[SOLVED] help with a demo account

[jstgermain]

ok, here it goes.  i am working on a backend for my new hosting site, and i would like to have at least one admin account, possibly more in the future, and one demo account, possibly more in the future too.  i have the database set as follows:

table name = login
id = primary key/number value
user = user name
pass =  password
email = email address for the user in case it is forgotten
level =  number value of 0 or 1 (0 being demo account, and 1 being admin level acocunt)

I have created the admin area as so.  any  user that is admin or demo can lig in to the site and look around at all the things to do, but once any change to the database is attemped, it needs to look and see what user is attempting to make the change, and check to see if that user has a level of 1 or 0.  if the level is equal to 1, then proceed with the chage, and if it is not equal to 1, then print an error message.  here is a link to the site i previously posted my problem on, but didnt get any significant help.  i dont want to go through posing all the code here again if i can avoid it.  if you read the most recent post there, you can see the code i am currently attempting to use, and tell me what is wronge hopefully and then maybe be able to help fix the code to work properly.

http://freewebspace.net/forums/showthread.php?t=2178866

thanks for any help in advance.

[alpine]

If you want help on this forum you have to bother posting your relevant script here too.
Out of curiosity i tried your link anyhow but it would never load possibly due to a slow server in the other end.

So, post your code!

[jstgermain]

well, i didnt want to have to post the code here too, but if that is what you want me to do in order to help, no problem.  here is the current code.

[code]
<?php

$level = "SELECT `id`, `user`, `level` FROM  `login` WHERE `user` = " . $_SESSION['user'] . " AND level = 1"; // Check if the level is equal to admin or demo
$result = mysql_query ($level); // Run the query
if (mysql_num_rows($result) == 0){

echp 'do the required task';

include('includes/admin_footer.php');

exit();

}

} else {  // Print and error is admin level is set to demo
Print 'Error: You do not have access.';
include('includes/admin_footer.php');
exit();
} // End Admin level check

?>

[/code]

i tried to define the user with the session user, but not sure if i did it right, or if that was the proper way to do this.

do i need to maybe defin a value for something like $level such as

if ($level == 1) {
    echo 'do this';
}else{
    echo 'error message';
}

that is just a stab in the dark.  :S  also, in that little attempt above, would the session need to be included there along with the level and == 1?

[alpine]

You seem to do the mysql_num_rows bit wrong, if num rows is equal to 1 changes are allowed, else no changes can be made.
Another twist is to simply set a session with the level stored and check by that - it will save you a query

Example:
[code]

<?php

// in login, set session as 0 for demo account
$_SESSION['level'] = "0";


// wherever you are about to do some changes, check the session level
if($_SESSION['level'] > "0")
{
  // level is above demo, do the desired changes
}
else
{
  echo "Demo mode in affect, no changes can be made";
}

?>

[/code]

Your db version would look something like this:
[code]

<?php

$user = htmlspecialchars($_SESSION['user'], ENT_QUOTES);

$check = mysql_query("
SELECT `id`
FROM `login`
WHERE `user` = '$user' AND level = 1
");

if(mysql_num_rows($check) == 1)
{
// do the required task
include('includes/admin_footer.php');
exit();
}
else
{
echo "Demo mode in affect, no changes can be made";
include('includes/admin_footer.php');
exit();
}

?>

[/code]

[jstgermain]

your second example is perfect.  i put it in where the user would submit the changes, and it then checked if it was admin or not, and when i was in the demo account, it blocked me perfectly, and allowed access when i was in the admin account.  thanks so much for that.  looks like i was on the right path, but was just missing a few minor things that obviously amounted to be a big problem.  :P

anyways, my last question would be, is it possible for me to make a file like i did with the process.php file and not have to type the code everytime i want to check the level?  the process.php file checks to see if i am logged in or not, and if not, it redirects me to log in, and would like to do something similar with the check for admin or demo.

**EDIT**

thought it might help if i provide the code

[code]

<?php
////////////////////////////////////////////////////////////////////////////////////////////////
// Enerything in here                                                                        //
                                                                                          //
// Check to see if the user has access to make changes before changing, otherwise error  //
$user = htmlspecialchars($_SESSION['user'], ENT_QUOTES);                                  //
$check = mysql_query("SELECT `id` FROM `login` WHERE `user` = '$user' AND level = 1");    //
if(mysql_num_rows($check) == 1) { // Make sure level is 1 for the user                    //
                                                                                          //
////////////////////////////////////////////////////////////////////////////////////////////////

// If the admin level check OK, then do the following
$query="UPDATE Home SET content='$_POST[content]' WHERE id=1";
mysql_query($query);
if (mysql_affected_rows() == 1) { // If it ran OK

echo '<h1 id="mainhead">Thank you!</h1>
<p class="main_txt">You have updated the information.</p>
<p class="main_txt"><a href="admin.php">Back</a> to the Admin Home.</p>';

include('includes/admin_footer.php');

exit();

}

////////////////////////////////////////////////////////////////////////////////////////////////
// and somehow this too                                                                      //
                                                                                              //
} else {  // Print and error is admin level is set to demo                                //
Print 'Error: You do not have access.';                                              //
include('includes/admin_footer.php');                                                    //
exit();                                                                                  //
} // End Admin level check                                                                //
                                                                                              //
////////////////////////////////////////////////////////////////////////////////////////////////


?>
[/code]

i would like the parts that are inside of the /'s to be in the seperate file somehow.  is this possible?  if so, how can i do it?

[alpine]

Here is one example using a function, just include the function on every page you expect to use it
[code]

<?php

function NotDemo(){

$user = htmlspecialchars($_SESSION['user'], ENT_QUOTES);
$check = mysql_query("
SELECT `id`
FROM `login`
WHERE `user` = '$user' AND level = 1
");

if(mysql_num_rows($check) == 1)
{
  return true;
}
else
{
  Print 'Error: You do not have access.';
  include('includes/admin_footer.php');
  exit();
}
}



// then use it

if(NotDemo())
{
  // ok, made it here so it's not running demo mode
}

?>

[/code]

I don't prefer using echo, include and/or exit within a function check like this - but it works

[jstgermain]

thanks again for the help.  i may try that in a bit, but right now, i just recoded the database to contain only one table for all the contente instead of seperate tables, and i have coded it to pull the corresponding info per the id and it works great.  so, i only had to code the check in once.  thanks for everything.  if you ever need graphics, let me know.