Page 1 of 1

if statement

Posted: Sun Jul 06, 2003 5:11 am
by jamrop
Hey

I am trying to make some code so that only the admin can make changes to certain parts of the database. FOr example i have called the admin username david. Trying to make an if statement to say that if the username is called david go ahead with the changes, but if not , message saying not allowed. I am using session

the code

Code: Select all

<?php


//start the session
session_start();
header("Cache-control: private"); //IE 6 Fix 
 

//check to make sure the session variable is registered
if(session_is_registered('username')){

//the session variable is registered, the user is allowed to see anything that follows

echo "Welcome, you are still logged in '$username'.";

}
else{

//the session variable isn't registered, send them back to the login page
header( "Location: login.php" );
}
if ('$username' != "david") {

echo "You are not authorised to make changes to the database";
} else {
$db =mysql_connect("","", "");
mysql_select_db("",$db) or die ("cannot connect to database");
$query = "INSERT INTO cars(make, engine,year,des,mot,price)
VALUES('".$_POST['make']."','".$_POST['engine']."','".$_POST['year']."','".$_POST['des']."'
,'".$_POST['mot']."','".$_POST['price']."')" ;
mysql_query($query);
}

?>
It just seems to ignore the if statment and keeps saying the message, "You are not authorised to make changes to the database"

Any help?

many thanks

Posted: Sun Jul 06, 2003 5:15 am
by m3mn0n
Make it so:

If the user IS david, allow. Else, buzz off.


It's so much easier I think that way.

Posted: Sun Jul 06, 2003 5:16 am
by m3mn0n

Code: Select all

<?php
if ($username == "david") { 
   $db =mysql_connect("","", "");  
   mysql_select_db("",$db) or die ("cannot connect to database"); 
   $query = "INSERT INTO cars(make, engine,year,des,mot,price) 
   VALUES('".$_POST['make']."','".$_POST['engine']."','".$_POST      ['year']."','".$_POST['des']."' 
   ,'".$_POST['mot']."','".$_POST['price']."')" ; 
   mysql_query($query); 
} else { 
   echo "You are not authorised to make changes to the database"; 
    exit; // <-- this is optional
} 
?>

Posted: Sun Jul 06, 2003 5:24 am
by jamrop
hey


tried it, but still saying the same thing

Posted: Sun Jul 06, 2003 5:34 am
by jamrop
hey

solved it

cause it should have been $username not '$username'

thanks for your help

Posted: Sun Jul 06, 2003 4:20 pm
by m3rajk
not just that, but if you use look for equality or inequality, use == and !== respectively. = and != are for setting. (well i know = is and i think != might in php. i was told not to use it and that's the only reason that makes logical sense)

Posted: Sun Jul 06, 2003 5:45 pm
by bionicdonkey
!= is a comparision operator not an assignment operator