admin permission

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

hrubos wrote:Please, I tried n*time and it doesn't still run.Who can hepl me to make condition isAdmin, by which user or admon can be realized.(I have table user contains fields id, login,password, isAdmin)
Think logically about this... You have a table that contains the fields fields id, login,password, isAdmin. All you need to do is get the value of the isAdmin field for a particular user. Try that, post back with any issues you are having.
hrubos
Forum Contributor
Posts: 172
Joined: Sat Oct 07, 2006 3:44 pm

Post by hrubos »

Everah wrote:
hrubos wrote:Please, I tried n*time and it doesn't still run.Who can hepl me to make condition isAdmin, by which user or admon can be realized.(I have table user contains fields id, login,password, isAdmin)
Think logically about this... You have a table that contains the fields fields id, login,password, isAdmin. All you need to do is get the value of the isAdmin field for a particular user. Try that, post back with any issues you are having.
I have setted user is null, and admin is 1 in fields admin. Then I did this to check user or admin. Would you show me what did I do wrong in this code.

Code: Select all

..................
if (isset($MSQ) && MySQL_Num_Rows($MSQ) <> 1) 
{
echo "Neautorizovaný p&#345;ístup";
echo "hello you";
exit;
}
else{
$SN = "autorizace";
Session_name("$SN");
Session_start();
$sid = Session_id();
$time = Date("U");
$at = Date("U") - 1800;
$MSQ = MySQL_Query("INSERT INTO autorizace VALUES ('$sid', $time)");
$MSQ = MySQL_Query("DELETE FROM autorizace WHERE time < $at");

$row = $mysql_fetch_array($MSQ);
$id = $row['id'];
$isAdmin = $row['isAdmin'];
if($isAdmin){
  include ("D:\htdocs\BP\Room\outputRoom.php");
echo '<p> <a href="autorizace.php?lo=true">Odhlásit se</a> </p>';
}
else {
echo "a' a'a'  ";
}

}
Thank much for your encourage
Last edited by hrubos on Wed Dec 06, 2006 3:52 pm, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Another tip: it may be easier to get a foothold by attempting to perform the query in something like phpMyAdmin first to understand the end query that you need to build, then start building code that can generate said query.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

The way you are doing it is not going to work because you keep overwriting your $MSQ var before you run it through the fetch. After you query the user table, fetch the data and read that into an array that you can use later. Look at your code, it is telling you everything you need to understand what it is doing.
hrubos
Forum Contributor
Posts: 172
Joined: Sat Oct 07, 2006 3:44 pm

Post by hrubos »

Everah wrote:The way you are doing it is not going to work because you keep overwriting your $MSQ var before you run it through the fetch. After you query the user table, fetch the data and read that into an array that you can use later. Look at your code, it is telling you everything you need to understand what it is doing.
if I do

Code: Select all

$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') ");
$num_row = mysql_num_rows($MSQ);
So then should I chose mysql_affected_rows([]) or mysql_fetch_array() ???
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

hrubos wrote:if I do

Code: Select all

$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') ");
$num_row = mysql_num_rows($MSQ);
So then should I chose mysql_affected_rows([]) or mysql_fetch_array() ???
Everah wrote:The way you are doing it is not going to work because you keep overwriting your $MSQ var before you run it through the fetch. After you query the user table, fetch the data and read that into an array that you can use later. Look at your code, it is telling you everything you need to understand what it is doing.
hrubos
Forum Contributor
Posts: 172
Joined: Sat Oct 07, 2006 3:44 pm

Post by hrubos »

now I think that Ishould move it to

Code: Select all

if ((IsSet($login)) AND (IsSet($password)) )){
$p = MD5($password);
//for only admin
$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') ");
$num_row = mysql_num_rows($MSQ);

if ($num_row == 1) {
		//prihlaseni probehlo v poradku
		$row = mysql_fetch_array($MSQ);
                $id = $row['id'];
                $isAdmin = $row['$isAdmin'];
                 $return_array = array($id,$isAdmin);
if($isAdmin){
 echo "you are admin";

}
else {
echo "you are user";
}
		return $return_array;
	}
else {
    echo "Can't login !!!";
return false;
}
hrubos
Forum Contributor
Posts: 172
Joined: Sat Oct 07, 2006 3:44 pm

Post by hrubos »

Everah wrote:
hrubos wrote:if I do

Code: Select all

$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') ");
$num_row = mysql_num_rows($MSQ);
So then should I chose mysql_affected_rows([]) or mysql_fetch_array() ???
Everah wrote:The way you are doing it is not going to work because you keep overwriting your $MSQ var before you run it through the fetch. After you query the user table, fetch the data and read that into an array that you can use later. Look at your code, it is telling you everything you need to understand what it is doing.
halo halo, you are super, thank . I have done ;)

thank much !!!
Post Reply