jamcoupe Posted August 12, 2009 Share Posted August 12, 2009 I have a database of users and in my table i have a field for the user level. The automatic value is 0 which will be users and if I want a user to be an admin I change the value to 9. I have a news page and it looks through all the news and displays August the 12th, 2009 | Comments(0) | [edit] | [delete] but I dont want to the allow the general users to see [edit] | [delete]. Can anyone push me in the right direction to making this happen? Quote Link to comment Share on other sites More sharing options...
p2grace Posted August 12, 2009 Share Posted August 12, 2009 I assume user's have to login to view the page (if they don't create an admin login), then store their permission levels in $_SESSION vars. Then simply check if they have permission to edit/delete a record. Quote Link to comment Share on other sites More sharing options...
jamcoupe Posted August 12, 2009 Author Share Posted August 12, 2009 Okay I dont really know how to set sessions that well... but this is what I have for the login function which does log users in fine but on the login page it displays: Notice: Undefined index: logged in /Applications/MAMP/htdocs/jstar/login.php on line 13 (I commented above that line in my code) userfunctions.php function loginUser() { session_start(); if ($_SESSION['logged'] == 1) { echo "You are logged in {$_SESSION['username']}!"; } else { if (!isset($_POST['submit'])) { echo "<form action=\"login.php\" method=\"post\" />"; echo "Username:<br /><input type=\"text\" name=\"username\" value=\"\" /><br />"; echo "Password:<br /><input type=\"password\" name=\"password\" value=\"\" /><br />"; echo "<br /><input type=\"submit\" name=\"submit\" v0alue=\"Register\" />"; echo "</form>"; } else { $username = $_POST['username']; $password = md5($_POST['password']); $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'"); query_check($query); $returned_rows = mysql_num_rows($query); if ($returned_rows == 1) { $_SESSION['logged'] = 1; $query = ("SELECT * FROM users WHERE username = {$_POST['username']} LIMIT 1"); query_check($query); $results = mysql_query($query); \\ line 13 below $user = mysql_fetch_array($results); $_SESSION['username'] = $user['username']; $_SESSION['email'] = $user['email']; if($user['level'] == 0) { $_SESSION['level'] = 0; } if($user['level'] == 9) { $_SESSION['level'] = 9; } echo "You are logged in {$_SESSION['username']}!"; exit; } else { exit("Incorrect username/password"); } } } } loginUser(); Quote Link to comment Share on other sites More sharing options...
TeNDoLLA Posted August 12, 2009 Share Posted August 12, 2009 That notice comes because in the first if you try to compare session variable that does not exists before user is logged in. You can avoud it using isset() <?php if (isset($_SESSION['logged']) && $_SESSION['logged'] == 1) Quote Link to comment Share on other sites More sharing options...
jamcoupe Posted August 12, 2009 Author Share Posted August 12, 2009 Thanks thats solved that problem However does anyone know how am I unable to get the users information into the sessions? Quote Link to comment Share on other sites More sharing options...
TeNDoLLA Posted August 12, 2009 Share Posted August 12, 2009 After this line you should do some debugging and see if the data is there as you think it is... (e.g. use var_dump). <?php $user = mysql_fetch_array($results); var_dump($user); And make sure your mysql query doesnt fail. It is good idea to use mysql_error() during developmentin all mysql related stuff. E.g. [code] <?php mysql_query($sql) or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
jamcoupe Posted August 13, 2009 Author Share Posted August 13, 2009 I have a function that does the mysql_error report function query_check($check) { if(!$check) { die("Database Query Failed: ".mysql_error()); } } When I log in I get this error: Database Query Failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM users WHERE username = Jamie' at line 1 I think its because of this line of code $user_query = mysql_query("SELECT FROM users WHERE username = {$username}"); which seems fine to me. EDIT: also it logs me in fine. just doesnt pull the information from the second query.. Quote Link to comment Share on other sites More sharing options...
