Jump to content

Recommended Posts

In my members database I have a section called rank.

 

Basically what im trying to do is make certain pages viewable to members with a rank higher than 12 for example, and if the rank is lower than 12 then they are redirected back to the home page. (obviously their will be lots of different pages for rank 5+ members, Rank 7+ members, rank 20+ members etc)

 

Can anyone help me with a tutorial or something please?

 

My database structure is:

id int(11) 
username varchar(200) latin1_swedish_ci 
password varchar(216) latin1_swedish_ci 
security varchar(200) latin1_swedish_ci 
email varchar(216) latin1_swedish_ci 
ip varchar(200) latin1_swedish_ci 
rank varchar(216) latin1_swedish_ci 
name varchar(30) latin1_swedish_ci 
age varchar(40) latin1_swedish_ci 
gender varchar(40) latin1_swedish_ci 
location varchar(40) latin1_swedish_ci 
helpfaerie int(11) 
profile text latin1_swedish_ci 
about text latin1_swedish_ci 
tasks text latin1_swedish_ci 
joined varchar(216) latin1_swedish_ci 
laston int(200) 
icedmutereason text latin1_swedish_ci 
icedmutedetails text latin1_swedish_ci 
icedmuteby varchar(200) latin1_swedish_ci 
icedmutedate int(200) 
posts int(11) 
signature varchar(216) latin1_swedish_ci 
avatar varchar(216) latin1_swedish_ci 
neohtml text latin1_swedish_ci 
siggy text latin1_swedish_ci 
verify int(11) 
changedpass int(1) 

 

Ive tried doing this:

 

Header.inc.php :

 

$userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'"));
$rank = $userinfo[rank];
$rank1 = $userinfo[rank1];
$rank2 = $userinfo[rank2];
$rank3 = $userinfo[rank3];
$rank4 = $userinfo[rank4];



if (!$checkrank) { $checkrank = 0; }
if (!$rank) { $rank = 0; }
if (!$rank == ' ') { $rank = 0; }
if ($rank < $checkrank)
{

     header("Location: $baseurl/index.php?error=You+can+not+view+this+page.");
}

if ($rank >= 30)
{

    $admin = "<a href=\"$baseurl/staff/admin.php\">Admin</a>";
}

 

 

Ranks are 5-30 The higher the rank the more of the staff lounge members can see, However No matter what peoples ranks are everyone can see the page (BUT THE ADMIN AREA, Thats the only thing no one can see other than RANK 30 people)

 

At the top of each page I have (banners.php:)

 

 $checkrank = 5;

    if ($rank <= 0)
    {
                header("Location: $baseurl/index.php?article=$article&error=Only+SketchedNeo+staff+can+see+this.");

    }

include ($_SERVER['DOCUMENT_ROOT'].'/staff/header.inc.php');

 

I asked on another forum, but didnt get any help really.

 

Right now, Anyone can see these pages as long as they are signed up. So I think I need to start again, but just do not know where to start.

 

Ive tried doing this:

 

Header.inc.php :

 

$userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'"));
$rank = $userinfo[rank];
$rank1 = $userinfo[rank1];
$rank2 = $userinfo[rank2];
$rank3 = $userinfo[rank3];
$rank4 = $userinfo[rank4];

 

WHY did you try doing that?

 

First of all, you need to turn on error reporting to E_ALL, so you can get proper errors and notices. You'd have seen that you're doing several things wrong.

1. Why, if your table contains one column called rank, are you looking for rank1, rank2, rank3 and rank4?

2. strings as array keys must be quoted. $userinfo['rank'] will have your rank.

3. Then it's just a simple less than or equal to comparison.

I would recommend using defined constants for your numerical levels, so that you can change them easily, if needed, by changing the constant values, rather than going through all the code and finding and changing the literal numbers throughout it. It will also make your code easier to understand.

 

define('ADMIN',30);

 

if ($rank >= ADMIN){... admin only code ...}

 

Ive tried doing this:

 

Header.inc.php :

 

$userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'"));
$rank = $userinfo[rank];
$rank1 = $userinfo[rank1];
$rank2 = $userinfo[rank2];
$rank3 = $userinfo[rank3];
$rank4 = $userinfo[rank4];

 

WHY did you try doing that?

 

First of all, you need to turn on error reporting to E_ALL, so you can get proper errors and notices. You'd have seen that you're doing several things wrong.

1. Why, if your table contains one column called rank, are you looking for rank1, rank2, rank3 and rank4?

2. strings as array keys must be quoted. $userinfo['rank'] will have your rank.

3. Then it's just a simple less than or equal to comparison.

 

 

You just completely lost me..

 

Okay.. So I remove these

$rank1 = $userinfo[rank1];

$rank2 = $userinfo[rank2];

$rank3 = $userinfo[rank3];

$rank4 = $userinfo[rank4];

 

 

(I learnt from a half attempted tutorial)

 

 

Turn off error reporting???

