unidox Posted June 2, 2007 Share Posted June 2, 2007 I am a cms and I am having problems with the access and restrictions. All of the users can do the same thing. I have all my files require a func.inc.php func.inc.php: <?php require_once 'config.inc.php'; $oncolour = "#BCD5FE"; $offcolour = "#FFFFFF"; $bdrcolour = "#F0F0F0"; $islogged = preg_match("/login.php/", $_SERVER['PHP_SELF']); if ($islogged == "0") { if ($_COOKIE['uniqueid'] == "") { header ("Location: login.php"); exit; } } if ((!$_REQUEST['method']) || (!$_COOKIE['uniqueid'])) { $access = $_COOKIE['access']; if (array_search($page,$levels)) { if ($access > $levels[$page]) { echo $access . $levels[$page]; //showError('You do not have access to this page.'); exit; } } } function getContent($content,$sql = '') { global $special_character; if ($sql == '') { $content = eregi_replace( "([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])","<a href=\"\\1://\\2\\3\" target=\"_blank\" target=\"_new\"><b>\\1://\\2\\3</b></a>", $content); $content = eregi_replace("([_a-z0-9\-\.]+)@([a-z0-9\-\.]+)\."."(net|com|gov|mil|org|edu|int|biz|info|name|pro|[A-Z]{2})"."($|[^a-z]{1})", "<a href=\"mailto:\\1@\\2.\\3\"><b>\\1@\\2.\\3</b></a>\\4", $content); $content = nl2br($content); } $content = str_replace($special_character,"'",$content); return $content; } function remslash($content) { global $special_character; $output = str_replace("\'",$special_character,$content); return $output; } function setMouse($id = '') { global $oncolour, $offcolour; $output = "class=\"bdr\" bgcolor=\"" .$offcolour . "\" id=\"area" . $id . "\" onmouseover=\"bgOn(this,'" . $oncolour . "');\" onmouseout=\"bgOff(this,'" . $offcolour . "');\""; return $output; } function showDiv() { $output = "<div width=\"100%\" style=\"padding-top: 3px\" align=\"right\">"; return $output; } function startTable() { global $bdrcolour; $output = "<table cellspacing=\"1\" cellpadding=\"7\" width=\"100%\" bgcolor=\"" . $bdrcolour . "\">"; return $output; } function createTr($content,$id = '',$class = '') { echo "<tr> <td " . setMouse($id) . ">"; if ($class != '') { echo "<span class=\"" . $class . "\">"; } echo $content; if ($class != '') { echo "</span>"; } echo "</td> </tr>"; } function showError($error) { echo" <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> <html><head> <META http-equiv=Content-Type content=\"text/html; charset=windows-1252\"> <title>Error</title> <link rel=\"stylesheet\" href=\"req/global.css\" type=\"text/css\"></head> <body bgcolor=\"#FFFFFF\"> <div align=\"center\"><b>An Error has occured: <span class=\"error\">" . $error . "</span></b></div> </body></html> "; } function showSuccess($success,$page,$refresh = '1') { echo " <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"> <html><head> <META http-equiv=Content-Type content=\"text/html; charset=windows-1252\"> <meta http-equiv=\"Refresh\" content=\"" . $refresh . "; url='" . $page . "'\"> <title>Congratulations</title> <link rel=\"stylesheet\" href=\"req/global.css\" type=\"text/css\"></head> <body bgcolor=\"#EEEEEE\"> <div class=\"success\" align=\"center\">Congratulations: " . $success . " successfull<br>Redirecting to " . $page . ".<br>If this does not work <a href=\"" . $page . "\">click here</a>.</div> </body></html>"; } function showAsk($typo,$id = '',$m = '6') { global $bdrcolour; echo " <form action=\"" . $_SERVER['PHP_SELF'] . "?m=" . $m . ""; if ($id != '') { echo "&id=" . $id . ""; } echo "\" method=\"post\"> " . startTable() . " <tr align=\"center\"> <td " . setMouse('0') . ">" . $typo . "<br><br></td> </tr> </table> " . showDiv() . " <input type=\"button\" value=\"No\" onclick=\"history.back();\"></input> <input type=\"button\" value=\"Yes\" onclick=\"this.form.submit();\"></input> </form>"; } function getHeader() { global $page, $imagefullpath, $imagefilepath; if (file_exists("req/header.inc.php")) { include("req/header.inc.php"); } else { showError("Unable to Require file : \"req/header.inc.php\""); } } function getFooter() { if (file_exists("req/footer.inc.php")) { include("req/footer.inc.php"); } else { showError("Unable to Require file : \"req/footer.php\""); } } function createJSValid($required,$errors) { $field = explode("&",$required); $alert = explode("&",$errors);; if (count($alert) != count($field)) { showError('Required Fields/Error Msgs do not match'); } else { echo "<script language=\"javascript\"> <!