Bubblychaz Posted July 12, 2012 Share Posted July 12, 2012 In my members database I have a section called rank. Basically what im trying to do is make certain pages viewable to members with a rank higher than 12 for example, and if the rank is lower than 12 then they are redirected back to the home page. (obviously their will be lots of different pages for rank 5+ members, Rank 7+ members, rank 20+ members etc) Can anyone help me with a tutorial or something please? My database structure is: id int(11) username varchar(200) latin1_swedish_ci password varchar(216) latin1_swedish_ci security varchar(200) latin1_swedish_ci email varchar(216) latin1_swedish_ci ip varchar(200) latin1_swedish_ci rank varchar(216) latin1_swedish_ci name varchar(30) latin1_swedish_ci age varchar(40) latin1_swedish_ci gender varchar(40) latin1_swedish_ci location varchar(40) latin1_swedish_ci helpfaerie int(11) profile text latin1_swedish_ci about text latin1_swedish_ci tasks text latin1_swedish_ci joined varchar(216) latin1_swedish_ci laston int(200) icedmutereason text latin1_swedish_ci icedmutedetails text latin1_swedish_ci icedmuteby varchar(200) latin1_swedish_ci icedmutedate int(200) posts int(11) signature varchar(216) latin1_swedish_ci avatar varchar(216) latin1_swedish_ci neohtml text latin1_swedish_ci siggy text latin1_swedish_ci verify int(11) changedpass int(1) Ive tried doing this: Header.inc.php : $userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'")); $rank = $userinfo[rank]; $rank1 = $userinfo[rank1]; $rank2 = $userinfo[rank2]; $rank3 = $userinfo[rank3]; $rank4 = $userinfo[rank4]; if (!$checkrank) { $checkrank = 0; } if (!$rank) { $rank = 0; } if (!$rank == ' ') { $rank = 0; } if ($rank < $checkrank) { header("Location: $baseurl/index.php?error=You+can+not+view+this+page."); } if ($rank >= 30) { $admin = "<a href=\"$baseurl/staff/admin.php\">Admin</a>"; } Ranks are 5-30 The higher the rank the more of the staff lounge members can see, However No matter what peoples ranks are everyone can see the page (BUT THE ADMIN AREA, Thats the only thing no one can see other than RANK 30 people) At the top of each page I have (banners.php:) $checkrank = 5; if ($rank <= 0) { header("Location: $baseurl/index.php?article=$article&error=Only+SketchedNeo+staff+can+see+this."); } include ($_SERVER['DOCUMENT_ROOT'].'/staff/header.inc.php'); I asked on another forum, but didnt get any help really. Right now, Anyone can see these pages as long as they are signed up. So I think I need to start again, but just do not know where to start. Quote Link to comment Share on other sites More sharing options...
Jessica Posted July 12, 2012 Share Posted July 12, 2012 Ive tried doing this: Header.inc.php : $userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'")); $rank = $userinfo[rank]; $rank1 = $userinfo[rank1]; $rank2 = $userinfo[rank2]; $rank3 = $userinfo[rank3]; $rank4 = $userinfo[rank4]; WHY did you try doing that? First of all, you need to turn on error reporting to E_ALL, so you can get proper errors and notices. You'd have seen that you're doing several things wrong. 1. Why, if your table contains one column called rank, are you looking for rank1, rank2, rank3 and rank4? 2. strings as array keys must be quoted. $userinfo['rank'] will have your rank. 3. Then it's just a simple less than or equal to comparison. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 12, 2012 Share Posted July 12, 2012 I would recommend using defined constants for your numerical levels, so that you can change them easily, if needed, by changing the constant values, rather than going through all the code and finding and changing the literal numbers throughout it. It will also make your code easier to understand. define('ADMIN',30); if ($rank >= ADMIN){... admin only code ...} Quote Link to comment Share on other sites More sharing options...
Bubblychaz Posted July 12, 2012 Author Share Posted July 12, 2012 Ive tried doing this: Header.inc.php : $userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'")); $rank = $userinfo[rank]; $rank1 = $userinfo[rank1]; $rank2 = $userinfo[rank2]; $rank3 = $userinfo[rank3]; $rank4 = $userinfo[rank4]; WHY did you try doing that? First of all, you need to turn on error reporting to E_ALL, so you can get proper errors and notices. You'd have seen that you're doing several things wrong. 1. Why, if your table contains one column called rank, are you looking for rank1, rank2, rank3 and rank4? 2. strings as array keys must be quoted. $userinfo['rank'] will have your rank. 3. Then it's just a simple less than or equal to comparison. You just completely lost me.. Okay.. So I remove these $rank1 = $userinfo[rank1]; $rank2 = $userinfo[rank2]; $rank3 = $userinfo[rank3]; $rank4 = $userinfo[rank4]; (I learnt from a half attempted tutorial) Turn off error reporting??? error=You+can+not+view+this+page or $geterror= $_GET['error']; $error= stripplus($geterror); Quote Link to comment Share on other sites More sharing options...
