Jump to content

Recommended Posts

Hi

 

In my sites admin panel I have created a form that writes a value to the database of either 1 for a seller account and 0 for a buyer account, keeping it as a value of "seller" within a table called "members".

 

I thought it would be easy to fudge a query and show or hide a sellers form, but I'm not having any luck.  My PHP skills are close to zero :

 

The file that generates the form I want to hide is below.  How can I insert a db query into this page (?) that will only show this form to someone who is a seller and display a message only to someone who is a buyer?

<?php


include("include/config.php");
include("include/functions/import.php");

if ($_SESSION['USERID'] != "" && $_SESSION['USERID'] >= 0 && is_numeric($_SESSION['USERID']))
{	
	$allowposting = "1";
	$vonly = $config['vonly'];
	if($vonly == "1")
	{
		$uverified = $_SESSION['VERIFIED'];
		if($uverified != "1")
		{
			$allowposting = "0";
		}
	}
	if($config['enable_levels'] == "1" && $config['price_mode'] == "3")
	{
		$timecheck = time() - 86400;
		$query = "select count(*) as total from posts where USERID='".mysql_real_escape_string($_SESSION['USERID'])."' AND time_added>='".mysql_real_escape_string($timecheck)."'"; 
		$executequery=$conn->execute($query);
		$lastjobs = $executequery->fields['total']+0;
		
		$query = "select level from members where USERID='".mysql_real_escape_string($_SESSION['USERID'])."'"; 
		$executequery=$conn->execute($query);
		$mlevel = intval($executequery->fields['level']);
		if($mlevel == "3")
		{
			$jlimit = $config['level3job'];
		}
		elseif($mlevel == "2")
		{
			$jlimit = $config['level2job'];
		}
		elseif($mlevel == "1")
		{
			$jlimit = $config['level1job'];
		}
		else
		{
			$jlimit = "";
		}
		if($jlimit != "")
		{
			if($lastjobs >= $jlimit)
			{
				$allowposting = "2";
			}
		}
	}
	
	if($allowposting == "1")
	{
		if($_POST['subform'] == "1")
		{
			$gtitle = cleanit($_REQUEST['gtitle']);	
			$gcat = intval(cleanit($_REQUEST['gcat']));
			$gdesc = htmlentities(strip_tags(stripslashes($_REQUEST['gdesc']), '<p><i><strong><br><font><span><em><ol><li>'), ENT_COMPAT, "UTF-8");	
			$ginst = cleanit($_REQUEST['ginst']);	
			$gtags = cleanit($_REQUEST['gtags']);
			$gtags = str_replace(".", "", $gtags);	
			$gdays = intval(cleanit($_REQUEST['gdays']));
			$gyoutube = cleanit($_REQUEST['gyoutube']);
			$shipme = intval(cleanit($_REQUEST['shipme']));
			$multipleme = intval(cleanit($_REQUEST['multipleme']));
			$extrasme = intval(cleanit($_REQUEST['extrasme']));
			$instanturl = cleanit($_REQUEST['instanturl']);
			if($gtitle == "")
			{
				$error = "<li>".$lang['92']."</li>";
			}
			elseif(strlen($gtitle) > 200)
			{
				$error = "<li>".$lang['509']."</li>";
			}
			if($shipme == "1")
			{
				include("new_ship.scriptolution.com.php");
			}
			elseif($multipleme == "1")
			{
				$multiplemax = intval(cleanit($_REQUEST['multiplemax']));
				if($multiplemax > 0)
				{
					$scriptolution_add_multiple = ", scriptolution_add_multiple='".mysql_real_escape_string($multiplemax)."'";	
				}
				$fiverrscriptdotcom = "1";
			}
			elseif($extrasme == "1")
			{
				$scriptolution_process_extras = "1";
				$fiverrscriptdotcom = "1";
			}
			else
			{
				$fiverrscriptdotcom = "1";	
			}
			if($fiverrscriptdotcom == "1")
			{
				if($config['price_mode'] == "1")
				{
					$price = intval(cleanit($_REQUEST['gprice']));
					if($price == "0")
					{
						$error = "<li>".$lang['127']."</li>";
					}
					$comper = intval($config['commission_percent']);
					$count1 = $comper / 100;
					$count2 = $count1 * $price;
					$ctp = number_format($count2, 2, '.', '');
				}
				elseif($config['price_mode'] == "3")
				{
					$PACID = intval(cleanit($_REQUEST['gprice']));
					$query = "select pprice,pcom from packs where ID='".mysql_real_escape_string($PACID)."'"; 
					$executequery=$conn->execute($query);
					$price = intval(cleanit($executequery->fields['pprice']));
					$comper = intval(cleanit($executequery->fields['pcom']));
					if($price == "0")
					{
						$error = "<li>".$lang['435']."</li>";
					}
					$count1 = $comper / 100;
					$count2 = $count1 * $price;
					$ctp = number_format($count2, 2, '.', '');
					
