Help with username approval flag

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tsm4781
Forum Commoner
Posts: 38
Joined: Wed Jul 09, 2003 7:17 pm

Help with username approval flag

Post by tsm4781 »

I am trying to do some username flagging on a page, where even if the user has signed up, they still need to be approved to view content. This is the code that I have, but it seems not to work correctly. Would anyone have some suggestions?

Code: Select all

<?php
       $query = "SELECT approved,username FROM members where username="$username";

       $queryapproved = $query['approved'];
       $queryusername = $query['username'];

       if ( $queryapproved > 0 )
       {
               $queryapproved = "true"
               echo "welcome, you are approved to see this screen";
               } else {
               $queryapproved = "false"
               echo "restricted";
       }

?>
Thanks!

- TS
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

the code you posted has a problem in the $query set up.. as you may see with the syntax highlighting..
tsm4781
Forum Commoner
Posts: 38
Joined: Wed Jul 09, 2003 7:17 pm

Post by tsm4781 »

Code: Select all

<?php
       $query = "SELECT approved,username FROM members where username=$username";

       $queryapproved = $query['approved'];
       $queryusername = $query['username'];

       if ( $queryapproved > 0 )
       {
               $queryapproved = "true"
               echo "welcome, you are approved to see this screen";
               } else {
               $queryapproved = "false"
               echo "restricted";
       }
?>
My bad.. but it still isn't working....
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you don't actually run a query in that code. Additionally, you should probably put single quotes around $username inside the $query string.
tsm4781
Forum Commoner
Posts: 38
Joined: Wed Jul 09, 2003 7:17 pm

Post by tsm4781 »

any suggestions about the right way to do this. I am trying to work with someone else's code.. and my knowledge of PHP is limited/basic.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Assuming you are using mysql:

Code: Select all

$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result)) // found a user with that name
{
  $info = mysql_fetch_assoc($result);
  $approved = $info['approved'];
  $username = $info['username'];
  // ..........
}
else
  // you can't see page.
([php_man]mysql_query[/php_man], [php_man]mysql_error[/php_man], [php_man]mysql_num_rows[/php_man], [php_man]mysql_fetch_assoc[/php_man])
tsm4781
Forum Commoner
Posts: 38
Joined: Wed Jul 09, 2003 7:17 pm

Post by tsm4781 »

Code: Select all

<?php

$query = "SELECT approved,username FROM members where username='$username'";

$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result)) // found a user with that name
{
 $info = mysql_fetch_assoc($result);
 $approved = $info['approved'];
 $username = $info['username'];
 //
      if ( $approved > 0 )
      {
              $queryapproved = "true"
              echo "welcome, you are approved to see this screen";
              } else {
              $queryapproved = "false"
              echo "restricted";
      }
}

?>
Is this what I should be doing then?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

looks about right..
tsm4781
Forum Commoner
Posts: 38
Joined: Wed Jul 09, 2003 7:17 pm

Post by tsm4781 »

How would I set this so that if I am not a user logged in using the table at all it would display a default message. I have to be logged in with either a value set to 1, which is approved, or 0, which is the default, but I can't get anything to display if I am not logged in at all.... thoughts?

Code: Select all

<?php

$query = "SELECT access,username FROM members where username='$username'";
$result = mysql_query($query) or die(mysql_error());

if(mysql_num_rows($result)) // found a user with that name
{

$info = mysql_fetch_assoc($result);

$approved = $info['access'];
$username = $info['username'];
//
    if ( $approved!="0" ) {
       include "blog.inc.php";
    } elseif ( $approved="0" ) {
       include "noblog.inc.php";
    } else {
       include "noblog.inc.php";
    }
}

?>
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

the simplest most effective solution would be to use sessions
tsm4781
Forum Commoner
Posts: 38
Joined: Wed Jul 09, 2003 7:17 pm

Post by tsm4781 »

Yup.. I am using sessions.. so that's a plus. The thing is that once you hit the web site, a session is already created. How might I use this to my advantage?
tsm4781
Forum Commoner
Posts: 38
Joined: Wed Jul 09, 2003 7:17 pm

Post by tsm4781 »

Should I only use sessions on the login screen once you've logged in?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

just store the data into the session.. (like user id, or all the user information if you generally always want it quickly available on all pages..) :)
User avatar
evilmonkey
Forum Regular
Posts: 823
Joined: Sun Oct 06, 2002 1:24 pm
Location: Toronto, Canada

Post by evilmonkey »

To elaborate on feyd's idea, try this:

Code: Select all

//assume that the user has logged in through a form that was posted. $username and $password were passed
$sql = "SELECT * FROM users WHERE username='".mysql_escpae_string($_POST['username'])."' AND password ='".mysql_escape_string($_POST['password'])."'"; //probably a bad idea to have the passowrd in plain text, but anyway
$result = mysql_query($sql, $db_connection);
if (mysql_num_rows($result)==1) {
session_start();
$_SESSION['username']=$_POST['username']; }
else {
//fail the login 
}
The idea here is that on any page on your site where you have the session_start(); command at the top, you can access the value of $_SESSION['username']. You can do it for as many variables as you need using the $_SESSION superglobal array.

Good luck!
Post Reply