Jessica Posted July 12, 2012 Share Posted July 12, 2012 http://php.net/manual/en/function.error-reporting.php Quote Link to comment Share on other sites More sharing options...
Bubblychaz Posted July 12, 2012 Author Share Posted July 12, 2012 I would recommend using defined constants for your numerical levels, so that you can change them easily, if needed, by changing the constant values, rather than going through all the code and finding and changing the literal numbers throughout it. It will also make your code easier to understand. define('ADMIN',30); if ($rank >= ADMIN){... admin only code ...} I can definitely see the logic here, However if these are ranks: 30 - Admin 25 Graphics staff 20 Guides staff 15 News staff Admin can see all pages, Graphics staff can see all pages but Admin page Guides staff can see all pages but admin and Graphics and news can see all pages but Admin, graphics and Guide staff's. How would this work? Quote Link to comment Share on other sites More sharing options...
Bubblychaz Posted July 12, 2012 Author Share Posted July 12, 2012 http://php.net/manual/en/function.error-reporting.php Thanks Ive got error_reporting(E_ALL); ini_set("display_errors", 1); In the script now Quote Link to comment Share on other sites More sharing options...
andrew_biggart Posted July 12, 2012 Share Posted July 12, 2012 The easiest way to do this would be to set a session or a cookie with the user rank, whenever a user logs in. Then at the top of the page try something like the following. <?php session_start(); // Rank Limit $limit = 7; // Using a session $rank = $_SESSION['rank']; // Using a cookie $rank = $_COOKIE['rank']; if ($rank < $limit) { header("your-page-name.php"); exit(); die(); } ?> Quote Link to comment Share on other sites More sharing options...
Bubblychaz Posted July 12, 2012 Author Share Posted July 12, 2012 The easiest way to do this would be to set a session or a cookie with the user rank, whenever a user logs in. Then at the top of the page try something like the following. <?php session_start(); // Rank Limit $limit = 7; // Using a session $rank = $_SESSION['rank']; // Using a cookie $rank = $_COOKIE['rank']; if ($rank < $limit) { header("your-page-name.php"); exit(); die(); } ?> I get an internal error 500 I tested it as rank 5, 15, and 30 font page coding <?php $pagetitle = "Add Font"; session_start(); // Rank Limit $limit = 10; // Using a session $rank = $_SESSION['rank']; // Using a cookie $rank = $_COOKIE['rank']; if ($rank < $limit) { header("$baseurl/index.php?error=You+can+not+view+this+page."); exit(); die(); } include ($_SERVER['DOCUMENT_ROOT'].'/staff/header.inc.php'); ECHO <<<END Header coding <?php include ($_SERVER['DOCUMENT_ROOT'].'/dblink.php'); include ($_SERVER['DOCUMENT_ROOT'].'/addon.php'); $geterror= $_GET['error']; $error= stripplus($geterror); $extra = mysql_fetch_array(mysql_query("SELECT * FROM extra WHERE id='1'")); $cp = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username = '$username'")); $weather = $extra[weather]; $wurl = $extra[wurl]; $games = $extra[games]; $xword = $extra[xword]; $xword2 = $extra[xword2]; $xworddate = date("M j Y",$extra[xworddate]); $userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'")); $rank = $userinfo[rank]; if (!$checkrank) { $checkrank = 0; } if (!$rank) { $rank = 0; } if (!$rank == ' ') { $rank = 0; } if ($rank < $checkrank) { header("Location: $baseurl/index.php?error=You+can+not+view+this+page."); } if ($rank >= 30) { $admin = "<a href=\"$baseurl/staff/admin.php\">Admin</a>"; } if ($username) { mysql_query("UPDATE members SET laston = $timestamp+120 WHERE username='$username'"); mysql_query("UPDATE members SET ip = '$ip' WHERE username='$username'"); $login = "Welcome $username <a href=\"$baseurl/logout.php\" >Logout</a>"; $helpfaerie = "<a href=\"$baseurl/helpfaerie.php\" >Help Faerie</a>"; } else { $login = "<form name=\"login\" action=\"$baseurl/login.pro.php\" method=\"post\" > <input type=\"hidden\" name=\"act\" value=\"doLogin\" color=\"#000000\" valign=\"middle\" > Username: <input type=\"text\" name=\"username\" color=\"#000000\" style=\"width:100px; height:20px;font-size:10px;\"> Password: <input type=\"password\" name=\"password\" style=\"width:100px; height:20px;font-size:10px;\"> <input type=\"submit\" name=\"submit\" value=\"Login\" style=\"width:42px; height:20px;font-size:10px;\"></form>"; } ECHO <<<END if ($rank >= 30) { $admin = "<a href=\"$baseurl/staff/admin.php\">Admin</a>"; } This bit works great, In my page coding I the have $admin page link. Which only shows to rank 30 people. Quote Link to comment Share on other sites More sharing options...
andrew_biggart Posted July 12, 2012 Share Posted July 12, 2012 Have you created the session or cookie in your login script? I notice you are still setting the rank variable with both a session and a cookie. You need to choose one method. Quote Link to comment Share on other sites More sharing options...