				}
				elseif($config['price_mode'] == "2")
				{
					$price = intval($config['price']);
					$comper = intval($config['commission_percent']);
					$count1 = $comper / 100;
					$count2 = $count1 * $price;
					$ctp = number_format($count2, 2, '.', '');
				}
				else
				{
					$price = intval($config['price']);
					$mysetc = $config['commission'];
					$ctp = number_format($mysetc, 2);
				}
			}
			if($gcat == "0")
			{
				$error .= "<li>".$lang['93']."</li>";
			}
			if($gdesc == "")
			{
				$error .= "<li>".$lang['94']."</li>";
			}
			elseif(strlen($gdesc) > 5000)
			{
				$error = "<li>".$lang['510']."</li>";
			}
			if($ginst == "")
			{
				$error .= "<li>".$lang['95']."</li>";
			}
			if($gtags == "")
			{
				$error .= "<li>".$lang['96']."</li>";
			}

			if(scriptolution_banned_words_chk($gtitle))
			{
				$error .= "<li>".$lang['556']."</li>";
			}
			if(scriptolution_banned_words_chk($gdesc))
			{
				$error .= "<li>".$lang['586']."</li>";
			}
			if(scriptolution_banned_words_chk($gtags))
			{
				$error .= "<li>".$lang['587']."</li>";
			}
			if(scriptolution_banned_words_chk($ginst))
			{
				$error .= "<li>".$lang['588']."</li>";
			}

			if($gdays == "0")
			{
				if($instanturl=="" && $_FILES['instantfile']['tmp_name']=="")
				{
					$error .= "<li>".$lang['97']."</li>";
				}
			}
			if($instanturl!="" || $_FILES['instantfile']['tmp_name']!="")
			{
				include("new_instant.scriptolution.com.php");
			}
			$gphoto = $_FILES['gphoto']['tmp_name'];
			if($gphoto != "")
			{
				$ext = substr(strrchr($_FILES['gphoto']['name'], '.'), 1);
				$ext2 = strtolower($ext);
				if($ext2 == "jpeg" || $ext2 == "jpg" || $ext2 == "gif" || $ext2 == "png")
				{
					$theimageinfo = getimagesize($gphoto);
					if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3)
					{
						$error .= "<li>".$lang['100']."</li>";
					}
				}
				else
				{
					$error .= "<li>".$lang['100']."</li>";
				}
			}
			else
			{
				$error .= "<li>".$lang['101']."</li>";
			}
			if($gyoutube != "")
			{
				$gyoutube = str_replace("https://", "http://", $gyoutube);
				$pos = strpos($gyoutube, "http://www.youtube.com/watch?v=");
				$posb = strpos($gyoutube, "http://www.youtu.be/");
				$posc = strpos($gyoutube, "http://youtu.be/");
				if ($pos === false)
				{
					if ($posb === false)
					{
						if ($posc === false)
						{
							$error .= "<li>".$lang['133']."</li>";
						}
					}
				}
			}
			if($error == "")
			{			
				$approve_stories = $config['approve_stories'];
				if($approve_stories == "1")
				{
					$active = "0";
				}
				else
				{
					$active = "1";
				}
				$query="INSERT INTO posts SET USERID='".mysql_real_escape_string($_SESSION['USERID'])."', gtitle='".mysql_real_escape_string($gtitle)."',gtags='".mysql_real_escape_string($gtags)."', gdesc='".mysql_real_escape_string($gdesc)."', ginst='".mysql_real_escape_string($ginst)."', days='".mysql_real_escape_string($gdays)."', youtube='".mysql_real_escape_string($gyoutube)."', category='".mysql_real_escape_string($gcat)."', price='".mysql_real_escape_string($price)."', time_added='".time()."', date_added='".date("Y-m-d")."', pip='".$_SERVER['REMOTE_ADDR']."', active='$active', ctp='".mysql_real_escape_string($ctp)."' $scriptolution_add_multiple $addship $scriptolution_add_instant";
				$result=$conn->execute($query);
				$pid = mysql_insert_id();
				
