Page 1 of 1

Problem with the admin area?

Posted: Wed Feb 14, 2007 1:32 pm
by phpsmart
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I'm trying to design a user administration area for a forum, my target is that when a user logs to the system if he is an admin he is supposed to see three links
admin,main forum and logout but when he is not an admin he must only see two links 
main forum and logout.
so this piece of code works when I log into the system but when I enter the main forum and click back I just find the two links main forum and logout without the admin link...
could anyone know what is wrong with this piece of the code?

Code: Select all

<?php
	include( 'connect.php' );  //containing database connections 
	session_start();

	 if($userid && $password)	
{	
 
      $sql= "select * from users where user_name='$userid' AND user_pass= '".md5($password)."'";

	$result=mysql_query($sql);

	if(mysql_num_rows($result)>0)
{
	$valid_user=$userid;
	session_register("valid_user");	
}			
}

[b]if(session_is_registered("valid_user"))
{
	
echo"you are logged in as :$valid_user<br><br>";

if( $row['user_admin'] == 'y' )
{
    $sql2 = "SELECT * FROM users WHERE user_name = '$userid'";
    $result2 = mysql_query( $sql2 );
    $row = mysql_fetch_array( $result2 );

    echo"<a href='admin.php'>admin</a><br><br>";
    echo"<a href='main_forum.php'>Main forum</a><br><br>";
    echo"<a href='21.php'>Logout</a><br>";
}
	

if( $row['user_admin'] == 'n' )
{
echo"<a href='main_forum.php'>Main forum</a><br><br>";
echo"<a href='21.php'>Logout</a><br>";	
}
}[/b]
else
{
if(isset($userid))
{
echo"could not log you in";
}	
else
{
echo"you are not logged in.<br>";
}

	echo '<form name=\'login\' method=\'post\' action=\'front.php\'>';
        echo ':username<br> ';
        echo '<input type=\'text\' name=\'userid\'><br>';
        echo ' :password <br> ';
        echo '<input type=\'password\' name=\'password\'><br>';
        echo '<br><input type=\'submit\' value=\'member login\'><br>';
        echo '</form>';
}
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Wed Feb 14, 2007 2:45 pm
by james.aimonetti
After the first SQL query, it does not look like you define $row. So when you test whether $row['user_admin'] == 'y', it will return false. Also, I might suggest that, assuming the user_admin column is a binary data type ('y' or 'n'), that you change the second test of $row['user_admin'] to an else and get rid of the test all together.

The Main Forum and Logout links are the same for admins and non-admins. Unless there is other code that happens that is unique for non-admins, you could get rid of the second block all together.

Code: Select all

if($userid && $password) {
  $sql= "select * from users where user_name='$userid' AND user_pass= '".md5($password)."'";
  $result=mysql_query($sql);
  $row = mysql_fetch_array($result);

  if(mysql_num_rows($result)>0) {
    $valid_user=$userid;
    session_register("valid_user");   
  }         
}

if(session_is_registered("valid_user")) {
  echo "you are logged in as :$valid_user<br /><br />";
  if( $row['user_admin'] == 'y' ) {
    $sql2 = "SELECT * FROM users WHERE user_name = '$userid'";
    $result2 = mysql_query( $sql2 );
    $row = mysql_fetch_array( $result2 );

    echo "<a href='admin.php'>admin</a><br /><br />";
}

// Assuming no extra code is needed here for non-admin users.
echo "<a href='main_forum.php'>Main forum</a><br /><br />";
echo "<a href='21.php'>Logout</a><br />";
Hope this helps get you closer to a solution.