[SOLVED] How do can I allow an admin to see something on a page but not a user.

jamcoupe · August 12, 2009

I have a database of users and in my table i have a field for the user level. The automatic value is 0 which will be users and if I want a user to be an admin I change the value to 9.

I have a news page and it looks through all the news and displays August the 12th, 2009 | Comments(0) | [edit] | [delete]

but I dont want to the allow the general users to see [edit] | [delete].

Can anyone push me in the right direction to making this happen?

p2grace · August 12, 2009

I assume user's have to login to view the page (if they don't create an admin login), then store their permission levels in $_SESSION vars. Then simply check if they have permission to edit/delete a record.

jamcoupe · August 12, 2009

Okay I dont really know how to set sessions that well... but this is what I have for the login function which does log users in fine but on the login page it displays:

Notice: Undefined index: logged in /Applications/MAMP/htdocs/jstar/login.php on line 13

(I commented above that line in my code)

userfunctions.php

function loginUser() {
session_start();
if ($_SESSION['logged'] == 1) {
	echo "You are logged in {$_SESSION['username']}!";
} else {
	if (!isset($_POST['submit'])) {
		echo "<form action=\"login.php\" method=\"post\" />";
		echo "Username:<br /><input type=\"text\" name=\"username\" value=\"\" /><br />";
		echo "Password:<br /><input type=\"password\" name=\"password\" value=\"\" /><br />";
		echo "<br /><input type=\"submit\" name=\"submit\" v0alue=\"Register\" />";
		echo "</form>";
	} else {
		$username = $_POST['username'];
		$password = md5($_POST['password']);

		$query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
		query_check($query);
		$returned_rows = mysql_num_rows($query);

		if ($returned_rows == 1) {
			$_SESSION['logged'] = 1;
				  $query = ("SELECT * FROM users WHERE username = {$_POST['username']} LIMIT 1");
				  query_check($query);
				  $results = mysql_query($query);
				  \\ line 13 below
				  $user = mysql_fetch_array($results);
				  
				  $_SESSION['username'] = $user['username'];
				  $_SESSION['email'] = $user['email'];
				  
				  if($user['level'] == 0) {
					 $_SESSION['level'] = 0;
				  }
				  if($user['level'] == 9) {
					  $_SESSION['level'] = 9;
				  }
			echo "You are logged in {$_SESSION['username']}!";
			exit;
		} else {
			exit("Incorrect username/password");
		}
	}
}

}

loginUser();

TeNDoLLA · August 12, 2009

That notice comes because in the first if you try to compare session variable that does not exists before user is logged in. You can avoud it using isset()

<?php
if (isset($_SESSION['logged']) && $_SESSION['logged'] == 1)

jamcoupe · August 12, 2009

Thanks thats solved that problem

However does anyone know how am I unable to get the users information into the sessions?

TeNDoLLA · August 12, 2009

After this line you should do some debugging and see if the data is there as you think it is... (e.g. use var_dump).

<?php
$user = mysql_fetch_array($results);
var_dump($user);

And make sure your mysql query doesnt fail. It is good idea to use mysql_error() during developmentin all mysql related stuff. E.g.

[code]
<?php
mysql_query($sql) or die(mysql_error());

jamcoupe · August 13, 2009

I have a function that does the mysql_error report

function query_check($check) {
if(!$check) {
	die("Database Query Failed: ".mysql_error());
}
}

When I log in I get this error:

Database Query Failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM users WHERE username = Jamie' at line 1

I think its because of this line of code

$user_query = mysql_query("SELECT FROM users WHERE username = {$username}");

which seems fine to me.

EDIT: also it logs me in fine. just doesnt pull the information from the second query..

Philip · August 13, 2009

I have a function that does the mysql_error report
function query_check($check) {
if(!$check) {
	die("Database Query Failed: ".mysql_error());
}
}
When I log in I get this error:

Database Query Failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM users WHERE username = Jamie' at line 1

I think its because of this line of code
$user_query = mysql_query("SELECT FROM users WHERE username = {$username}");
which seems fine to me.

