unidox Posted July 21, 2007 Share Posted July 21, 2007 I am trying to have different user levels, but no matter what, it gives admin access to all users :/ login.php: <?php $page = "login"; require_once ("inc/db.inc.php"); require_once ("inc/func3.inc.php"); require_once ("req/login.inc.php"); if ($_REQUEST['m']) { if ($_REQUEST['m'] == "1") { $loginpass = $_POST['login_pass']; $password = md5($loginpass); $loginname = $_POST['login_name']; $checkrows = mysql_query ("SELECT * FROM cp_users WHERE username='$loginname' && password='$password'") or die (mysql_error()); $rowcount = mysql_num_rows ($checkrows); if ($rowcount == "0") { showError("User/Login Error"); } if ($rowcount != "0") { header ("Location: index.php?page=admin"); $time = date("h:i:a"); $date = date("m/d/Y"); $last_logged = $time . "\n(" . $date . ")"; $ip = getenv ("REMOTE_ADDR"); MYSQL_QUERY("UPDATE cp_users SET last_logged='$last_logged', cur_ip='$ip' WHERE username='$loginname'") or die (mysql_error()); while ($mysql=mysql_fetch_array($checkrows)) { setcookie("access", $mysql[access],time()+60*60*24*30); } setcookie ("uniqueid",$loginname,time()+60*60*24*30); exit; } } elseif ($_REQUEST['m'] == "2") { header ("Location: index.php?page=login"); setcookie ("uniqueid"); setcookie ("access"); exit; } } else { if ($_COOKIE['uniqueid'] == "") { $checkfields = "login_name&login_pass"; $errors = "Enter a username&Enter a password!"; $titles = "Username:&Password:"; $fields = "login_name&login_pass"; $type = "text&password"; $size = "30&30"; $maxlength = "25&25"; createJSValid($checkfields,$errors); createForm($titles,$fields,$type,$size,$maxlength,'1','','','','1'); } else { showError("You are already logged in, <a href=\"" . $_SERVER['PHP_SELF'] . "?page=login&m=2\">logout?</a><br /><br /><a href='index.php?page=admin'>Admin Home</a>"); } } ?> Part of the func3.inc.php: require_once 'config.inc.php'; $islogged = preg_match("/index.php?page=login/", $_SERVER['PHP_SELF']); $oncolour = "#FFFFFF"; $offcolour = "#FFFFFF"; $bdrcolour = "#FFFFFF"; if ((!$_REQUEST['method']) || (!$_COOKIE['uniqueid'])) { $access = $_COOKIE['access']; if (array_search($page,$levels)) { if ($access > $levels[$page]) { echo $access . $levels[$page]; //showError('You do not have access to this page.'); exit; } } } The config.inc.php: <?php ############################################### // Folder Locations $template_folder = "template/"; $folder = "/"; $imagefolder = "pics/"; $imagefilepath = $folder . $imagefolder; // Vulgarity on or off // 1: On, 0: off $vulgarity = 0; // Special Character // Default: | $special_character = "&"; // Max Links & Roster Characters // Default: 20 $max_length = 16; // Max News Posts Displayer Per Page // Default: 8 $max_news = 8; // Do not change $root = $_SERVER['DOCUMENT_ROOT']; $imagefullpath = $root . $imagefilepath; // Access Levels // 1: Master, 2: Limited, 3: All Users $levels = array(); $levels[login] = "3"; $levels[index] = "2"; $levels[news] = "2"; $levels[roster] = "1"; $levels[links] = "2"; $levels[leagues] = "2"; $levels[matches] = "2"; $levels[servers] = "1"; $levels[faq] = "2"; $levels[sponsors] = "1"; $levels[downloads] = "2"; $levels[meda] = "2"; $levels[demos] = "2"; $levels[settings] = "1"; $levels[changepass] = "2"; $levels[admins] = "1"; $levels[config] = "1"; ?> Quote Link to comment Share on other sites More sharing options...
ss32 Posted July 21, 2007 Share Posted July 21, 2007 Check the default value for the column where you store the access level. You might have your problem right there, when you create the user in the first place. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.