PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I wrote for user_permission and admin_permission, I have isAdmin in database, and I call admin = 1 , user = 0.
Now this code has error : Undefined variable: MSQ in D:\htdocs\BP\autorizace\autorizace_DB.php on line 44
$isAdmin = MySQL_Query("SELECT isAdmin FROM users");
........
if ((IsSet($login)) AND (IsSet($password)) AND ($isAdmin == 1)){
$p = MD5($password);
//for only admin
$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') ");
...........
}
...............
$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') AND (isAdmin LIKE '1')");
.....................
$isAdmin = MySQL_Query("SELECT isAdmin FROM users");
........
if ((IsSet($login)) AND (IsSet($password)) AND ($isAdmin == 1)){
$p = MD5($password);
//for only admin
$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') ");
...........
}
Everah wrote:You are setting $MSQ several times, so there is a strong likelihood that your problem lies in what the value of $MSQ is assigned to at line 44.
What would I do if i wanto set isAdmin to check user login, user has isAdmin = 1 --> have user's permission, user doesn't have --> user's permission
@ ok : I know that I can user follow ur idea. Thanx
<?php
Header("Pragma: No-cache");
Header("Cache-Control: No-cache, Must-revalidate");
Header("Expires: ".GMDate("D, d M Y H:i:s")." GMT");
$password = $_POST['password'];
$login = $_POST['login'];
$MC = MySQL_Connect("localhost", "root", "");
$MS = MySQL_Select_DB("hostel");
$isAdmin = MySQL_Query("SELECT isAdmin FROM users");
if(!$password||!$login){
echo 'Třeba vyplnit upnle informace !!!';
exit;
}
if(!get_magic_quotes_gpc())
{
$password = addslashes($password);
$login = addslashes($login);
}
//for admin
/************************************************
* If these conditionals do not ALL add up to true, MSQ will not be set
************************************************/
if ((IsSet($login)) AND (IsSet($password)) AND ($isAdmin == 1)){
$p = MD5($password);
//for only admin
$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') ");
}
/************************************************
* If $lo is not set MSQ will not be set again
************************************************/
if (IsSet($lo)){
$SN = "autorizace";
Session_name("$SN");
Session_start();
$sid = Session_id();
$MSQ = MySQL_Query("DELETE FROM autorizace WHERE id = '$sid'");
echo "Byl(a) jste odhlášen(a)!";
}
/************************************************
* At this point, since you did not declare MSQ
* with a default value, if the two above
* conditionals fail, MSQ is not set at all. I
* think this is where your errors are coming from.
************************************************/
if (MySQL_Num_Rows($MSQ) <> 1)
{
echo "Neautorizovaný přístup";
echo "hello you";
exit;
}
else{
$SN = "autorizace";
Session_name("$SN");
Session_start();
$sid = Session_id();
$time = Date("U");
$at = Date("U") - 1800;
$MSQ = MySQL_Query("INSERT INTO autorizace VALUES ('$sid', $time)");
$MSQ = MySQL_Query("DELETE FROM autorizace WHERE time < $at");
include ("D:\htdocs\BP\Room\outputRoom.php");
echo '<p> <a href="autorizace.php?lo=true">Odhlásit se</a> </p>';
}
?>
$isAdmin = MySQL_Query("SELECT isAdmin FROM users");
is causing all sorts of mischief. Once this is executed, $isAdmin becomes a resource identifier so your first conditional will always fail. That being said, $MSQ will never be set to anything and you will always have this error.
To fix this, you need to do something with the query result resource that is in $isAdmin. Once you extract some information from that, you should be able to get back on track.
DELETE queries return true or false. There's nothing to fetch. Once again you're using the same for a lot of queries, this can lead to problems such as this one.
Please, I tried n*time and it doesn't still run.Who can hepl me to make condition isAdmin, by which user or admon can be realized.(I have table user contains fields id, login,password, isAdmin)