Jump to content

[SOLVED] If Statement which always executes whatever it considers.


Recommended Posts

<?php session_start();
if ($_SESSION['LOGGEDIN'] == !TRUE){ 
echo "You must be logged in to view this page. You can login <a href=\"index.php\">here</a>"; exit; }
//Logout Button	
if (isset($_POST['logout'])){
session_destroy();
header("Location: index.php");}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Registration Form</title>
<style type="text/css">
<!--
body,td,th {
color: #000000;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
body {
background-color: #CCCCCC;
}
a:link {
color: #000000;
}
a:visited {
color: #000000;
}
.style4 {
font-size: 10px
}
-->
</style>



<table width="128" height="145" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666">
  <tr>
    <th width="198" scope="col">Control Panel</th>
  </tr>
  <tr>
    <td height="20"><form id="form1" name="form1" method="post" action="<?PHP echo $_SERVER['PHP_SELF']; ?>">
      <label>
      <div align="center">
        <input type="submit" name="logout" id="logout" value="logout" />
      </div>
      <div align="center"></div>
      <div align="center"></div>
    </form>    </td>
  </tr>
  <tr>
    <td height="20"> </td>
  </tr>
  <tr>
    <td height="20"> </td>
  </tr>
  <tr>
    <td height="63"> </td>
  </tr>
</table>


<p align="center"><?php
//Admin panel
$admin = $_SESSION['RIGHTS'];
if ($admin == admin){
echo "<a href=\"admin/main.php\" class=\"style4\">Admin Control Panel</a></p>";}
?> 

 

this is my account script. and even though the $_SESSION['rights'] does not == admin it echos the link. could anyone help?

 

 

this is my login script:

 

<?php
session_start();
if ($_SESSION['LOGGEDIN']){
header("Location: account.php");} ?>

CSS DATA
</head>

<body>
<form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
  <label></label>
  <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666">
    <tr>
      <th width="198" scope="col">Login System</th>
    </tr>
    <tr>
      <td height="63">Username:
        <input name="username" type="text" id="username" size="33" />
        Password:<br />
        <label>
        <input name="password" type="password" id="password" size="33" />
        <input name="submit" type="submit" id="submit" value="Submit" />
        <a href="register.php">Register here!</a></label></td>
    </tr>
  </table>
  <div align="center">
  
</div>
</form>
    <div align="center">
      
      
      <?php
require("config.php");

if (isset($_POST['submit'])){
$user = mysql_real_escape_string($_POST['username']);
$pw = md5(sha1(md5(md5($_POST['password']))));
$result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'");
if (mysql_num_rows($result) > 0) {
$rights = mysql_query("SELECT rights FROM user_info WHERE username = '$user'");
$_SESSION['RIGHTS'] = $rights;
$_SESSION['LOGGEDIN'] = TRUE;
$_SESSION['UNAME'] = $user;

if ($_SESSION['LOGGEDIN']){
header("Location: account.php");exit;}}

else{
echo "You have typed in an incorrect password or/and username."; }}


?>

just a note for you... getting the variable $rights like this:

 

$rights = mysql_query("SELECT rights FROM user_info WHERE username = '$user'");

 

will return a mysql resource #. try running it like this instead:

$rights = mysql_result(mysql_query("SELECT rights FROM user_info WHERE username = '$user'"),0);

just a note for you... getting the variable $rights like this:

 

$rights = mysql_query("SELECT rights FROM user_info WHERE username = '$user'");

 

will return a mysql resource #. try running it like this instead:

$rights = mysql_result(mysql_query("SELECT rights FROM user_info WHERE username = '$user'"),0);

 

why the ,0); what does that mean?

'0' is the column offset, if it's confusing then the following would be better...

 

<?php
if (isset($_POST['submit'])){
   $user = mysql_real_escape_string($_POST['username']);
   $pw = md5(sha1(md5(md5($_POST['password']))));
   $sql = "SELECT * FROM user_info WHERE username = '$user' AND password = '$pw'";
   $result = mysql_query($sql);
   if (mysql_num_rows($result) == 1){
      $row = mysql_fetch_array($result, MYSQL_ASSOC);
      $_SESSION['RIGHTS'] = $row['rights'];
      $_SESSION['LOGGEDIN'] = TRUE;
      $_SESSION['UNAME'] = $user;
      
      if ($_SESSION['LOGGEDIN']){
      header("Location: account.php");
      exit;
   }
   else {
      echo "You have typed in an incorrect password or/and username.";
   }
}

 

Regards

Huggie

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.