Jump to content

Recommended Posts

SQL.ink.php file:

 

$db_user = "test"; // Username
$db_pass = "test"; // Password
$db_database = "test"; // Database Name
$db_host = "test"; // Server Hostname

// DO NOT EDIT ANYTHING AFTER THIS LINE!
$db_connect = @mysql_connect ($db_host, $db_user, $db_pass);
$db_select = @mysql_select_db ($db_database);

 

page.php

 

include("sql.inc.php");

$q = mysql_query("SELECT * FROM `table` WHERE group = '5'") or die (mysql_error());
$r = mysql_fetch_array($q);

if($r['group'] == "1") {
// has access
} else {
// Doesnt have access
}

 

I have modified a user level php script, but it does not work :S I only get a grey page when i try to access it. I want that group number 1 cant access the site, but group number 5 can. Could you help me please :)

 

Link to comment
https://forums.phpfreaks.com/topic/277616-user-level-php-script/
Share on other sites

so, then my question becomes - how do you know what group the current visitor is in? you would need to use that information in the query, wouldn't you?

 

your query contains NOTHING that ties it to the current visitor, therefore it cannot work and needs to contain something that contains the group membership of the current visitor.

Okay i think i understand now. Can i do it like this:

 

When user signs in i Serialize the information I want to hold in my session.

 

"$userinfo = $row['userid'].','.$row['privs'];

$_SESSION['user'] = base64_encode(serialize($userinfo));"

 

And then i would then just unserialize the session and define variables with the values...:

 

// Fetch User Information

$member = unserialize(base64_decode($_SESSION['user']));
$mdata = explode(',',$member);
// Assign User Info
define ("USERID",$mdata[0]);
define ("PRIVS",$mdata[1]);

 

Then on one of my pages i would put:

 

// Check User Permissions
if (PRIVS < "3") { // Check to see if user is LEVEL 3 or higher
@header("Location:index.php?p=denied");// Send them to denied page
die("<script>window.location='index.php?p=denied';</script>"); //js redirect backup
}

You should store in the session the user's ID, and a unique value to each user, which is also stored in the database (not their password). Use this to select the user's info when you need to use it. There's no need to use base64 encoding, or serializing (you're serializing a string, btw. Useless upon useless.)

 

Make sure to add a die() after your header, and don't ever suppress errors.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.