-- function isformValid(form) {"; $i = 0; while ($i < count($field)) { $thisfield = $field[$i]; $thiserror = $alert[$i]; echo " if (!form." . $thisfield . ".value) { alert(\"" . $thiserror . "\"); form." . $thisfield . ".focus(); return false; }"; $i++; } echo " else { form.submit(); } } //--> </script>"; } } function createForm($titles,$fields,$type,$size,$maxlength,$m,$idtype = '',$id = '',$mysql_values ='',$backoff = '') { global $selecta; $title = explode("&",$titles); $field = explode("&",$fields); $fieldtype = explode("&",$type); $fieldsize = explode("&",$size); $fieldmax = explode("&",$maxlength); if ($mysql_values != '') { $mysql = explode("&",$mysql_values); } if (count($title) != count($field)) { showError('Your $title/$fields do not match'); } elseif (count($title) != count($fieldtype)) { showError('Your $title/$type do not match'); } elseif (count($title) != count($fieldsize)) { showError('Your $title/$size do not match'); } elseif (count($title) != count($fieldmax)) { showError('Your $title/$maxlength do not match'); } elseif (count($field) != count($fieldtype)) { showError('Your $fields/$type do not match'); } elseif (count($field) != count($fieldsize)) { showError('Your $fields/$size do not match'); } elseif (count($field) != count($fieldmax)) { showError('Your $fields/$maxlength do not match'); } elseif (count($fieldtype) != count($fieldsize)) { showError('Your $type/$size do not match'); } elseif (count($fieldtype) != count($fieldmax)) { showError('Your $type/$maxlength do not match'); } elseif (count($fieldsize) != count($fieldmax)) { showError('Your $size/$maxlength do not match'); } else { echo " <form action=\"" . $_SERVER['PHP_SELF'] . "?m=" . $m; if ($id != '') { echo "&id=" . $id; } echo "\" method=\"post\""; if ($m == '8' || $m == '12') { echo " enctype=\"multipart/form-data\""; } echo "> " . startTable(); $total = count($field); for ($i = 0; $i < $total; $i++) { if ($fieldtype[$i] == "date") { echo " <input type=\"hidden\" name=\"" . $field[$i] . "\" value=\""; if ($m == "2") { echo date("m/d/Y"); } else { echo $mysql[$i]; } echo "\"></input>"; } else { echo " <tr valign=\"top\"> <td " . setMouse("title" . $i) . ">" . $title[$i] . "</td> <td " . setMouse("input" . $i) . ">"; if ($fieldtype[$i] == "select") { echo "<select name=\"" . $field[$i] . "\">"; $options = explode("&",$selecta); for ($o = 0; $o < count($options); $o++) { echo "<option value=\"" . $options[$o] . "\""; if ($mysql_values != '') { if ($mysql[$i] == $options[$o]) { echo " selected"; } } echo ">" . $options[$o] . "</option>"; } echo "</select>"; } elseif ($fieldtype[$i] == "textarea") { echo "<textarea cols=\"60\" rows=\"10\" name=\"" . $field[$i] . "\">"; if ($mysql_values != '') { echo $mysql[$i]; } echo "</textarea>"; } else { echo "<input type=\"" . $fieldtype[$i] . "\" name=\"" . $field[$i] . "\""; echo " value=\"" . $mysql[$i] . "\""; if ($mysql_values != '') { } if ($fieldsize[$i] != 'false') { echo " size=\"" . $fieldsize[$i] . "\""; } if ($maxfield[$i] != 'false') { echo " maxlength=\"" . $fieldmax[$i] . "\""; } echo "></input>"; } echo "</td> </tr>"; } } echo " </table>". showDiv(); if ($backoff == '') { echo "<input type=\"button\" value=\"Back\" onclick=\"history.back();\"></input> "; } echo " <input type=\"button\" value=\"Go!\" onclick=\"isformValid(this.form);\"></input> <input type=\"reset\" value=\"Refresh\"></input></div> </form>"; } } if ($_REQUEST['staffroster_id']) { $roster_id = $_REQUEST['staffroster_id']; $result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE staffroster_id='$roster_id'") or die (mysql_error()); while ($mysql=mysql_fetch_array($result)) { if ($mysql[image] == '1') { } echo "<table width='100%' cellpadding='0' cellspacing='0'> <TR> <TD height='26' colspan='4' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> " . $clan_tag . checkContent($mysql[alias]) . "'s Profile </TD> </TR> <TR> <TD width='187' rowspan='7'><img src=\"" . $imagefilepath . "rosterpic" . $_REQUEST['staffroster_id'] . "." . $mysql['imagetype'] . "\" width='200' height='155'></TD> <TD class='left' width='20%'><DIV align='left' class='style1'> <DIV align='left'> Alias:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . $clan_tag . checkContent($mysql[alias]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style2'> <DIV align='left'> Real Name:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[fullname]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style3'> <DIV align='left'> Location:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[location]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style4'> <DIV