				if($scriptolution_process_extras == "1")
				{
					include("new_extras.scriptolution.com.php");
				}
				if($gphoto != "")
				{
					$thepp = $pid."-1";
					if($theimageinfo[2] == 1)
					{
						$thepp .= ".gif";
					}
					elseif($theimageinfo[2] == 2)
					{
						$thepp .= ".jpg";
					}
					elseif($theimageinfo[2] == 3)
					{
						$thepp .= ".png";
					}
					if($error == "")
					{
						$myvideoimgnew=$config['pdir']."/".$thepp;
						if(file_exists($myvideoimgnew))
						{
							unlink($myvideoimgnew);
						}
						move_uploaded_file($gphoto, $myvideoimgnew);
						do_resize_image($myvideoimgnew, "380", "265", false, $config['pdir']."/t/".$thepp);
						do_resize_image($myvideoimgnew, "102", "72", false, $config['pdir']."/t2/".$thepp);
						do_resize_image($myvideoimgnew, "678", "458", false, $config['pdir']."/t3/".$thepp);
						do_resize_image($myvideoimgnew, "214", "132", false, $config['pdir']."/t4/".$thepp);
						if(file_exists($config['pdir']."/".$thepp))
						{
							$query = "UPDATE posts SET p1='$thepp' WHERE PID='".mysql_real_escape_string($pid)."'";
							$conn->execute($query);
						}
					}
				}
				$gphoto2 = $_FILES['gphoto2']['tmp_name'];
				if($gphoto2 != "")
				{
					$ext = substr(strrchr($_FILES['gphoto2']['name'], '.'), 1);
					$ext2 = strtolower($ext);
					if($ext2 == "jpeg" || $ext2 == "jpg" || $ext2 == "gif" || $ext2 == "png")
					{
						$theimageinfo = getimagesize($gphoto2);
						if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3)
						{
							$gstop = "1";
						}
						else
						{
							$gstop = "0";
						}
					}
					if($gstop == "0")
					{
						$thepp = $pid."-2";
						if($theimageinfo[2] == 1)
						{
							$thepp .= ".gif";
						}
						elseif($theimageinfo[2] == 2)
						{
							$thepp .= ".jpg";
						}
						elseif($theimageinfo[2] == 3)
						{
							$thepp .= ".png";
						}
	
						$myvideoimgnew=$config['pdir']."/".$thepp;
						if(file_exists($myvideoimgnew))
						{
							unlink($myvideoimgnew);
						}
						move_uploaded_file($gphoto2, $myvideoimgnew);
						do_resize_image($myvideoimgnew, "380", "265", false, $config['pdir']."/t/".$thepp);
						do_resize_image($myvideoimgnew, "102", "72", false, $config['pdir']."/t2/".$thepp);
						do_resize_image($myvideoimgnew, "678", "458", false, $config['pdir']."/t3/".$thepp);
						do_resize_image($myvideoimgnew, "214", "132", false, $config['pdir']."/t4/".$thepp);
						if(file_exists($config['pdir']."/".$thepp))
						{
							$query = "UPDATE posts SET p2='$thepp' WHERE PID='".mysql_real_escape_string($pid)."'";
							$conn->execute($query);
						}
					}
				}
				$gphoto3 = $_FILES['gphoto3']['tmp_name'];
				if($gphoto3 != "")
				{
					$ext = substr(strrchr($_FILES['gphoto3']['name'], '.'), 1);
					$ext2 = strtolower($ext);
					if($ext2 == "jpeg" || $ext2 == "jpg" || $ext2 == "gif" || $ext2 == "png")
					{
						$theimageinfo = getimagesize($gphoto3);
						if($theimageinfo[2] != 1 && $theimageinfo[2] != 2 && $theimageinfo[2] != 3)
						{
							$gstop = "1";
						}
						else
						{
							$gstop = "0";
						}
					}
					if($gstop == "0")
					{
						$thepp = $pid."-3";
						if($theimageinfo[2] == 1)
						{
							$thepp .= ".gif";
						}
						elseif($theimageinfo[2] == 2)
						{
							$thepp .= ".jpg";
						}
						elseif($theimageinfo[2] == 3)
						{
							$thepp .= ".png";
						}
	
