Page 1 of 1
Help with username approval flag
Posted: Sun Jul 18, 2004 4:32 pm
by tsm4781
I am trying to do some username flagging on a page, where even if the user has signed up, they still need to be approved to view content. This is the code that I have, but it seems not to work correctly. Would anyone have some suggestions?
Code: Select all
<?php
$query = "SELECT approved,username FROM members where username="$username";
$queryapproved = $query['approved'];
$queryusername = $query['username'];
if ( $queryapproved > 0 )
{
$queryapproved = "true"
echo "welcome, you are approved to see this screen";
} else {
$queryapproved = "false"
echo "restricted";
}
?>
Thanks!
- TS
Posted: Sun Jul 18, 2004 4:35 pm
by feyd
the code you posted has a problem in the $query set up.. as you may see with the syntax highlighting..
Posted: Sun Jul 18, 2004 4:36 pm
by tsm4781
Code: Select all
<?php
$query = "SELECT approved,username FROM members where username=$username";
$queryapproved = $query['approved'];
$queryusername = $query['username'];
if ( $queryapproved > 0 )
{
$queryapproved = "true"
echo "welcome, you are approved to see this screen";
} else {
$queryapproved = "false"
echo "restricted";
}
?>
My bad.. but it still isn't working....
Posted: Sun Jul 18, 2004 4:39 pm
by feyd
you don't actually run a query in that code. Additionally, you should probably put single quotes around $username inside the $query string.
Posted: Sun Jul 18, 2004 4:40 pm
by tsm4781
any suggestions about the right way to do this. I am trying to work with someone else's code.. and my knowledge of PHP is limited/basic.
Posted: Sun Jul 18, 2004 4:46 pm
by feyd
Assuming you are using mysql:
Code: Select all
$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result)) // found a user with that name
{
$info = mysql_fetch_assoc($result);
$approved = $info['approved'];
$username = $info['username'];
// ..........
}
else
// you can't see page.
([php_man]mysql_query[/php_man], [php_man]mysql_error[/php_man], [php_man]mysql_num_rows[/php_man], [php_man]mysql_fetch_assoc[/php_man])
Posted: Sun Jul 18, 2004 6:42 pm
by tsm4781
Code: Select all
<?php
$query = "SELECT approved,username FROM members where username='$username'";
$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result)) // found a user with that name
{
$info = mysql_fetch_assoc($result);
$approved = $info['approved'];
$username = $info['username'];
//
if ( $approved > 0 )
{
$queryapproved = "true"
echo "welcome, you are approved to see this screen";
} else {
$queryapproved = "false"
echo "restricted";
}
}
?>
Is this what I should be doing then?
Posted: Sun Jul 18, 2004 6:44 pm
by feyd
looks about right..
Posted: Sun Jul 18, 2004 8:18 pm
by tsm4781
How would I set this so that if I am not a user logged in using the table at all it would display a default message. I have to be logged in with either a value set to 1, which is approved, or 0, which is the default, but I can't get anything to display if I am not logged in at all.... thoughts?
Code: Select all
<?php
$query = "SELECT access,username FROM members where username='$username'";
$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result)) // found a user with that name
{
$info = mysql_fetch_assoc($result);
$approved = $info['access'];
$username = $info['username'];
//
if ( $approved!="0" ) {
include "blog.inc.php";
} elseif ( $approved="0" ) {
include "noblog.inc.php";
} else {
include "noblog.inc.php";
}
}
?>
Posted: Sun Jul 18, 2004 8:30 pm
by tim
the simplest most effective solution would be to use sessions
Posted: Sun Jul 18, 2004 8:32 pm
by tsm4781
Yup.. I am using sessions.. so that's a plus. The thing is that once you hit the web site, a session is already created. How might I use this to my advantage?
Posted: Sun Jul 18, 2004 9:28 pm
by tsm4781
Should I only use sessions on the login screen once you've logged in?
Posted: Sun Jul 18, 2004 9:29 pm
by feyd
just store the data into the session.. (like user id, or all the user information if you generally always want it quickly available on all pages..)

Posted: Sun Jul 18, 2004 9:54 pm
by evilmonkey
To elaborate on feyd's idea, try this:
Code: Select all
//assume that the user has logged in through a form that was posted. $username and $password were passed
$sql = "SELECT * FROM users WHERE username='".mysql_escpae_string($_POST['username'])."' AND password ='".mysql_escape_string($_POST['password'])."'"; //probably a bad idea to have the passowrd in plain text, but anyway
$result = mysql_query($sql, $db_connection);
if (mysql_num_rows($result)==1) {
session_start();
$_SESSION['username']=$_POST['username']; }
else {
//fail the login
}
The idea here is that on any page on your site where you have the session_start(); command at the top, you can access the value of $_SESSION['username']. You can do it for as many variables as you need using the $_SESSION superglobal array.
Good luck!