User Levels

[unidox]

I am trying to have different user levels, but no matter what, it gives admin access to all users :/

 

login.php:

 

<?php
$page = "login";
require_once ("inc/db.inc.php");
require_once ("inc/func3.inc.php");
require_once ("req/login.inc.php");
if ($_REQUEST['m']) {
	if ($_REQUEST['m'] == "1") {
		$loginpass = 		$_POST['login_pass'];
		$password = 		md5($loginpass);
		$loginname = 		$_POST['login_name'];
		$checkrows = 		mysql_query ("SELECT * FROM cp_users WHERE username='$loginname' && password='$password'") or die (mysql_error());
		$rowcount = 		mysql_num_rows ($checkrows);
		if ($rowcount == "0") {
				showError("User/Login Error");

		}
		if ($rowcount != "0") {
			header ("Location: index.php?page=admin");
			$time = 		date("h:i:a");
			$date = 		date("m/d/Y");
			$last_logged = 	$time . "\n(" . $date . ")";
			$ip = 			getenv ("REMOTE_ADDR");
			MYSQL_QUERY("UPDATE cp_users SET last_logged='$last_logged', cur_ip='$ip' WHERE username='$loginname'") or die (mysql_error());
			while ($mysql=mysql_fetch_array($checkrows)) {
				setcookie("access", $mysql[access],time()+60*60*24*30);
			}
			setcookie ("uniqueid",$loginname,time()+60*60*24*30);
			exit;
		} 
	}		
	elseif ($_REQUEST['m'] == "2") {
		header ("Location: index.php?page=login");
		setcookie ("uniqueid");
		setcookie ("access");
		exit;
	}
}
else {
	if ($_COOKIE['uniqueid'] == "") {
		$checkfields = "login_name&login_pass";
		$errors = "Enter a username&Enter a password!";
		$titles = "Username:&Password:";
		$fields = "login_name&login_pass";
		$type = "text&password";
		$size = "30&30";
		$maxlength = "25&25";
		createJSValid($checkfields,$errors);
		createForm($titles,$fields,$type,$size,$maxlength,'1','','','','1');

	}
	else {
		showError("You are already logged in, <a href=\"" . $_SERVER['PHP_SELF'] . "?page=login&m=2\">logout?</a><br /><br /><a href='index.php?page=admin'>Admin Home</a>");
	}
}
?>

 

Part of the func3.inc.php:

 

require_once 'config.inc.php';

$islogged = preg_match("/index.php?page=login/", $_SERVER['PHP_SELF']);
	$oncolour = "#FFFFFF";
$offcolour = "#FFFFFF";
$bdrcolour = "#FFFFFF";


if ((!$_REQUEST['method']) || (!$_COOKIE['uniqueid'])) {
	$access = $_COOKIE['access'];
	if (array_search($page,$levels)) {
		if ($access > $levels[$page]) {
			echo $access . $levels[$page];
			//showError('You do not have access to this page.');
			exit;
		}
	}
}

 

The config.inc.php:

 

<?php
###############################################
// Folder Locations
$template_folder = "template/";
$folder = "/";
$imagefolder = "pics/";
$imagefilepath = $folder . $imagefolder;

// Vulgarity on or off
// 1: On, 0: off
$vulgarity = 0;

// Special Character
// Default: |
$special_character = "&";

// Max Links & Roster Characters
// Default: 20
$max_length = 16;

// Max News Posts Displayer Per Page
// Default: 8
$max_news = 8;

// Do not change
$root = $_SERVER['DOCUMENT_ROOT'];
$imagefullpath = $root . $imagefilepath;

// Access Levels
// 1: Master, 2: Limited, 3: All Users
$levels = array();
$levels[login] 		= "3";
$levels[index] 		= "2";
$levels[news] 		= "2";
$levels[roster] 	= "1";
$levels[links] 		= "2";
$levels[leagues] 	= "2";
$levels[matches]	= "2";
$levels[servers] 	= "1";
$levels[faq] 		= "2";
$levels[sponsors] 	= "1";
$levels[downloads]	= "2";	
$levels[meda]		= "2";	
$levels[demos]		= "2";	
$levels[settings] 	= "1";
$levels[changepass]	= "2";
$levels[admins] 	= "1";
$levels[config]		= "1";
?>

[ss32]

Check the default value for the column where you store the access level.  You might have your problem right there, when you create the user in the first place.