Steppio Posted February 20, 2008 Share Posted February 20, 2008 Hi, i have a small problem in that everytime i log on to my site as username 'Frank', i am given admin access, yet everytime i log in as username 'frank' i am still allowed into the correct profile, but not given admin rights. Is there anyway of taking the input i use to log in, stripping it of caps lock, running it through the database and admin function then returning the caps lock on? Below is the code and function i use to log into my site, followed by my switch for admin rights: Members page code: require_once('main_fns.php'); session_start(); $usern = $_SESSION['valid_user']; if ((!$_POST['username'] || !$_POST['password'])) { require('head.inc'); echo 'You did not fill the form in properly, <a href="index.php">please try again</a>.'; require('foot.inc'); } else { $user = htmlspecialchars($_POST['username']); $pass = htmlspecialchars($_POST['password']); get_admin($user); $_SESSION['admin'] = $bgi; if ($user && $pass) { $return = safelogin($user, $pass); if ($return == true) { $_SESSION['valid_user'] = $user; require('head.inc'); display_member_details($user); require('foot.inc'); } else { echo 'failed'; } } } Login Code function safelogin($user, $pass) { if (isset($user) && isset($pass)) { $conn = db_connect(); if(!$conn) { echo "Failed to connect to the server\n"; } else { if(get_magic_quotes_gpc()) { $username = stripslashes($user); $password = stripslashes($pass); } else { $username = $user; $password = $pass; } $query = sprintf("SELECT * from t_users where username='$username' and password=sha1('$password')", mysqli_real_escape_string($conn,$username), mysqli_real_escape_string($conn,$password)); mysqli_query($conn,$query); if (mysqli_affected_rows($conn) > 0) { return true; } } } else { return false; } } Function code: function get_admin($user) { switch ($user) { case 'Steppio': $bgi = '1'; break; case 'Frank': $bgi = '1'; break; case 'Karl': $bgi = '1'; break; case 'Sam': $bgi = '1'; break; case 'Kris': $bgi = '1'; break; default: $bgi = '2'; } $_SESSION['admin'] = $bgi; return $_SESSION['admin']; } Any advice you could give me would be greatly appreciated, thanks for your time. Quote Link to comment Share on other sites More sharing options...
Chris92 Posted February 20, 2008 Share Posted February 20, 2008 Store all your info in lowercase letters, then use the strtolower() function to set the posted info to lowercase letters. If you want to set the first letter to a uppercase letter use the ucfirst() function when showing it. Quote Link to comment Share on other sites More sharing options...
Psycho Posted February 20, 2008 Share Posted February 20, 2008 You should really be handling the user type withint he database instead of hard coding it like this. But here you go: function get_admin($user) { switch (strtoupper($user)) { case 'STEPPIO': $bgi = '1'; break; case 'FRANK': $bgi = '1'; break; case 'KARL': $bgi = '1'; break; case 'SAM': $bgi = '1'; break; case 'KRIS': $bgi = '1'; break; default: $bgi = '2'; } $_SESSION['admin'] = $bgi; return $_SESSION['admin']; } Quote Link to comment Share on other sites More sharing options...
Steppio Posted February 20, 2008 Author Share Posted February 20, 2008 Thank you both, both cases worth perfect, however i was intrigued by your comment mjdamato. When you say i should store the admin rights in the database, would that mean adding a separate field called for example 'Admin' then manually adding a '1' or '2' respectively, or did you mean go into the settings for the MySQL database and setting it that way? Thank you both for your time and comments. Quote Link to comment Share on other sites More sharing options...
Chris92 Posted February 20, 2008 Share Posted February 20, 2008 He means make a new field. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.