Page 1 of 1

Add Security to this code

Posted: Fri Dec 22, 2006 11:42 am
by Assured99
I would like to make this function check to see if the user who is logged in has admin rights and only allow access to admin's

Code: Select all

function viewStatistics(){
	$username = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE user='".USERNAME."'"));
	$lastusername = mysql_query("SELECT * FROM users");
	$lastuser = "";
	while($alast = mysql_fetch_array($lastusername)){
		$lastuser = $alast['id'];
	}
	$statistics = mysql_query("SELECT * FROM statistics WHERE userid='".$username['id']."'");
	$setamt = mysql_affected_rows();
	$quizzesset = mysql_query("SELECT * FROM sets WHERE creator='".USERNAME."'");
	$quizzesset = mysql_affected_rows();
	$i = 0;
	$totalpoints = 0;
	$totalpercentage = 0;
	while($astatistics = mysql_fetch_array($statistics)){
		$totalpoints += $astatistics['score'];
		$totalpercentage += round($astatistics['score']/$astatistics['totalscore']*100);
		$i++;
	}
	
	if($totalpercentage != 0){
		$totalpercentage = ($totalpercentage/$i);
	}
	
	$karma = round(round($totalpercentage/5) + round($setamt/5) + round(($lastuser - $username['id'])/50) + round($quizzesset*3));
	?>