HDFilmMaker2112 Posted September 11, 2011 Share Posted September 11, 2011 Partially a continuation from my other thread, as this a little similar, but... The below should be redirecting a user that is not logged into the admin control panel back to the admincp log-in page. Instead it's showing the actual page. This is only the case if the user has a cadmin number of 3 or 4... so it is limiting the access to people that should have access and blocking those that shouldn't. But it should still be pointing a user not logged in back to the admincp log-in page because the mypassword3 session variable should not be set. When I var_dump $_SESSION mypassword3 is NULL. Everything else is set properly. <?php require_once 'db_select.php'; require_once 'func.php'; session_start(); $cadmin2=$_SESSION['admin_check']; if($cadmin2=="4" || $cadmin2=="3" && isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){ if($_GET['view']=="applications"){ $section.=' - New Applications'; $content.=' <div class="main"> <div class="main_header">New Investor Applications</div> </div> '; } elseif($_GET['view']=="accounts"){ $section.=' - View Accounts'; $content.=' <div class="main"> <div class="main_header">View Investor Accounts</div> </div> '; } else{ header("Location: ./index.php?admincp"); } } else{ header("Location: ./index.php?usercp"); } ?> Here's the admin panel/admin panel log-in if it helps anything: <?php require_once 'func.php'; session_start(); $cadmin2=$_SESSION['admin_check']; if($cadmin2=="3" || $cadmin2=="4"){ if(isset($_SESSION['myusername2']) && kam3($_POST['password'])==$_SESSION['mypassword2'] || isset($_SESSION['myusername2']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){ if(!empty($_POST['password'])){ $_SESSION['mypassword3']=kam3($_POST['password']); } $content.=' <div class="main"> <p class="main_header">Admin Control Panel</p> </div> <div class="usercp_links">'; if($cadmin2=="4"){ $content.=' <div class="ilink"> <a href="./index.php?admincp=users&do=add">New User</a> </div> <div class="ilink"> <a href="./index.php?admincp=investors&view=applications">Investor Applications</a> </div> <div class="ilink"> <a href="./index.php?admincp=requests&view=donation">Additional Donation Requests</a> </div> '; } $content.=' <div class="ilink"> <a href="./index.php?admincp=manage&view=ideas">Manage Idea Submissions</a> </div> </div> <div class="usercp_links">'; if($cadmin2=="4"){ $content.=' <div class="ilink"> <a href="./index.php?admincp=users&do=edit">Edit Users</a> </div> <div class="ilink"> <a href="./index.php?admincp=investors&view=accounts">Investor Accounts</a> </div> <!--<div class="ilink"> <a href="./index.php?admincp=requests&view=credit">Additional Credit Requests</a> </div>-->'; } $content.=' <div class="ilink"> <a href="./index.php?admincp=manage&view=exclusive">Manage Exclusive Content</a> </div> <div class="ilink"> <a href="./logout.php?logout=admin">Log-Out</a> </div> </div>'; } else{ if(!isset($_SESSION['myusername2'])){ header("Location: ./index.php"); } $content=' <table class="actors_table"> <tr> <td align="center">'; if(isset($_GET['e']) && $_GET['e']=="0") { $content .= '<span style="color: #FF0000; font-weight: bold;">Incorrect Username or Password</span><br/><br/>'; } else{ $content .=""; } $content .='Re-Type your password to view this information: <form action="" method="post"> <p>Username: <input type="text" name="username" value="'.$_SESSION['myusername2'].'" disabled="disabled" /></p> <p>Password: <input type="password" name="password" /></p> <p><input type="submit" value="Submit" name="Submit" /></p> </form> </td> </tr> </table> '; } } else{ header("Location: ./index.php?usercp"); } ?> Quote Link to comment Share on other sites More sharing options...
sunfighter Posted September 12, 2011 Share Posted September 12, 2011 First: $section.=' - New Applications'; $content.=' The .= adds to a string that is already defined. You have not defined either and from what I see you don't need to, just change the .= to = I think your problem is in the main logic: if($cadmin2=="4" || $cadmin2=="3" && isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']) If you set $cadmin2=="4" it will work, even if $_SESSION['mypassword3'] is set or unset. If you set $cadmin2=="3" it wont work because your logic needs to have $_SESSION['mypassword3'] set. Is this what you want? mypassword3 and mypassword2 can be anything it don't use it. So in English what is the logic you need here? Quote Link to comment Share on other sites More sharing options...
HDFilmMaker2112 Posted September 12, 2011 Author Share Posted September 12, 2011 I need people to have access to the page when they are either $cadmin=4 or $cadmin=3 and mypassword3 is set and mypassword3 = mypassword2 So User A = $cadmin=4 and mypassword3 = mypassword2 would work User B = $cadmin=3 and mypassword3 = mypassword2 would work User C = $cadmin=2 would not work. Or when mypassword3 isn't set or doesn't equal mypassword2. Quote Link to comment Share on other sites More sharing options...
HDFilmMaker2112 Posted September 12, 2011 Author Share Posted September 12, 2011 Had to change it to this: if($cadmin2=="4" && isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2'] || $cadmin2=="3" && isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){ Seems pointless that I essentially had to double the length of the if statement conditional. Quote Link to comment Share on other sites More sharing options...
sunfighter Posted September 12, 2011 Share Posted September 12, 2011 something a little shorter: if ((isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']) && ($cadmin2=="4" || $cadmin2=="3")) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.