Jump to content

Escaping caps lock


Steppio

Recommended Posts

Hi, i have a small problem in that everytime i log on to my site as username 'Frank', i am given admin access, yet everytime i log in as username 'frank' i am still allowed into the correct profile, but not given admin rights. Is there anyway of taking the input i use to log in, stripping it of caps lock, running it through the database and admin function then returning the caps lock on?

 

Below is the code and function i use to log into my site, followed by my switch for admin rights:

 

Members page code:

 

require_once('main_fns.php');
session_start();
$usern = $_SESSION['valid_user'];

if ((!$_POST['username'] || !$_POST['password']))
{
	require('head.inc');
	echo 'You did not fill the form in properly, <a href="index.php">please try again</a>.';
	require('foot.inc');
}
else
{  
$user = htmlspecialchars($_POST['username']);
$pass = htmlspecialchars($_POST['password']);
get_admin($user);
$_SESSION['admin'] = $bgi;


if ($user && $pass)
{

	$return = safelogin($user, $pass);

	if ($return == true)
	{
		$_SESSION['valid_user'] = $user;
		require('head.inc');
		display_member_details($user);
		require('foot.inc');
	}
	else
	{
	echo 'failed';
	}

}
}

 

 

Login Code

 

function safelogin($user, $pass)
{
if (isset($user) && isset($pass)) {

   $conn = db_connect();

   if(!$conn) {

       echo "Failed to connect to the server\n";

   } else {

       if(get_magic_quotes_gpc()) {
           $username = stripslashes($user);
           $password = stripslashes($pass);
       } else {
           $username = $user;
           $password = $pass;
       }

       $query = sprintf("SELECT * from t_users where username='$username' and password=sha1('$password')",
                   mysqli_real_escape_string($conn,$username),
                   mysqli_real_escape_string($conn,$password));

       mysqli_query($conn,$query);

       if (mysqli_affected_rows($conn) > 0) {
       return true;
       }
   }
} else {
   return false;
}
}

 

 

Function code:

 

function get_admin($user)
{
	switch ($user) {
          case 'Steppio':
          	$bgi = '1';
          	break;
          case 'Frank':
          	$bgi = '1';
            break;
          case 'Karl':
          	$bgi = '1';
            break;
          case 'Sam':
          	$bgi = '1';
            break;
          case 'Kris':
          	$bgi = '1';
            break;
          default:
          	$bgi = '2';
     }
     $_SESSION['admin'] = $bgi;
     return $_SESSION['admin'];
}

 

Any advice you could give me would be greatly appreciated, thanks for your time.

Link to comment
https://forums.phpfreaks.com/topic/92131-escaping-caps-lock/
Share on other sites

You should really be handling the user type withint he database instead of hard coding it like this. But here you go:

 

function get_admin($user)
{
   switch (strtoupper($user)) {
         case 'STEPPIO':
         	$bgi = '1';
         	break;
         case 'FRANK':
         	$bgi = '1';
           break;
         case 'KARL':
         	$bgi = '1';
           break;
         case 'SAM':
         	$bgi = '1';
           break;
         case 'KRIS':
         	$bgi = '1';
           break;
         default:
         	$bgi = '2';
    }
    $_SESSION['admin'] = $bgi;
    return $_SESSION['admin'];
}

Link to comment
https://forums.phpfreaks.com/topic/92131-escaping-caps-lock/#findComment-471828
Share on other sites

Thank you both, both cases worth perfect, however i was intrigued by your comment mjdamato. When you say i should store the admin rights in the database, would that mean adding a separate field called for example 'Admin' then manually adding a '1' or '2' respectively, or did you mean go into the settings for the MySQL database and setting it that way? 

 

Thank you both for your time and comments.

Link to comment
https://forums.phpfreaks.com/topic/92131-escaping-caps-lock/#findComment-471849
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.