ignite Posted January 29, 2009 Share Posted January 29, 2009 if(isset($_COOKIE["usNick"]) && isset($_COOKIE["usPass"])) { ?> <ul id="nav"> <li class="active"><a href="index.php">Home</a></li> <li><a href="viewads.php">View Ads</a></li> <li><a href="myaccount.php">My Account</a></li> <li><a href="logout.php">Logout</a></li> <li><a href="terms.php">TOS</a></li> <li><a href="advertise.php">Advertise</a></li> <?php if(ENABLE_FORUMS=="yes"){ echo"<li><a href='".FORUM_LINK."'>Forum</a></li>"; } $sql = "SELECT * FROM yob_users WHERE username='$user'"; $result = mysql_query($sql); $row = mysql_fetch_array($result); $is_admin = $row['user_status']; if($is_admin =="admin"){ echo "<li><a href='/admin'>Admin</a></li>"; ?> I am logged in as Admin, but can not see a link to the admin pannel. If you can help me with this ill be very grateful Link to comment https://forums.phpfreaks.com/topic/143017-help-with-if-statements-if-possible/ Share on other sites More sharing options...
rhodesa Posted January 29, 2009 Share Posted January 29, 2009 where is $user set? also...do you store a password in a cookie? this is a VERY bad idea Link to comment https://forums.phpfreaks.com/topic/143017-help-with-if-statements-if-possible/#findComment-749955 Share on other sites More sharing options...
Psycho Posted January 29, 2009 Share Posted January 29, 2009 Interestingly that code checks to see if $_COOKIE["usPass"] is set, but doesn't even use it in the query to get the suer data. So, basically anyone could change their cookie to the name of an admin and they would get access to the admin link! (if it worked that is). Assuming you are not getting any errors, your query is either empty or the value in $row['user_status'] is not what you are testing. Passwords should be hashed with a salt What does this display? if(isset($_COOKIE["usNick"]) && isset($_COOKIE["usPass"])) { echo " <ul id=\"nav\">\n"; echo " <li class=\"active\"><a href=\"index.php\">Home</a></li>\n"; echo " <li><a href=\"viewads.php\">View Ads</a></li>\n"; echo " <li><a href=\"myaccount.php\">My Account</a></li>\n"; echo " <li><a href=\"logout.php\">Logout</a></li>\n"; echo " <li><a href=\"terms.php\">TOS</a></li>\n"; echo " <li><a href=\"advertise.php\">Advertise</a></li>\n"; if(ENABLE_FORUMS=="yes") { echo"<li><a href='".FORUM_LINK."'>Forum</a></li>"; } $sql = "SELECT * FROM yob_users WHERE username='$user'"; $result = mysql_query($sql) or die(mysql_erro()); $row = mysql_fetch_array($result); $is_admin = $row['user_status']; //For debugging only echo '<span style="background-color:#cecece;">$row['user_status'] = ' . $row['user_status'] . '<span>'; if($is_admin =="admin" && $_COOKIE["usPass"]==$row['usPass']) { echo "<li><a href='/admin'>Admin</a></li>"; } } Link to comment https://forums.phpfreaks.com/topic/143017-help-with-if-statements-if-possible/#findComment-749974 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.