align='left'> Country:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[country]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style5'> <DIV align='left'> Age:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[age]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style6'> <DIV align='left'> Date of Birth:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[dob]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style7'> <DIV align='left'> Game ID:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[wonid]) . "</TD> </TR> </table> <table width='100%' cellpadding='0' cellspacing='0'> <TR> <TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Computer Information </TD> </TR> <TR> <TD class='left' height='22' width='30%'><DIV align='left' > <DIV align='left'> Manufacturer:</DIV> </DIV></TD> <TD width='2%'> </TD> <TD width='75%'>" . checkContent($mysql[brand]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Operating System :</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[os]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Hard Drive :</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[hd]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Memory:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[ram]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> CPU:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[cpu]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Video Card :</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[video]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Sound Card :</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[sound]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Monitor</div></TD> <TD> </TD> <TD>" . checkContent($mysql[monitor]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Keyboard</div></TD> <TD> </TD> <TD>" . checkContent($mysql[keyboard]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Mouse</div></TD> <TD> </TD> <TD>" . checkContent($mysql[mouse]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Mousepad </div></TD> <TD> </TD> <TD>" . checkContent($mysql[pad]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Headphones</div></TD> <TD> </TD> <TD>" . checkContent($mysql[headphones]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Config</div></TD> <TD> </TD> <TD><a href=\"" . $imagefilepath . "cfg" . $_REQUEST['staffroster_id'] . ".cfg\" target='_blank'>Download Config</a></TD> </TR> </table> <table width='100%' cellpadding='0' cellspacing='0'> <TR> <TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Personal Information </TD> </TR> <TR> <TD height='22' class='left'><DIV align='left'> <DIV align='left'> Favorite Weapon:</DIV> </DIV></TD> <TD width='2%'> </TD> <TD width='75%'>" . checkContent($mysql[weapon]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Favorite Map:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[map]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Resolution:</div></TD> <TD> </TD> <TD>" . checkContent($mysql[resolution]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Refresh Rate </div></TD> <TD> </TD> <TD>" . checkContent($mysql[rate]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Sensitivity:</div></TD> <TD> </TD> <TD>" . checkContent($mysql[sens]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Favorite Movie:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[movie]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Favorite Song:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[song]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> AIM:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[aim]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> MSN:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[msn]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Email:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[email]) . "</TD> </TR> </table> <table width='100%' cellpadding='0' cellspacing='0'> <TR> <TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Biography</TD> </TR> <TR> <TD colspan='3'>" . checkContent($mysql[extra]) . "</TD> </TR> </table> "; if ($mysql[config] == '1') { echo ""; } { } } } if ($_REQUEST['csroster_id']) { $roster_id = $_REQUEST['csroster_id']; $result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE csroster_id='$roster_id'") or die (mysql_error()); while ($mysql=mysql_fetch_array($result)) { if ($mysql[image] == '1') { } echo "<table width='100%' cellpadding='0' cellspacing='0'> <TR> <TD height='26' colspan='4' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> " . $clan_tag . checkContent($mysql[alias]) . "'s Profile </TD> </TR> <TR> <TD width='187' rowspan='7'><img src=\"" . $imagefilepath . "rosterpic" . $_REQUEST['csroster_id'] . "." . $mysql['imagetype'] . "\" width='200' height='155'></TD> <TD class='left' width='20%'><DIV align='left' class='style1'> <DIV align='left'> Alias:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . $clan_tag . checkContent($mysql[alias]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style2'> <DIV align='left'> Real Name:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[fullname]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style3'> <DIV align='left'> Location:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[location]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style4'> <DIV align='left'> Country:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[country]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style5'> <DIV align='left'> Age:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[age]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style6'> <DIV align='left'> Date of Birth:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[dob]) . "</TD> </TR> <TR> <TD class='left' height='22' width='20%'><DIV align='left' class='style7'> <DIV align='left'> Game ID:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[wonid]) . "</TD> </TR> </table> <table width='100%' cellpadding='0' cellspacing='0'> <TR> <TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Computer Information </TD> </TR> <TR> <TD class='left' height='22' width='30%'><DIV align='left' > <DIV align='left'> Manufacturer:</DIV> </DIV></TD> <TD width='2%'> </TD> <TD width='75%'>" . checkContent($mysql[brand]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Operating System :</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[os]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Hard Drive :</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[hd]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Memory:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[ram]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> CPU:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[cpu]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Video Card :</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[video]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Sound Card :</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[sound]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Monitor</div></TD> <TD> </TD> <TD>" . checkContent($mysql[monitor]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Keyboard</div></TD> <TD> </TD> <TD>" . checkContent($mysql[keyboard]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Mouse</div></TD> <TD> </TD> <TD>" . checkContent($mysql[mouse]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Mousepad </div></TD> <TD> </TD> <TD>" . checkContent($mysql[pad]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Headphones</div></TD> <TD> </TD> <TD>" . checkContent($mysql[headphones]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Config</div></TD> <TD> </TD> <TD><a href=\"" . $imagefilepath . "cfg" . $_REQUEST['csroster_id'] . ".cfg\" target='_blank'>Download Config</a></TD> </TR> </table> <table width='100%' cellpadding='0' cellspacing='0'> <TR> <TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Personal Information </TD> </TR> <TR> <TD height='22' class='left'><DIV align='left'> <DIV align='left'> Favorite Weapon:</DIV> </DIV></TD> <TD width='2%'> </TD> <TD width='75%'>" . checkContent($mysql[weapon]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Favorite Map:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[map]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Resolution:</div></TD> <TD> </TD> <TD>" . checkContent($mysql[resolution]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Refresh Rate </div></TD> <TD> </TD> <TD>" . checkContent($mysql[rate]) . "</TD> </TR> <TR> <TD class='left' height='22'><div align='left'> Sensitivity:</div></TD> <TD> </TD> <TD>" . checkContent($mysql[sens]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Favorite Movie:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[movie]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Favorite Song:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[song]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> AIM:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[aim]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> MSN:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[msn]) . "</TD> </TR> <TR> <TD class='left' height='22'><DIV align='left'> <DIV align='left'> Email:</DIV> </DIV></TD> <TD width='5'> </TD> <TD>" . checkContent($mysql[email]) . "</TD> </TR> </table> <table width='100%' cellpadding='0' cellspacing='0'> <TR> <TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Biography</TD> </TR> <TR> <TD colspan='3'>" . checkContent($mysql[extra]) . "</TD> </TR> </table> "; if ($mysql[config] == '1') { echo ""; } { } } } ?