 

error=You+can+not+view+this+page

 

 

or

 

$geterror= $_GET['error'];

$error= stripplus($geterror);

I would recommend using defined constants for your numerical levels, so that you can change them easily, if needed, by changing the constant values, rather than going through all the code and finding and changing the literal numbers throughout it. It will also make your code easier to understand.

 

define('ADMIN',30);

 

if ($rank >= ADMIN){... admin only code ...}

 

I can definitely see the logic here, However

 

if these are ranks:

 

30 - Admin

25 Graphics staff

20 Guides staff

15 News staff

 

Admin can see all pages,

Graphics staff can see all pages but Admin page

Guides staff can see all pages but admin and Graphics

and news can see all pages but Admin, graphics and Guide staff's.

 

How would this work?

The easiest way to do this would be to set a session or a cookie with the user rank, whenever a user logs in. Then at the top of the page try something like the following.

 

<?php 
session_start();
        
       // Rank Limit
       $limit = 7;

        // Using a session 
$rank = $_SESSION['rank'];

       // Using a cookie
       $rank = $_COOKIE['rank'];

if ($rank < $limit) {
	header("your-page-name.php");
	exit();
	die();
}
?>

The easiest way to do this would be to set a session or a cookie with the user rank, whenever a user logs in. Then at the top of the page try something like the following.

 

<?php 
session_start();
        
       // Rank Limit
       $limit = 7;

        // Using a session 
$rank = $_SESSION['rank'];

       // Using a cookie
       $rank = $_COOKIE['rank'];

if ($rank < $limit) {
	header("your-page-name.php");
	exit();
	die();
}
?>

 

 

I get an internal error 500

 

 

I tested it as rank 5, 15, and 30

 

font page coding

 

<?php
$pagetitle = "Add Font";

     
      


session_start();
   
// Rank Limit
       $limit = 10;
   
        // Using a session 
$rank = $_SESSION['rank'];

       // Using a cookie
       $rank = $_COOKIE['rank'];

if ($rank < $limit) {
	header("$baseurl/index.php?error=You+can+not+view+this+page.");
	exit();
	die();
}


include ($_SERVER['DOCUMENT_ROOT'].'/staff/header.inc.php');


ECHO <<<END

 

 

Header coding

 

<?php 

include ($_SERVER['DOCUMENT_ROOT'].'/dblink.php'); 
include ($_SERVER['DOCUMENT_ROOT'].'/addon.php'); 

$geterror= $_GET['error'];

$error= stripplus($geterror);

$extra = mysql_fetch_array(mysql_query("SELECT * FROM extra WHERE id='1'"));


$cp = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username = '$username'"));



$weather = $extra[weather];
$wurl = $extra[wurl];
$games = $extra[games];
$xword = $extra[xword];
$xword2 = $extra[xword2];
$xworddate = date("M j Y",$extra[xworddate]); 
$userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'"));
$rank = $userinfo[rank];




if (!$checkrank) { $checkrank = 0; }
if (!$rank) { $rank = 0; }
if (!$rank == ' ') { $rank = 0; }
if ($rank < $checkrank)
{

 header("Location: $baseurl/index.php?error=You+can+not+view+this+page.");
}




if ($rank >= 30)
{

$admin = "<a href=\"$baseurl/staff/admin.php\">Admin</a>";
}


if ($username)
{

mysql_query("UPDATE members SET laston = $timestamp+120 WHERE username='$username'");

mysql_query("UPDATE members SET ip = '$ip' WHERE username='$username'");

$login = "Welcome $username  <a href=\"$baseurl/logout.php\" >Logout</a>";

$helpfaerie = "<a href=\"$baseurl/helpfaerie.php\" >Help Faerie</a>";

}

else
{
$login = "<form name=\"login\" action=\"$baseurl/login.pro.php\" method=\"post\"  > <input type=\"hidden\" name=\"act\" value=\"doLogin\" color=\"#000000\" valign=\"middle\" > Username: <input type=\"text\" name=\"username\" color=\"#000000\"  style=\"width:100px; height:20px;font-size:10px;\">
Password: <input type=\"password\" name=\"password\"  style=\"width:100px; height:20px;font-size:10px;\"> <input type=\"submit\" name=\"submit\" value=\"Login\" style=\"width:42px; height:20px;font-size:10px;\"></form>";


}


ECHO <<<END

 

 

if ($rank >= 30)
{

$admin = "<a href=\"$baseurl/staff/admin.php\">Admin</a>";
}

This bit works great, In my page coding I the have $admin page link. Which only shows to rank 30 people.

Have you created the session or cookie in your login script? I notice you are still setting the rank variable with both a session and a cookie. You need to choose one method.