Philip Posted August 13, 2009 Share Posted August 13, 2009 I have a function that does the mysql_error report function query_check($check) { if(!$check) { die("Database Query Failed: ".mysql_error()); } } When I log in I get this error: Database Query Failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM users WHERE username = Jamie' at line 1 I think its because of this line of code $user_query = mysql_query("SELECT FROM users WHERE username = {$username}"); which seems fine to me. EDIT: also it logs me in fine. just doesnt pull the information from the second query.. Hopefully you won't keep the die in there - and will switch to a better error handling system after development is done. You need to have single quotes around a non-numerical value in a mysql query. mysql_query("SELECT FROM users WHERE username = '{$username}'"); Quote Link to comment Share on other sites More sharing options...
jamcoupe Posted August 13, 2009 Author Share Posted August 13, 2009 I am still get errors.. When I log in I get the same error: Database Query Failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM users WHERE username = 'Jamie'' at line 1 And when I refresh login.php I get: Notice: Undefined index: username in /Applications/MAMP/htdocs/jstar/login.php on line 14 You are logged in ! heres my entire login.php script <?php require("includes/connect.php"); include("includes/header.php"); function query_check($check) { if(!$check) { die("Database Query Failed: ".mysql_error()); } } function loginUser() { session_start(); if (isset($_SESSION['logged']) && $_SESSION['logged'] == 1) { echo "You are logged in {$_SESSION['username']}!"; } else { if (!isset($_POST['submit'])) { echo "<form action=\"login.php\" method=\"post\" />"; echo "Username:<br /><input type=\"text\" name=\"username\" value=\"\" /><br />"; echo "Password:<br /><input type=\"password\" name=\"password\" value=\"\" /><br />"; echo "<br /><input type=\"submit\" name=\"submit\" v0alue=\"Register\" />"; echo "</form>"; } else { $username = $_POST['username']; $password = md5($_POST['password']); $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'"); $user_query = mysql_query("SELECT FROM users WHERE username = '$username'"); query_check($query); $returned_rows = mysql_num_rows($query); if ($returned_rows == 1) { $_SESSION['logged'] = 1; $user_query = mysql_query("SELECT FROM users WHERE username = '$username'"); query_check($user_query); $user = mysql_fetch_array($users_query); var_dump($user); $_SESSION['username'] = $user['username']; $_SESSION['email'] = $user['email']; if($user['level'] == 0) { $_SESSION['level'] = 0; } elseif($user['level'] == 9) { $_SESSION['level'] = 9; } echo "You are logged in {$_SESSION['username']}!"; } else { exit("Incorrect username/password"); } } } } loginUser(); include("includes/footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
Philip Posted August 13, 2009 Share Posted August 13, 2009 Also, you need to select something, mysql_query("SELECT FROM users WHERE username = '$username'"); VS mysql_query("SELECT username FROM users WHERE username = '$username'"); Quote Link to comment Share on other sites More sharing options...
jamcoupe Posted August 13, 2009 Author Share Posted August 13, 2009 but I want to take all the users information from the database so I can set user permissions. Quote Link to comment Share on other sites More sharing options...
TeNDoLLA Posted August 13, 2009 Share Posted August 13, 2009 Still you have to define what you are going to select from the users table. If you want all fields you must use '*' instead of field names. <?php mysql_query("SELECT * FROM users WHERE username = '$username'"); Quote Link to comment Share on other sites More sharing options...
jamcoupe Posted August 13, 2009 Author Share Posted August 13, 2009 Oh yeah I forgot the * Now when I log in it says Notice: Undefined variable: users_query in /Applications/MAMP/htdocs/jstar/login.php on line 37 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /Applications/MAMP/htdocs/jstar/login.php on line 37 bool(false) You are logged in ! The bool(false) appears when i added "var_dump($user);" Quote Link to comment Share on other sites More sharing options...
TeNDoLLA Posted August 13, 2009 Share Posted August 13, 2009 That because your query fails, and your query fails because the variable you declare and use in query is not called '$users_query' but it's called $user_query. I think you could try a little harder on your own also Quote Link to comment Share on other sites More sharing options...
jamcoupe Posted August 13, 2009 Author Share Posted August 13, 2009 Thanks tendolla for spotting my typo. And I only really started php programming a month ago so I do need help from time to time. When you enter the help forum usually thats what you are wanting to do is help someone not tell them to try on your own... because you could just tell everyone that posts in the help section that. Rant over. Thanks for helping me Quote Link to comment Share on other sites More sharing options...
TeNDoLLA Posted August 13, 2009 Share Posted August 13, 2009 Yeah I know.. sorry for that, it just seemed so .. well easy And I helped anyway. It was more like meant to courage you to very basic debug not to blame you or anything. Since the Notice says that 'undefined variable', means you have not defined such a variable that you try to access in your code. Kind of self explanatory. Next time you will know. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.