[SOLVED] My access level restriction wont work

[clown[NOR]]

ok.. this is how it is... I have currently 6 access levels on my site.. 0, 10, 20, 30, 40 and 50.. I want to restrict what each level can view in the control panel.. this is how the code looks at the moment:

 

<?php

if (isset($_COOKIE['username'])) {
	$liStatus = chkLoginStatus($_COOKIE['username']);
	if ($liStatus == "OFFLINE") { 
		echo "You must be logged in to view this page.";
	} else { 

		#echo "You're now viewing the control panel.";
		$userAccess = getAccessLevel();

		echo "Your accesslevel is: ".$userAccess."<br><br>";
		if ($userAccess == 0) { echo "Your account has been blocked"; }
		if ($userAccess <= 10) { 
			echo "- Subscribe/Unsubscribe to newsletter<br>"; 
		}
		if ($userAccess <= 20) { 
			echo "- Post news & tutorials<br>"; 
		}
		if ($userAccess <= 30) { 
			echo "- Accept/Deny news & tutorials<br>
				  - Block users (final desistion must be made by an administrator)<br>"; 
		}
		if ($userAccess <= 40) { 
			echo "- Block/Unblock user (with no need for final desition, only if it's another admin.)<br>
				  - Accept/deny user block<br>";
		}
		if ($userAccess <= 50) {
			echo "- Completely remove users from database";
		}
	}
} else { echo "You must be logged in to view this page."; }

?>

 

this is the result I'm getting

Your accesslevel is: 10

 

- Subscribe/Unsubscribe to newsletter // Level 10

- Post news & tutorials // Level 20

- Accept/Deny news & tutorials // Level 30

- Block users (final desistion must be made by an administrator) // Level 30

- Block/Unblock user (with no need for final desition, only if it's another admin.) // Level 40

- Accept/deny user block // Level 40

- Completely remove users from database // Level 50

 

but as you can see.. I've set my own access level to 10, and still everything shows up.. any ideas how to fix this issue?

 

Thanks In Advance

- Clown

[MadTechie]

try

$userAccess = (int) getAccessLevel();

 

incase its set as a string

 

also can you post the function getAccessLevel()

[clown[NOR]]

this is the getAccessLevel fucntion

<?php
function getAccessLevel() {
	global $dbHost, $dbUser, $dbPass, $dbName;
	$cUserName = $_COOKIE['username'];
	if (!mysql_connect($dbHost, $dbUser, $dbPass)) { echo "Unable to connect to database"; die(); }
	if (!mysql_select_db($dbName)) { echo "Unable to select database"; die(); }

	$query = "SELECT * FROM users WHERE username = '" . mysql_real_escape_string($cUserName) . "'";
	$result = mysql_query($query);

	if (!$result) { echo "Could not run query from database"; die(); }

	$dbField = mysql_fetch_assoc($result);
	return $dbField['access'];
}
?>

[clown[NOR]]

(int) didnt work... still getting access to everything

[clown[NOR]]

heh... i solved it =) the if statements was wrong... only had to change from <= to >=

[MadTechie]

LOL, i missed it as well

[clown[NOR]]

hehe =) those if statements can be sneaky at times =)

 

i'm looking forward to get my domain soon, so i can start makin my site public