> config.inc.php: <?php ############################################### // Folder Locations $template_folder = "template/"; $folder = "/"; $imagefolder = "pics/"; $imagefilepath = $folder . $imagefolder; // Vulgarity on or off // 1: On, 0: off $vulgarity = 0; // Special Character // Default: | $special_character = "&"; // Max Links & Roster Characters // Default: 20 $max_length = 16; // Max News Posts Displayer Per Page // Default: 8 $max_news = 8; // Do not change $root = $_SERVER['DOCUMENT_ROOT']; $imagefullpath = $root . $imagefilepath; // Access Levels // 1: Master, 2: Limited, 3: Member, 4: All Users $levels = array(); $levels[login] = "4"; $levels[index] = "3"; $levels[news] = "1"; $levels[roster] = "3"; $levels[links] = "1"; $levels[leagues] = "1"; $levels[matches] = "1"; $levels[servers] = "1"; $levels[faq] = "3"; $levels[sponsors] = "1"; $levels[downloads] = "1"; $levels[meda] = "1"; $levels[demos] = "1"; $levels[settings] = "1"; $levels[changepass] = "2"; $levels[admins] = "1"; $levels[config] = "1"; ?> and my admins page: <?php $page = "admins"; $mysql_table = "cp_users"; require_once("db.inc.php"); require_once ("req/func.inc.php"); $selecta = "3.Member&2.Basic&1.Master"; $checkfields = "username&password"; $errors = "Username Missing !&Password Missing ! "; $titles = "Username:&Password:&User Level:"; $fields = "username&password&access"; $type = "text&password&select"; $size = "40&40&null"; $maxlength = "20&25&null"; $id_type = "user_id"; if ($_REQUEST['m'] == "1") { getHeader(); createJSValid($checkfields,$errors); createForm($titles,$fields,$type,$size,$maxlength,'2'); getFooter(); } if ($_REQUEST['m'] == "2") { $username = remslash($_POST['username']); $result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE username='$username'") or die (mysql_error()); $rows = mysql_num_rows($result); if ($rows != '0') { showError('This username is already registererd!'); } else { $password = remslash($_POST[password]); $choose = explode(".",$_POST['access']); $access = $choose[0]; $md5pass = md5($password); MYSQL_QUERY("INSERT INTO $mysql_table (username,password,access) VALUES ('$username','$md5pass','$access')") or die (mysql_error()); showSuccess('Admin Added',$_SERVER['PHP_SELF']); } } if ($_REQUEST['m'] == "3") { getHeader(); createJSValid('access','You must choose an access type!'); createForm('User Level','access','select','null','null','4',$id_type,$id); getFooter(); } if ($_REQUEST['m'] == "4") { $choose = explode(".",$_POST['access']); $access = $choose[0]; MYSQL_QUERY("UPDATE $mysql_table SET access='$access' WHERE $id_type=$id") or die (mysql_error()); showSuccess('Admin User Level Update',$PHP_SELF); } if ($_REQUEST['m'] == "5") { getHeader(); showAsk('Are you sure you want to remove this Admin?',$id); getFooter(); } if ($_REQUEST['m'] == "6") { MYSQL_QUERY("DELETE FROM $mysql_table WHERE $id_type=$id") or die (mysql_error()); showSuccess('Admin Removed',$_SERVER['PHP_SELF']); } if (!$_REQUEST['m']) { getHeader(); $result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE access != '0' ORDER BY $id_type DESC") or die (mysql_error()); echo startTable(); $add = "<b><a href=\"" . $_SERVER['PHP_SELF'] . "?m=1\">Add Admin</a></b>"; createTr($add,'0'); $rows = mysql_num_rows($result); if ($rows == "0") { createTr('<b>There are NO users in the Database</b>'); } if ($rows != "0") { while ($mysql=mysql_fetch_array($result)) { echo "<tr> <td " . setMouse($mysql[news_id]) . "> <b>User Name:</b> " . getContent($mysql[username]) . "<br> <b>Access Level:</b> " . $mysql[access] . "<br> <b>Last Logged:</b> " . getContent($mysql[last_logged]) . "<br> <b>Current IP:</b> " . getContent($mysql[cur_ip]) . "<br> <b><a href=\"" . $_SERVER['PHP_SELF'] ."?m=3&id=" . $mysql[$id_type] . "\">Edit Admin User Level</a></b> | <b><a href=\"" . $_SERVER['PHP_SELF'] . "?m=5&id=" . $mysql[$id_type] . "\">Delete Admin</a></b></td> </tr>"; } } ?> </table> <?php getFooter(); } ?> What is wrong? Quote Link to comment Share on other sites More sharing options...
