Problem with the admin area?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
phpsmart
Forum Newbie
Posts: 6
Joined: Wed Jan 31, 2007 5:20 pm

Problem with the admin area?

Post by phpsmart »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I'm trying to design a user administration area for a forum, my target is that when a user logs to the system if he is an admin he is supposed to see three links
admin,main forum and logout but when he is not an admin he must only see two links 
main forum and logout.
so this piece of code works when I log into the system but when I enter the main forum and click back I just find the two links main forum and logout without the admin link...
could anyone know what is wrong with this piece of the code?

Code: Select all

<?php
	include( 'connect.php' );  //containing database connections 
	session_start();

	 if($userid && $password)	
{	
 
      $sql= "select * from users where user_name='$userid' AND user_pass= '".md5($password)."'";

	$result=mysql_query($sql);

	if(mysql_num_rows($result)>0)
{
	$valid_user=$userid;
	session_register("valid_user");	
}			
}

[b]if(session_is_registered("valid_user"))
{
	
echo"you are logged in as :$valid_user<br><br>";

if( $row['user_admin'] == 'y' )
{
    $sql2 = "SELECT * FROM users WHERE user_name = '$userid'";
    $result2 = mysql_query( $sql2 );
    $row = mysql_fetch_array( $result2 );

    echo"<a href='admin.php'>admin</a><br><br>";
    echo"<a href='main_forum.php'>Main forum</a><br><br>";
    echo"<a href='21.php'>Logout</a><br>";
}
	

if( $row['user_admin'] == 'n' )
{
echo"<a href='main_forum.php'>Main forum</a><br><br>";
echo"<a href='21.php'>Logout</a><br>";	
}
}[/b]
else
{
if(isset($userid))
{
echo"could not log you in";
}	
else
{
echo"you are not logged in.<br>";
}

	echo '<form name=\'login\' method=\'post\' action=\'front.php\'>';
        echo ':username<br> ';
        echo '<input type=\'text\' name=\'userid\'><br>';
        echo ' :password <br> ';
        echo '<input type=\'password\' name=\'password\'><br>';
        echo '<br><input type=\'submit\' value=\'member login\'><br>';
        echo '</form>';
}
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
james.aimonetti
Forum Newbie
Posts: 6
Joined: Tue Jan 30, 2007 10:44 pm

Post by james.aimonetti »

After the first SQL query, it does not look like you define $row. So when you test whether $row['user_admin'] == 'y', it will return false. Also, I might suggest that, assuming the user_admin column is a binary data type ('y' or 'n'), that you change the second test of $row['user_admin'] to an else and get rid of the test all together.

The Main Forum and Logout links are the same for admins and non-admins. Unless there is other code that happens that is unique for non-admins, you could get rid of the second block all together.

Code: Select all

if($userid && $password) {
  $sql= "select * from users where user_name='$userid' AND user_pass= '".md5($password)."'";
  $result=mysql_query($sql);
  $row = mysql_fetch_array($result);

  if(mysql_num_rows($result)>0) {
    $valid_user=$userid;
    session_register("valid_user");   
  }         
}

if(session_is_registered("valid_user")) {
  echo "you are logged in as :$valid_user<br /><br />";
  if( $row['user_admin'] == 'y' ) {
    $sql2 = "SELECT * FROM users WHERE user_name = '$userid'";
    $result2 = mysql_query( $sql2 );
    $row = mysql_fetch_array( $result2 );

    echo "<a href='admin.php'>admin</a><br /><br />";
}

// Assuming no extra code is needed here for non-admin users.
echo "<a href='main_forum.php'>Main forum</a><br /><br />";
echo "<a href='21.php'>Logout</a><br />";
Hope this helps get you closer to a solution.
Post Reply