EDIT: also it logs me in fine. just doesnt pull the information from the second query..

Hopefully you won't keep the die in there - and will switch to a better error handling system after development is done.

You need to have single quotes around a non-numerical value in a mysql query.

mysql_query("SELECT FROM users WHERE username = '{$username}'");

jamcoupe · August 13, 2009

I am still get errors.. :facewall:

When I log in I get the same error:

Database Query Failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM users WHERE username = 'Jamie'' at line 1

And when I refresh login.php I get:

Notice: Undefined index: username in /Applications/MAMP/htdocs/jstar/login.php on line 14
You are logged in !

heres my entire login.php script

<?php
require("includes/connect.php");
include("includes/header.php");

function query_check($check) {
if(!$check) {
	die("Database Query Failed: ".mysql_error());
}
}


function loginUser() {
session_start();
if (isset($_SESSION['logged']) && $_SESSION['logged'] == 1) {
	echo "You are logged in {$_SESSION['username']}!";
} else {

if (!isset($_POST['submit'])) {
	echo "<form action=\"login.php\" method=\"post\" />";
	echo "Username:<br /><input type=\"text\" name=\"username\" value=\"\" /><br />";
	echo "Password:<br /><input type=\"password\" name=\"password\" value=\"\" /><br />";
	echo "<br /><input type=\"submit\" name=\"submit\" v0alue=\"Register\" />";
	echo "</form>";
} else {
$username = $_POST['username'];
$password = md5($_POST['password']);

$query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
$user_query = mysql_query("SELECT FROM users WHERE username = '$username'");
	query_check($query);
$returned_rows = mysql_num_rows($query);

	if ($returned_rows == 1) {
		$_SESSION['logged'] = 1;
			$user_query = mysql_query("SELECT FROM users WHERE username = '$username'");
			query_check($user_query);
			$user = mysql_fetch_array($users_query);
			var_dump($user);
			$_SESSION['username'] = $user['username'];
			$_SESSION['email'] = $user['email'];

		if($user['level'] == 0) {
			$_SESSION['level'] = 0;
		} elseif($user['level'] == 9) {
			$_SESSION['level'] = 9;
		}
			echo "You are logged in {$_SESSION['username']}!";
		} else {
			exit("Incorrect username/password");
		}
	}
}
}

loginUser();

include("includes/footer.php");
?>

Philip · August 13, 2009

Also, you need to select something,

mysql_query("SELECT FROM users WHERE username = '$username'");

VS

mysql_query("SELECT username FROM users WHERE username = '$username'");

jamcoupe · August 13, 2009

but I want to take all the users information from the database so I can set user permissions.

TeNDoLLA · August 13, 2009

Still you have to define what you are going to select from the users table. If you want all fields you must use '*' instead of field names.

<?php
mysql_query("SELECT * FROM users WHERE username = '$username'");

jamcoupe · August 13, 2009

Oh yeah I forgot the *

Now when I log in it says

Notice: Undefined variable: users_query in /Applications/MAMP/htdocs/jstar/login.php on line 37

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /Applications/MAMP/htdocs/jstar/login.php on line 37

bool(false) You are logged in !

The bool(false) appears when i added "var_dump($user);"

TeNDoLLA · August 13, 2009

That because your query fails, and your query fails because the variable you declare and use in query is not called '$users_query' but it's called $user_query. I think you could try a little harder on your own also

jamcoupe · August 13, 2009

Thanks tendolla for spotting my typo. And I only really started php programming a month ago so I do need help from time to time. When you enter the help forum usually thats what you are wanting to do is help someone not tell them to try on your own... because you could just tell everyone that posts in the help section that. Rant over. Thanks for helping me

TeNDoLLA · August 13, 2009

Yeah I know.. sorry for that, it just seemed so .. well easy And I helped anyway. It was more like meant to courage you to very basic debug not to blame you or anything. Since the Notice says that 'undefined variable', means you have not defined such a variable that you try to access in your code. Kind of self explanatory. Next time you will know.

Sign In

[SOLVED] How do can I allow an admin to see something on a page but not a user.

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information