Permission System does not allow access ever >.<
Posted: Mon Dec 01, 2008 8:29 pm
Alright I've hit a wall in a forum system I'm coding. In the page I've used to make new posts, It can never match up the user access level with the board authorization level.
My forum system uses numbers for it's permissions: 1-Admin 2-Mod (3-9)-Unassigned 10-Regular User
Here is the code to determine access to post a topic:
After the permission Check the header calls a function:
The function:
The user level is 10 and the board access is (1 2 10), thus the need for the split() function.
Edit: Another problem I might have is the session storing on my login page. Is this the correct way to assign session variables?
Any visible problems in the code shown above?
My forum system uses numbers for it's permissions: 1-Admin 2-Mod (3-9)-Unassigned 10-Regular User
Here is the code to determine access to post a topic:
Code: Select all
$board_id = $_GET['board_id'];
$page_title = "Post Topic";
$sql_accessquery = mysql_query("SELECT UserLevels_Auth FROM post_board WHERE BoardID = '".$board_id."'");
$sql_accessrow = mysql_fetch_assoc($sql_accessquery);
$page_access = $sql_accessrow["UserLevels_Auth"];Code: Select all
checkLogin($page_access);Code: Select all
function checkLogin($levels) {
if ($levels == 0) {$access = TRUE;}
else {
if($user_loggedin = FALSE) {$access = FALSE; echo "test2";}
else {
$user_accessid = $_SESSION['user_id'];
$kt = split(' ', $levels);
$query_pageaccess = mysql_query("SELECT UserLevel FROM user_db WHERE UserName = '".$user_accessid."'");
$row_pageaccess = mysql_fetch_assoc($query_pageaccess);
$access = FALSE;
while(list($key, $val)=each($kt)) {
if($val = $row_pageaccess[1]) {$access = TRUE;} }
}
}
}Edit: Another problem I might have is the session storing on my login page. Is this the correct way to assign session variables?
Code: Select all
$_SESSION['user_id'] = $login_row['UserName'];
$_SESSION['logged_in'] = TRUE;
echo "<tr><td align='center'>You have logged in sucesfully.</td></tr>";
redirect("index.php");