 

Login script is now

 

<?php include ($_SERVER['DOCUMENT_ROOT'].'/dblink.php'); ?>
<?php include ($_SERVER['DOCUMENT_ROOT'].'/addon.php'); ?>
<?php



$username=$_POST['username']; 
$password=$_POST['password'];



$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$checkus = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'"));

$pword2 = md5($password);



$check = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username' AND password='$pword2'"));

$changepass = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'"));

if($changepass[changedpass] == 0)
{
			   die(header("Location: $baseurl/change_pass.php?error=Please+update+your+details+to+keep+your+account+safe."));
}


if ($check[username])
{
if($check[verify]==1)
{

setcookie("lutari_user",$check[username], time()+60*60*24*365, "/staff/");
setcookie("lutari_pass",$check[password],time()+60*60*24*365,  "/staff/");
setcookie("sketchedneo_user",$check[username], time()+60*60*24*365, "/staff/");
setcookie("sketchedneo_pass",$check[password], time()+60*60*24*365, "/staff/");
	   die(header("Location: $baseurl/staff/index1.php?error=Welcome+back+$username+"));
}

if($check[verify]==0)
{
			   die(header("Location: $baseurl/staff/index.php?error=Please+check+your+emails+and+activate+your+account."));
}
}
else
{
		   die(header("Location: $baseurl/staff/index.php?error=Error++Please+check+your+details+or+register."));
}

session_start();
   
// Rank Limit
       $limit = 1;
   
        // Using a session 
$rank = $_SESSION['rank'];

       // Using a cookie
       $rank = $_COOKIE['rank'];

if ($rank < $limit) {
	header("$baseurl/index.php?error=You+can+not+view+this+page.");
	exit();
	die();


}

?>

 

(i just put rank limit as 1 as the index info page is the page all members can see)

 

 

Im a little confused to what now sits at the top of pages?

 

I do also remove

 

if (!$checkrank) { $checkrank = 0; }
if (!$rank) { $rank = 0; }
if (!$rank == ' ') { $rank = 0; }
if ($rank < $checkrank)
{

 header("Location: $baseurl/index.php?error=You+can+not+view+this+page.");
}

 

$userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'"));
$rank = $userinfo[rank];

 

I dont know how I would re-code this next one if removed

if ($rank >= 30)
{

$admin = "<a href=\"$baseurl/staff/admin.php\">Admin</a>";
}

 

 

and then on all pages Do I removed

 

$checkrank = 5;

 

Im a little confused

Ok after reading through the above code, I have a vague idea of what exactly you are trying to achieve. At the moment your code is very bloated and not very logical.

 

At the moment you are still not setting the rank cookie OR session within your login script so the example I sent you will not work. Because you are already using cookies within your code we will stick with that.

 

You can set this variable by adding the following line of code in your login script where you are already setting your cookies.

<?php
    setcookie("lutari_rank",$check[username], time()+60*60*24*365, "/staff/");
?>

 

Then on each page you want to lock off add something like this to the top of the page.

<?php
   
   // Rank Limit
   $limit = 10;
   
   // Using a cookie
   $rank = $_COOKIE['utari_rank'];

   if ($rank < $limit) {
      header("$baseurl/index.php?error=You+can+not+view+this+page.");
      exit();
      die();
   }

   include ($_SERVER['DOCUMENT_ROOT'].'/staff/header.inc.php');
?>

 

Hopefully this is what you are looking to achieve and I have explained it well enough. Obviously you will have to use the page id, section id category is or what ever bit of the website you are on to dictate the limit you are checking against.

 

You would probably need to use if statements for this bit. Like if($pageid <10){ $limit = 10; }.

 

On a second note I have noticed that you are using md5 on your password. Please do not use md5 for passwords. There are hundreds of password hashing posts on this forum that can recommend how to handle password. The one I have used for my custom CMS is called phpass. Google it. Wordpress also use it (Not that that makes it the be all and end all). Just a recommendation.

 

If you continue to use md5, you might as well not bother locking off any sections of your website as md5 can be broken in less than 10 minutes with a standard computer.

 

 

DON'T use a cookie to hold the user's rank. You will almost immediately have everyone become an administrator to your site since anyone can edit a cookie and put any value they want into it.

 

 

 

setcookie("lutari_user",$check[username], time()+60*60*24*365, "/staff/");
setcookie("lutari_pass",$check[password],time()+60*60*24*365,  "/staff/");
setcookie("sketchedneo_user",$check[username], time()+60*60*24*365, "/staff/");
setcookie("sketchedneo_pass",$check[password], time()+60*60*24*365, "/staff/");

 

And do NOT EVER store the user's password in a cookie!!! There is NO reason to keep the user's password floating around in a Cookie or a Session, EVER.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.