Jump to content


Photo

Would this possible work?(is it valid?)


  • This topic is locked This topic is locked
8 replies to this topic

#1 Demonic

Demonic
  • Members
  • PipPipPip
  • Advanced Member
  • 562 posts

Posted 10 October 2006 - 10:01 PM

<?php
ob_start();
include "config.php";
session_start();
if($logged[level] == 5){
$_SESSION['auth'] = true;
}else{
$_SESSION['auth'] = false;
}
if($_SESSION['auth'] == true){
//show some stuff
}elseif($_SESSION['auth'] == false){
include "login.php";
}
?>

config.php includes cookie would this possible work out

What im trying to manage is to check if a user is an administrator then use a session to tell the page that he is allowed to view the page else he can not view the page and it shows login page.

Can someone tell me if this is correct.

#2 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 10 October 2006 - 10:09 PM

It depends...

Where is the array $logged being set?, also where is the session being started? Other than those questions, why do you quote your session elements and not your $logged array elements.

me!

#3 Demonic

Demonic
  • Members
  • PipPipPip
  • Advanced Member
  • 562 posts

Posted 10 October 2006 - 10:12 PM

because I simply stated:

config.php includes cookie would this possible work out


meaning $logged is a cookie

and it does say

session_start();

Oh and about the $logged not being quoted its a whilestatement in my config.php

<?php
ob_start();
mysql_connect("localhost","root","*******") or die(mysql_error());
mysql_select_db("************") or die(mysql_error());
$cookieid = htmlspecialchars($_COOKIE[uid]);
$cookiepass = htmlspecialchars($_COOKIE[upass]);
$logged = mysql_query("SELECT * FROM users WHERE id='$cookieid' AND password='$cookiepass' ");
$logged = mysql_fetch_array($logged);
?>


#4 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 10 October 2006 - 10:21 PM

If you already set the cookie in config then why do you need ob_start(); You use ob_... functions when you need to hold content because later you may send a cookie or other header. I don't see any output happening so why do you have it. Other than that, the way you have it is fine as long as the cookie has been validated. I don't see where the cookie is coming from so there is no way to tell if that logic is sound.


me!

#5 Demonic

Demonic
  • Members
  • PipPipPip
  • Advanced Member
  • 562 posts

Posted 10 October 2006 - 10:22 PM

<?php
ob_start();
mysql_connect("localhost","root","*******") or die(mysql_error());
mysql_select_db("************") or die(mysql_error());
$cookieid = htmlspecialchars($_COOKIE[uid]);
$cookiepass = htmlspecialchars($_COOKIE[upass]);
$logged = mysql_query("SELECT * FROM users WHERE id='$cookieid' AND password='$cookiepass' ");
$logged = mysql_fetch_array($logged);
?>


Thats where cookie is coming from^config.php file

so other then what you said abuot the ob_start(); im fine?

#6 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 10 October 2006 - 10:27 PM

I think what printf is getting at is that your code is syntactically (is that even a word?) terrible, but the idea should work. Your initial code should have looked more like...

<?php
ob_start();
include "config.php";
session_start();
if ($logged['level'] == 5) {
  $_SESSION['auth'] = true;
} else {
  $_SESSION['auth'] = false;
}
if ($_SESSION['auth']) {
  //show some stuff
} else {
  include "login.php";
}
?>


#7 Demonic

Demonic
  • Members
  • PipPipPip
  • Advanced Member
  • 562 posts

Posted 10 October 2006 - 10:30 PM

Ok, But you aint have to be so mean about it. Could of just said I think he means that your coding is incorrect. and posted code. -_-

#8 eXodus

eXodus
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 10 October 2006 - 10:31 PM



EDITED BY eXodus: Curb your tongue thorpe.

#9 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 10 October 2006 - 10:32 PM

But you aint have to be so mean about it


Sorry... didn't intend it to be meen.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users