Add Security to this code

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Add Security to this code

Post by Assured99 »

I would like to make this function check to see if the user who is logged in has admin rights and only allow access to admin's

Code: Select all

function viewStatistics(){
	$username = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE user='".USERNAME."'"));
	$lastusername = mysql_query("SELECT * FROM users");
	$lastuser = "";
	while($alast = mysql_fetch_array($lastusername)){
		$lastuser = $alast['id'];
	}
	$statistics = mysql_query("SELECT * FROM statistics WHERE userid='".$username['id']."'");
	$setamt = mysql_affected_rows();
	$quizzesset = mysql_query("SELECT * FROM sets WHERE creator='".USERNAME."'");
	$quizzesset = mysql_affected_rows();
	$i = 0;
	$totalpoints = 0;
	$totalpercentage = 0;
	while($astatistics = mysql_fetch_array($statistics)){
		$totalpoints += $astatistics['score'];
		$totalpercentage += round($astatistics['score']/$astatistics['totalscore']*100);
		$i++;
	}
	
	if($totalpercentage != 0){
		$totalpercentage = ($totalpercentage/$i);
	}
	
	$karma = round(round($totalpercentage/5) + round($setamt/5) + round(($lastuser - $username['id'])/50) + round($quizzesset*3));
	?>
Post Reply