thnbgr Posted June 2, 2007 Share Posted June 2, 2007 Are you getting any PHP errors? What part of it doesn't seem to work? Quote Link to comment Share on other sites More sharing options...
unidox Posted June 2, 2007 Author Share Posted June 2, 2007 I am not getting any errors. Jsut, I have 3 levels of acess, admin, basic, and member. and nomatter what level I set a user. They still have all the admin privilages Quote Link to comment Share on other sites More sharing options...
unidox Posted June 2, 2007 Author Share Posted June 2, 2007 sorry for the double post, but they wouldnt let me edit. Do you need any other files? Quote Link to comment Share on other sites More sharing options...
unidox Posted June 3, 2007 Author Share Posted June 3, 2007 bump Quote Link to comment Share on other sites More sharing options...
unidox Posted June 3, 2007 Author Share Posted June 3, 2007 bump Quote Link to comment Share on other sites More sharing options...
trq Posted June 3, 2007 Share Posted June 3, 2007 You might want to narrow your code down to the most relevent part. No one wants to sift through a few hundred lines of code. Quote Link to comment Share on other sites More sharing options...
unidox Posted June 4, 2007 Author Share Posted June 4, 2007 The only thing in the func.inc.php file that is relevant is: if ((!$_REQUEST['method']) || (!$_COOKIE['uniqueid'])) { $access = $_COOKIE['access']; if (array_search($page,$levels)) { if ($access > $levels[$page]) { echo $access . $levels[$page]; //showError('You do not have access to this page.'); exit; } } } When you edit an admin you have the choice for a lvl 1(admin),2(basic),and 3(member) It goes into the sql db as 1 2 and 3 in the table. I have set in the config.inc.php 1 for admin,2 for basic, 3 for member, and 4 for logins. But for some reason it is allowing even the admin, basic, and members access to the admin files. But the lvl 4 is only acess is the login. Quote Link to comment Share on other sites More sharing options...
per1os Posted June 4, 2007 Share Posted June 4, 2007 I think you have your if statement backwards, and levels for that matter. if ((!$_REQUEST['method']) || (!$_COOKIE['uniqueid'])) { $access = $_COOKIE['access']; if (array_search($page,$levels)) { if ($access <= $levels[$page]) { // less than or equal to as the higher you go the less privileges you have echo $access . $levels[$page]; //showError('You do not have access to this page.'); exit; } } } So basically, if you had a level 4 access and the page required a level 1 admin in your code before it was stating that everyone but the level 1 person could access that page. This should fix it where they either have to be lessthan or equal to the access on that page to access it. Quote Link to comment Share on other sites More sharing options...
unidox Posted June 4, 2007 Author Share Posted June 4, 2007 Thank for the help. I am in school so when I get home I will try this out! Quote Link to comment Share on other sites More sharing options...
unidox Posted June 4, 2007 Author Share Posted June 4, 2007 Still didnt work Quote Link to comment Share on other sites More sharing options...
unidox Posted June 4, 2007 Author Share Posted June 4, 2007 I tested it out again, umm I changed all the access levels to 4 so even non members can change stuff. But it still brought me no access. What can I do to fix this? Quote Link to comment Share on other sites More sharing options...
unidox Posted June 4, 2007 Author Share Posted June 4, 2007 bump Quote Link to comment Share on other sites More sharing options...
unidox Posted June 5, 2007 Author Share Posted June 5, 2007 bump Quote Link to comment Share on other sites More sharing options...
unidox Posted June 5, 2007 Author Share Posted June 5, 2007 bump Quote Link to comment Share on other sites More sharing options...
unidox Posted June 5, 2007 Author Share Posted June 5, 2007 hello? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.