Add Security to this code
Posted: Fri Dec 22, 2006 11:42 am
I would like to make this function check to see if the user who is logged in has admin rights and only allow access to admin's
Code: Select all
function viewStatistics(){
$username = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE user='".USERNAME."'"));
$lastusername = mysql_query("SELECT * FROM users");
$lastuser = "";
while($alast = mysql_fetch_array($lastusername)){
$lastuser = $alast['id'];
}
$statistics = mysql_query("SELECT * FROM statistics WHERE userid='".$username['id']."'");
$setamt = mysql_affected_rows();
$quizzesset = mysql_query("SELECT * FROM sets WHERE creator='".USERNAME."'");
$quizzesset = mysql_affected_rows();
$i = 0;
$totalpoints = 0;
$totalpercentage = 0;
while($astatistics = mysql_fetch_array($statistics)){
$totalpoints += $astatistics['score'];
$totalpercentage += round($astatistics['score']/$astatistics['totalscore']*100);
$i++;
}
if($totalpercentage != 0){
$totalpercentage = ($totalpercentage/$i);
}
$karma = round(round($totalpercentage/5) + round($setamt/5) + round(($lastuser - $username['id'])/50) + round($quizzesset*3));
?>