Bubblychaz Posted July 12, 2012 Author Share Posted July 12, 2012 Have you created the session or cookie in your login script? I notice you are still setting the rank variable with both a session and a cookie. You need to choose one method. Login script is now <?php include ($_SERVER['DOCUMENT_ROOT'].'/dblink.php'); ?> <?php include ($_SERVER['DOCUMENT_ROOT'].'/addon.php'); ?> <?php $username=$_POST['username']; $password=$_POST['password']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $checkus = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'")); $pword2 = md5($password); $check = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username' AND password='$pword2'")); $changepass = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'")); if($changepass[changedpass] == 0) { die(header("Location: $baseurl/change_pass.php?error=Please+update+your+details+to+keep+your+account+safe.")); } if ($check[username]) { if($check[verify]==1) { setcookie("lutari_user",$check[username], time()+60*60*24*365, "/staff/"); setcookie("lutari_pass",$check[password],time()+60*60*24*365, "/staff/"); setcookie("sketchedneo_user",$check[username], time()+60*60*24*365, "/staff/"); setcookie("sketchedneo_pass",$check[password], time()+60*60*24*365, "/staff/"); die(header("Location: $baseurl/staff/index1.php?error=Welcome+back+$username+")); } if($check[verify]==0) { die(header("Location: $baseurl/staff/index.php?error=Please+check+your+emails+and+activate+your+account.")); } } else { die(header("Location: $baseurl/staff/index.php?error=Error++Please+check+your+details+or+register.")); } session_start(); // Rank Limit $limit = 1; // Using a session $rank = $_SESSION['rank']; // Using a cookie $rank = $_COOKIE['rank']; if ($rank < $limit) { header("$baseurl/index.php?error=You+can+not+view+this+page."); exit(); die(); } ?> (i just put rank limit as 1 as the index info page is the page all members can see) Im a little confused to what now sits at the top of pages? I do also remove if (!$checkrank) { $checkrank = 0; } if (!$rank) { $rank = 0; } if (!$rank == ' ') { $rank = 0; } if ($rank < $checkrank) { header("Location: $baseurl/index.php?error=You+can+not+view+this+page."); } $userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'")); $rank = $userinfo[rank]; I dont know how I would re-code this next one if removed if ($rank >= 30) { $admin = "<a href=\"$baseurl/staff/admin.php\">Admin</a>"; } and then on all pages Do I removed $checkrank = 5; Im a little confused Quote Link to comment Share on other sites More sharing options...
andrew_biggart Posted July 13, 2012 Share Posted July 13, 2012 Ok after reading through the above code, I have a vague idea of what exactly you are trying to achieve. At the moment your code is very bloated and not very logical. At the moment you are still not setting the rank cookie OR session within your login script so the example I sent you will not work. Because you are already using cookies within your code we will stick with that. You can set this variable by adding the following line of code in your login script where you are already setting your cookies. <?php setcookie("lutari_rank",$check[username], time()+60*60*24*365, "/staff/"); ?> Then on each page you want to lock off add something like this to the top of the page. <?php // Rank Limit $limit = 10; // Using a cookie $rank = $_COOKIE['utari_rank']; if ($rank < $limit) { header("$baseurl/index.php?error=You+can+not+view+this+page."); exit(); die(); } include ($_SERVER['DOCUMENT_ROOT'].'/staff/header.inc.php'); ?> Hopefully this is what you are looking to achieve and I have explained it well enough. Obviously you will have to use the page id, section id category is or what ever bit of the website you are on to dictate the limit you are checking against. You would probably need to use if statements for this bit. Like if($pageid <10){ $limit = 10; }. On a second note I have noticed that you are using md5 on your password. Please do not use md5 for passwords. There are hundreds of password hashing posts on this forum that can recommend how to handle password. The one I have used for my custom CMS is called phpass. Google it. Wordpress also use it (Not that that makes it the be all and end all). Just a recommendation. If you continue to use md5, you might as well not bother locking off any sections of your website as md5 can be broken in less than 10 minutes with a standard computer. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 13, 2012 Share Posted July 13, 2012 DON'T use a cookie to hold the user's rank. You will almost immediately have everyone become an administrator to your site since anyone can edit a cookie and put any value they want into it. Quote Link to comment Share on other sites More sharing options...
DavidAM Posted July 13, 2012 Share Posted July 13, 2012 DON'T use a cookie to hold the user's rank. You will almost immediately have everyone become an administrator to your site since anyone can edit a cookie and put any value they want into it. setcookie("lutari_user",$check[username], time()+60*60*24*365, "/staff/"); setcookie("lutari_pass",$check[password],time()+60*60*24*365, "/staff/"); setcookie("sketchedneo_user",$check[username], time()+60*60*24*365, "/staff/"); setcookie("sketchedneo_pass",$check[password], time()+60*60*24*365, "/staff/"); And do NOT EVER store the user's password in a cookie!!! There is NO reason to keep the user's password floating around in a Cookie or a Session, EVER. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.