Think logically about this... You have a table that contains the fields fields id, login,password, isAdmin. All you need to do is get the value of the isAdmin field for a particular user. Try that, post back with any issues you are having.hrubos wrote:Please, I tried n*time and it doesn't still run.Who can hepl me to make condition isAdmin, by which user or admon can be realized.(I have table user contains fields id, login,password, isAdmin)
admin permission
Moderator: General Moderators
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
I have setted user is null, and admin is 1 in fields admin. Then I did this to check user or admin. Would you show me what did I do wrong in this code.Everah wrote:Think logically about this... You have a table that contains the fields fields id, login,password, isAdmin. All you need to do is get the value of the isAdmin field for a particular user. Try that, post back with any issues you are having.hrubos wrote:Please, I tried n*time and it doesn't still run.Who can hepl me to make condition isAdmin, by which user or admon can be realized.(I have table user contains fields id, login,password, isAdmin)
Code: Select all
..................
if (isset($MSQ) && MySQL_Num_Rows($MSQ) <> 1)
{
echo "Neautorizovaný přístup";
echo "hello you";
exit;
}
else{
$SN = "autorizace";
Session_name("$SN");
Session_start();
$sid = Session_id();
$time = Date("U");
$at = Date("U") - 1800;
$MSQ = MySQL_Query("INSERT INTO autorizace VALUES ('$sid', $time)");
$MSQ = MySQL_Query("DELETE FROM autorizace WHERE time < $at");
$row = $mysql_fetch_array($MSQ);
$id = $row['id'];
$isAdmin = $row['isAdmin'];
if($isAdmin){
include ("D:\htdocs\BP\Room\outputRoom.php");
echo '<p> <a href="autorizace.php?lo=true">Odhlásit se</a> </p>';
}
else {
echo "a' a'a' ";
}
}
Last edited by hrubos on Wed Dec 06, 2006 3:52 pm, edited 1 time in total.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
The way you are doing it is not going to work because you keep overwriting your $MSQ var before you run it through the fetch. After you query the user table, fetch the data and read that into an array that you can use later. Look at your code, it is telling you everything you need to understand what it is doing.
if I doEverah wrote:The way you are doing it is not going to work because you keep overwriting your $MSQ var before you run it through the fetch. After you query the user table, fetch the data and read that into an array that you can use later. Look at your code, it is telling you everything you need to understand what it is doing.
Code: Select all
$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') ");
$num_row = mysql_num_rows($MSQ);- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
hrubos wrote:if I doSo then should I chose mysql_affected_rows([]) or mysql_fetch_array() ???Code: Select all
$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') "); $num_row = mysql_num_rows($MSQ);
Everah wrote:The way you are doing it is not going to work because you keep overwriting your $MSQ var before you run it through the fetch. After you query the user table, fetch the data and read that into an array that you can use later. Look at your code, it is telling you everything you need to understand what it is doing.
now I think that Ishould move it to
Code: Select all
if ((IsSet($login)) AND (IsSet($password)) )){
$p = MD5($password);
//for only admin
$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') ");
$num_row = mysql_num_rows($MSQ);
if ($num_row == 1) {
//prihlaseni probehlo v poradku
$row = mysql_fetch_array($MSQ);
$id = $row['id'];
$isAdmin = $row['$isAdmin'];
$return_array = array($id,$isAdmin);
if($isAdmin){
echo "you are admin";
}
else {
echo "you are user";
}
return $return_array;
}
else {
echo "Can't login !!!";
return false;
}halo halo, you are super, thank . I have doneEverah wrote:hrubos wrote:if I doSo then should I chose mysql_affected_rows([]) or mysql_fetch_array() ???Code: Select all
$MSQ = MySQL_Query("SELECT * FROM users WHERE (login LIKE '$login') AND (password LIKE '$p') "); $num_row = mysql_num_rows($MSQ);Everah wrote:The way you are doing it is not going to work because you keep overwriting your $MSQ var before you run it through the fetch. After you query the user table, fetch the data and read that into an array that you can use later. Look at your code, it is telling you everything you need to understand what it is doing.
thank much !!!