Permission System does not allow access ever >.<

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
RussianWizard
Forum Newbie
Posts: 4
Joined: Mon Dec 01, 2008 8:16 pm
Location: Louisville, KY
Contact:

Permission System does not allow access ever >.<

Post by RussianWizard »

Alright I've hit a wall in a forum system I'm coding. In the page I've used to make new posts, It can never match up the user access level with the board authorization level.

My forum system uses numbers for it's permissions: 1-Admin 2-Mod (3-9)-Unassigned 10-Regular User

Here is the code to determine access to post a topic:

Code: Select all

$board_id = $_GET['board_id'];
$page_title = "Post Topic";
$sql_accessquery = mysql_query("SELECT UserLevels_Auth FROM post_board WHERE BoardID = '".$board_id."'");
$sql_accessrow = mysql_fetch_assoc($sql_accessquery);
$page_access = $sql_accessrow["UserLevels_Auth"];
After the permission Check the header calls a function:

Code: Select all

checkLogin($page_access);
The function:

Code: Select all

function checkLogin($levels) {
if ($levels == 0) {$access = TRUE;}
else {
        if($user_loggedin = FALSE) {$access = FALSE; echo "test2";}
        else {
            $user_accessid = $_SESSION['user_id'];
            $kt = split(' ', $levels);
            $query_pageaccess = mysql_query("SELECT UserLevel FROM user_db WHERE UserName = '".$user_accessid."'");
            $row_pageaccess = mysql_fetch_assoc($query_pageaccess);
            $access = FALSE;
            while(list($key, $val)=each($kt)) {
            if($val = $row_pageaccess[1]) {$access = TRUE;} }
        }
    }
}
The user level is 10 and the board access is (1 2 10), thus the need for the split() function.

Edit: Another problem I might have is the session storing on my login page. Is this the correct way to assign session variables?

Code: Select all

$_SESSION['user_id'] = $login_row['UserName'];
$_SESSION['logged_in'] = TRUE;
echo "<tr><td align='center'>You have logged in sucesfully.</td></tr>";
redirect("index.php");
Any visible problems in the code shown above?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Permission System does not allow access ever >.<

Post by requinix »

Line 12 in that function: in the condition you're using = for assignment when you should be using == for comparison.
Also, mysql_fetch_assoc returns an array with the field names as the keys. [1] doesn't exist, but ["UserLevel"] does.
RussianWizard
Forum Newbie
Posts: 4
Joined: Mon Dec 01, 2008 8:16 pm
Location: Louisville, KY
Contact:

Re: Permission System does not allow access ever >.<

Post by RussianWizard »

Did those changes and all the db level fields are all VARCHAR now to eliminate formatting incompatibilities.

Everything up until this line works:

Code: Select all

while(list($key, $val)=each($kt)) {if($val == $row_pageaccess["UserLevel"]) {$access = TRUE;} }
The if statement does not seem to set the access variable to true when both values match up. Any ideas?
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Permission System does not allow access ever >.<

Post by requinix »

How about you replace that line with a function call?

Code: Select all

$access = in_array($row_pageaccess["UserLevel"], $kt);
If it still doesn't work, find out what each of those three variables are, then make sure they're correct.
RussianWizard
Forum Newbie
Posts: 4
Joined: Mon Dec 01, 2008 8:16 pm
Location: Louisville, KY
Contact:

Re: Permission System does not allow access ever >.<

Post by RussianWizard »

Alright I think I found the break in the code:

Code: Select all

if ($access = FALSE) {echo "<h2 align='center'>You do not have sufficent priveledges to access this page.</h2>";}
else {
When I have it as ($access = FALSE) it will always allow people to post no matter the credentials. If I set it ot ($access == FALSE) it never lets anyone post.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Permission System does not allow access ever >.<

Post by requinix »

I missed one. Line 3.

Code: Select all

if($user_loggedin = FALSE)
RussianWizard
Forum Newbie
Posts: 4
Joined: Mon Dec 01, 2008 8:16 pm
Location: Louisville, KY
Contact:

Re: Permission System does not allow access ever >.<

Post by RussianWizard »

alright, here's when the code seems to break:

Code: Select all

if ($access = FALSE) {echo "<h2 align='center'>You do not have sufficent priveledges to access this page.</h2>";}
This will always allow to make a post, regardless if $access is TRUE or not.

Code: Select all

if ($access == FALSE) {echo "<h2 align='center'>You do not have sufficent priveledges to access this page.</h2>";}

Code: Select all

if (!$access) {echo "<h2 align='center'>You do not have sufficent priveledges to access this page.</h2>";}
Both of the changes above block access to post for everyone, regardless if $access is TRUE or not.

Any ideas why this if statement doesnt respond to the $access variable? Is it because it's in a function?
Post Reply