						$myvideoimgnew=$config['pdir']."/".$thepp;
						if(file_exists($myvideoimgnew))
						{
							unlink($myvideoimgnew);
						}
						move_uploaded_file($gphoto3, $myvideoimgnew);
						do_resize_image($myvideoimgnew, "380", "265", false, $config['pdir']."/t/".$thepp);
						do_resize_image($myvideoimgnew, "102", "72", false, $config['pdir']."/t2/".$thepp);
						do_resize_image($myvideoimgnew, "678", "458", false, $config['pdir']."/t3/".$thepp);
						do_resize_image($myvideoimgnew, "214", "132", false, $config['pdir']."/t4/".$thepp);
						if(file_exists($config['pdir']."/".$thepp))
						{
							$query = "UPDATE posts SET p3='$thepp' WHERE PID='".mysql_real_escape_string($pid)."'";
							$conn->execute($query);
						}
					}
				}
				if($approve_stories == "1")
				{
					$message = $lang['126'];
					if($config['scriptolution_notify_gigval'] == "1")
					{
						$scriptolution_notify_gigval_email = $config['scriptolution_notify_gigval_email'];
						if($scriptolution_notify_gigval_email != "")
						{
							$sendername = $config['site_name'];
							$from = $config['site_email'];
							$subject = $lang['553'];
							$sendmailbody = $lang['554']."<br><br>";
							$sendmailbody .= $lang['555']."<br>";
							$sendmailbody .= "<a href=".$config['baseurl']."/administrator/gigs_validate.php>".$config['baseurl']."/administrator/gigs_validate.php</a><br><br>";
							$sendmailbody .= $lang['23'].",<br>".stripslashes($sendername);
							mailme($scriptolution_notify_gigval_email,$sendername,$from,$subject,$sendmailbody,$bcc="");
						}
					}					
				}
				else
				{
					$gurl = $config['baseurl']."/".get_cat_seo($gcat)."/".$pid."/".seo_clean_titles($gtitle);
					$feurl = $config['baseurl']."/feature?id=".$pid;
					header("Location:$feurl");exit;
				}
			}
			else
			{
				STemplate::assign('gtitle',$gtitle);
				STemplate::assign('gcat',$gcat);
				STemplate::assign('gdesc',$gdesc);
				STemplate::assign('ginst',$ginst);
				STemplate::assign('gtags',$gtags);
				STemplate::assign('gdays',$gdays);
				STemplate::assign('gyoutube',$gyoutube);
			}
		}
		else
		{
			$gtitle = cleanit($_REQUEST['quicktitle']);
			STemplate::assign('gtitle',$gtitle);
		}
		$templateselect = "new.tpl";
	}
	elseif($allowposting == "2")
	{
		$error = $lang['498'];
		$templateselect = "new2.tpl";
	}
	else
	{
		$error = $lang['445'];
		$templateselect = "new2.tpl";
	}
	$pagetitle = $lang['61'];
	STemplate::assign('pagetitle',$pagetitle);
}
else
{
	header("Location:$config[baseurl]/");exit;
}

//TEMPLATES BEGIN
STemplate::assign('sm0',"1");
STemplate::assign('error',$error);
STemplate::assign('message',$message);
STemplate::display('scriptolution_header.tpl');
STemplate::display($templateselect);
STemplate::display('scriptolution_footer_nobottom.tpl');
//TEMPLATES END
?>
Link to comment
https://forums.phpfreaks.com/topic/296998-how-can-i-hide-this-form/
Share on other sites

you need a user/permission system. see the following basic example -

// roles
define('BUYER',0);
define('SELLER',1);
// other roles would go here...

// permissions
define('CREATE_LISTING',1);
define('POST_REPLY',2);
// other permissions would go here....

class user
{
    private $permissions = array();

    public function __construct($user_id){
        // this code retrieves the user's permissions based on their assigned role

        // define permissions to roles. this would normally be in a database table      
        // for demo purposes, these are just assigned here...
        $permissions[BUYER][] = POST_REPLY;
        $permissions[SELLER][] = CREATE_LISTING;
        $permissions[SELLER][] = POST_REPLY;
        
        // fake code to assign a role based on dummy user id's
        // actual code would retrieve the role from wherever it is stored
        if($user_id == 123){ // a dummy buyer
            $role = BUYER;
        }
        if($user_id == 456){ // a dummy seller
            $role = SELLER;
        }
        
        $this->permissions = $permissions[$role]; // store this user's permissions
    }
    
    public function has_permission($var) {
        return in_array($var,$this->permissions);
    }
}


$_SESSION['USERID'] = 123; // a fake user - with role of buyer

// example usage -
$user = new user($_SESSION['USERID']); // get this user's permissions

if($user->has_permission(CREATE_LISTING)){
    // code for creating or processing a listing...
    echo 'you can create a listing';
}

if(!$user->has_permission(CREATE_LISTING)){ // note the ! (not)
    echo 'you cannot access this page';
}

if($user->has_permission(POST_REPLY)){
    echo 'you can post a reply';
}
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.