link to comment Share on other sites More sharing options...
CodeMama Posted January 7, 2009 Author Share Posted January 7, 2009 Ok I have changed the code to this: <?php error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); include("inc/dbconn_open.php"); if (empty($_SESSION['AdminLogin']) || $_SESSION['AdminLogin'] != true){ header ("Location: LogOut.php"); } $query = "SELECT * FROM `admin` WHERE `UserName` = `UserName` "; $result=mysql_query($query) or die('Queryproblem: ' . mysql_error() . '<br />Executed query: ' . $query); if (mysql_num_rows($result) >= '1'){ while ($row = mysql_fetch_array($result)){ echo $row['AddEditAdmin']; //to print out the value of column 'var1' for each record } }else{ echo 'No records found.'; } ?> and it will in fact return the data, but now everywhere I've tried to use the : <?php if ($row-> AddEditAdmin == 'YES') { ?> it is giving the "trying to get the property of a non-object" but if I go back to fetch_object in the query part it gives a fatal error.... help help please Quote Link to comment Share on other sites More sharing options...
CodeMama Posted January 7, 2009 Author Share Posted January 7, 2009 up to this which does work but ends and doesn't carry down to the page where I'm trying to use $row to check it against the db... $query = "SELECT * FROM admin WHERE UserName = '".$_SESSION['user']."' "; $result=mysql_query($query) or die('Queryproblem: ' . mysql_error() . '<br />Executed query: ' . $query); if (mysql_num_rows($result) >= '1'){ while ($row = mysql_fetch_array($result)){ echo $row['AddEditAdmin']; //to print out the value of column 'var1' for each record } }else{ echo 'No records found.'; } ?> So it echos the right result so I know it works..but If I go further down the page and try to echo it again I get nothing... where and why is it quitting .... Quote Link to comment Share on other sites More sharing options...
premiso Posted January 7, 2009 Share Posted January 7, 2009 The array index of the column name probably needs to be all lowercase, give that a try. If you want it to be how you specify it, change the SELECT * to SELECT AddEditAdmin. Quote Link to comment Share on other sites More sharing options...
CodeMama Posted January 8, 2009 Author Share Posted January 8, 2009 Hey everyone thanks for all the tips and clues, I finally got it worked out and just wanted to post my solution in case anyone else had this problem: <?php error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); include("inc/dbconn_open.php"); if (empty($_SESSION['AdminLogin']) || $_SESSION['AdminLogin'] != true){ header ("Location: LogOut.php"); $_SESSION['user']=$UserName; } $query = "SELECT * FROM admin WHERE UserName = '".$_SESSION['user']."' "; $result=mysql_query($query) or die('Queryproblem: ' . mysql_error() . '<br />Executed query: ' . $query); $row = mysql_fetch_assoc($result); //echo $row['AddEditAdmin']; //to print out the value of column 'var1' for each record ?> and then to use the rows <?php if($row['AddEditAdmin'] === 'YES'){ ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.