maprixx Posted May 4, 2013 Share Posted May 4, 2013 SQL.ink.php file: $db_user = "test"; // Username$db_pass = "test"; // Password$db_database = "test"; // Database Name$db_host = "test"; // Server Hostname// DO NOT EDIT ANYTHING AFTER THIS LINE!$db_connect = @mysql_connect ($db_host, $db_user, $db_pass);$db_select = @mysql_select_db ($db_database); page.php include("sql.inc.php");$q = mysql_query("SELECT * FROM `table` WHERE group = '5'") or die (mysql_error());$r = mysql_fetch_array($q);if($r['group'] == "1") {// has access} else {// Doesnt have access} I have modified a user level php script, but it does not work :S I only get a grey page when i try to access it. I want that group number 1 cant access the site, but group number 5 can. Could you help me please Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/ Share on other sites More sharing options...
Jessica Posted May 4, 2013 Share Posted May 4, 2013 Select * where group = 5 Then if group == 1 do something How does that make any sense?? Neither of your cases do anything though. Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428152 Share on other sites More sharing options...
maprixx Posted May 4, 2013 Author Share Posted May 4, 2013 Select * where group = 5 Then if group == 1 do something How does that make any sense?? Neither of your cases do anything though. Hehe, cant php so much ^^ Could you help me out to make it right Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428153 Share on other sites More sharing options...
mac_gyver Posted May 4, 2013 Share Posted May 4, 2013 how do you know who the current visitor is in your code? you would need to use that information in the query, wouldn't you? Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428154 Share on other sites More sharing options...
maprixx Posted May 4, 2013 Author Share Posted May 4, 2013 No you dont need that. The whole website has usergroups to every page Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428181 Share on other sites More sharing options...
Jessica Posted May 4, 2013 Share Posted May 4, 2013 How do you know what user is viewing the page? Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428188 Share on other sites More sharing options...
mac_gyver Posted May 4, 2013 Share Posted May 4, 2013 so, then my question becomes - how do you know what group the current visitor is in? you would need to use that information in the query, wouldn't you? your query contains NOTHING that ties it to the current visitor, therefore it cannot work and needs to contain something that contains the group membership of the current visitor. Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428190 Share on other sites More sharing options...
maprixx Posted May 4, 2013 Author Share Posted May 4, 2013 hehe like i sayd I am a noob in php, maybe you can give me some links how i can track the visitors Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428222 Share on other sites More sharing options...
Jessica Posted May 4, 2013 Share Posted May 4, 2013 So it sounds like you don't have any kind of authentication in place already. Do your users register and login? Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428224 Share on other sites More sharing options...
maprixx Posted May 4, 2013 Author Share Posted May 4, 2013 Ye they register. And after that they have access to everything. But i want to block some sites so that they have to pay for it through paypal. Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428227 Share on other sites More sharing options...
Jessica Posted May 4, 2013 Share Posted May 4, 2013 So how does your site know if a visitor is logged in or not? Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428228 Share on other sites More sharing options...
maprixx Posted May 4, 2013 Author Share Posted May 4, 2013 I am using a session script. Link to it: http://pastebin.com/fRqLSYaG Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428229 Share on other sites More sharing options...
maprixx Posted May 4, 2013 Author Share Posted May 4, 2013 And here is the process script: http://pastebin.com/dWCwzJG8 Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428230 Share on other sites More sharing options...
Jessica Posted May 4, 2013 Share Posted May 4, 2013 I'm not really interested in reading your code. The point is you know what user is logged in. You then need to determine if the user who is logged in is in the right group to view the page. What are you stuck on? Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428232 Share on other sites More sharing options...
maprixx Posted May 4, 2013 Author Share Posted May 4, 2013 Okay i think i understand now. Can i do it like this: When user signs in i Serialize the information I want to hold in my session. "$userinfo = $row['userid'].','.$row['privs']; $_SESSION['user'] = base64_encode(serialize($userinfo));" And then i would then just unserialize the session and define variables with the values...: // Fetch User Information $member = unserialize(base64_decode($_SESSION['user']));$mdata = explode(',',$member);// Assign User Infodefine ("USERID",$mdata[0]);define ("PRIVS",$mdata[1]); Then on one of my pages i would put: // Check User Permissionsif (PRIVS < "3") { // Check to see if user is LEVEL 3 or higher@header("Location:index.php?p=denied");// Send them to denied pagedie("<script>window.location='index.php?p=denied';</script>"); //js redirect backup} Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428235 Share on other sites More sharing options...
Jessica Posted May 4, 2013 Share Posted May 4, 2013 You should store in the session the user's ID, and a unique value to each user, which is also stored in the database (not their password). Use this to select the user's info when you need to use it. There's no need to use base64 encoding, or serializing (you're serializing a string, btw. Useless upon useless.) Make sure to add a die() after your header, and don't ever suppress errors. Quote Link to comment https://forums.phpfreaks.com/topic/277616-user-level-php-script/#findComment-1428238 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.