Foser Posted June 28, 2007 Share Posted June 28, 2007 <?php session_start(); if ($_SESSION['LOGGEDIN'] == !TRUE){ echo "You must be logged in to view this page. You can login <a href=\"index.php\">here</a>"; exit; } //Logout Button if (isset($_POST['logout'])){ session_destroy(); header("Location: index.php");} ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Registration Form</title> <style type="text/css"> <!-- body,td,th { color: #000000; font-family: Verdana, Arial, Helvetica, sans-serif; } body { background-color: #CCCCCC; } a:link { color: #000000; } a:visited { color: #000000; } .style4 { font-size: 10px } --> </style> <table width="128" height="145" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666"> <tr> <th width="198" scope="col">Control Panel</th> </tr> <tr> <td height="20"><form id="form1" name="form1" method="post" action="<?PHP echo $_SERVER['PHP_SELF']; ?>"> <label> <div align="center"> <input type="submit" name="logout" id="logout" value="logout" /> </div> <div align="center"></div> <div align="center"></div> </form> </td> </tr> <tr> <td height="20"> </td> </tr> <tr> <td height="20"> </td> </tr> <tr> <td height="63"> </td> </tr> </table> <p align="center"><?php //Admin panel $admin = $_SESSION['RIGHTS']; if ($admin == admin){ echo "<a href=\"admin/main.php\" class=\"style4\">Admin Control Panel</a></p>";} ?> this is my account script. and even though the $_SESSION['rights'] does not == admin it echos the link. could anyone help? this is my login script: <?php session_start(); if ($_SESSION['LOGGEDIN']){ header("Location: account.php");} ?> CSS DATA </head> <body> <form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>"> <label></label> <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666"> <tr> <th width="198" scope="col">Login System</th> </tr> <tr> <td height="63">Username: <input name="username" type="text" id="username" size="33" /> Password:<br /> <label> <input name="password" type="password" id="password" size="33" /> <input name="submit" type="submit" id="submit" value="Submit" /> <a href="register.php">Register here!</a></label></td> </tr> </table> <div align="center"> </div> </form> <div align="center"> <?php require("config.php"); if (isset($_POST['submit'])){ $user = mysql_real_escape_string($_POST['username']); $pw = md5(sha1(md5(md5($_POST['password'])))); $result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'"); if (mysql_num_rows($result) > 0) { $rights = mysql_query("SELECT rights FROM user_info WHERE username = '$user'"); $_SESSION['RIGHTS'] = $rights; $_SESSION['LOGGEDIN'] = TRUE; $_SESSION['UNAME'] = $user; if ($_SESSION['LOGGEDIN']){ header("Location: account.php");exit;}} else{ echo "You have typed in an incorrect password or/and username."; }} ?> Link to comment https://forums.phpfreaks.com/topic/57538-solved-if-statement-which-always-executes-whatever-it-considers/ Share on other sites More sharing options...
phpknight Posted June 28, 2007 Share Posted June 28, 2007 You probably should do a string compare and put double quotes around admin. Or, if you mean a variable, you need a $. That plain admin looks suspect. Link to comment https://forums.phpfreaks.com/topic/57538-solved-if-statement-which-always-executes-whatever-it-considers/#findComment-284735 Share on other sites More sharing options...
JasonLewis Posted June 28, 2007 Share Posted June 28, 2007 just a note for you... getting the variable $rights like this: $rights = mysql_query("SELECT rights FROM user_info WHERE username = '$user'"); will return a mysql resource #. try running it like this instead: $rights = mysql_result(mysql_query("SELECT rights FROM user_info WHERE username = '$user'"),0); Link to comment https://forums.phpfreaks.com/topic/57538-solved-if-statement-which-always-executes-whatever-it-considers/#findComment-284746 Share on other sites More sharing options...
Foser Posted June 28, 2007 Author Share Posted June 28, 2007 Still does not work. I changed admin to user which is the only other variable when you register and executes if you are an admin user. I also tried if ($_SESSION['RIGHTS'] != user and still does not work! Link to comment https://forums.phpfreaks.com/topic/57538-solved-if-statement-which-always-executes-whatever-it-considers/#findComment-284749 Share on other sites More sharing options...
Foser Posted June 28, 2007 Author Share Posted June 28, 2007 just a note for you... getting the variable $rights like this: $rights = mysql_query("SELECT rights FROM user_info WHERE username = '$user'"); will return a mysql resource #. try running it like this instead: $rights = mysql_result(mysql_query("SELECT rights FROM user_info WHERE username = '$user'"),0); why the ,0); what does that mean? Link to comment https://forums.phpfreaks.com/topic/57538-solved-if-statement-which-always-executes-whatever-it-considers/#findComment-284750 Share on other sites More sharing options...
Foser Posted June 28, 2007 Author Share Posted June 28, 2007 alright it works, although still comfused about the 0,) Link to comment https://forums.phpfreaks.com/topic/57538-solved-if-statement-which-always-executes-whatever-it-considers/#findComment-284751 Share on other sites More sharing options...
HuggieBear Posted June 28, 2007 Share Posted June 28, 2007 '0' is the column offset, if it's confusing then the following would be better... <?php if (isset($_POST['submit'])){ $user = mysql_real_escape_string($_POST['username']); $pw = md5(sha1(md5(md5($_POST['password'])))); $sql = "SELECT * FROM user_info WHERE username = '$user' AND password = '$pw'"; $result = mysql_query($sql); if (mysql_num_rows($result) == 1){ $row = mysql_fetch_array($result, MYSQL_ASSOC); $_SESSION['RIGHTS'] = $row['rights']; $_SESSION['LOGGEDIN'] = TRUE; $_SESSION['UNAME'] = $user; if ($_SESSION['LOGGEDIN']){ header("Location: account.php"); exit; } else { echo "You have typed in an incorrect password or/and username."; } } Regards Huggie Link to comment https://forums.phpfreaks.com/topic/57538-solved-if-statement-which-always-executes-whatever-it-considers/#findComment-284753 Share on other sites More sharing options...
Illusion Posted June 28, 2007 Share Posted June 28, 2007 if ($_SESSION['LOGGEDIN']){ $_SESSION['UNAME'] = $user; $_SESSION['RIGHTS'] = $row['rights']; header("Location: account.php"); exit; good practice, isn't it? Link to comment https://forums.phpfreaks.com/topic/57538-solved-if-statement-which-always-executes-whatever-it-considers/#findComment-284770 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.