php file visible and accessible need help

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
cliveone
Forum Newbie
Posts: 7
Joined: Wed Mar 25, 2009 1:42 pm

php file visible and accessible need help

Post by cliveone »

Hi Guys

I am new to this php stuff and was wondering if someone could give me a little help.

I have got the social engine website script in place and works well, when someone upgrades to gold they get a link in their profile to access my video chat which is chat.php, they have to be logged in to the site for this script to execute,
The problem is if someone is logged into my site and not a gold member they don’t get the link to the video chat but if they add chat.php to the end of the address in the address bar they can use the video chat.

What I was looking for was a way to stop this, maybe put some sort of code in the chat.php. What do you think can some clever person solve this for me.

Thanks in advance

Clive
waylon999
Forum Commoner
Posts: 26
Joined: Mon Mar 23, 2009 5:29 pm

Re: php file visible and accessible need help

Post by waylon999 »

You can check the type of membership a user has at the top of chat.php (I am assuming this info is in a database somewhere). If they are not a gold member then you can either display an "Access Denied" message at the top of the screen and exit, or you can just re-direct them back to a home page.

Code: Select all

header( 'Location: http://www.yoursite.com/home_page.html' ) ;
cliveone
Forum Newbie
Posts: 7
Joined: Wed Mar 25, 2009 1:42 pm

Re: php file visible and accessible need help

Post by cliveone »

Thanks for the reply, I think I know what I need, I have found the table in my database that contains the gold level. It is in (se_users) table and under the field (user_level_id) and it is id 2.
Please can you tell me how I can use this to check the user is a gold member before the chat php executes.

Thanks
waylon999
Forum Commoner
Posts: 26
Joined: Mon Mar 23, 2009 5:29 pm

Re: php file visible and accessible need help

Post by waylon999 »

Just put the logic in the chat.php page, before any other code executes.

Code: Select all

 
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
  header( 'Location: http://www.yoursite.com/home_page.html' ) ;
}
 
If the user does not have a user_level_id of 2, then they will be redirected somehwere else. You would need to populate the $userId variable with the user id and adjust the query accordingly. Do you need any more help with the sql stuff?
cliveone
Forum Newbie
Posts: 7
Joined: Wed Mar 25, 2009 1:42 pm

Re: php file visible and accessible need help

Post by cliveone »

waylon999 wrote:Just put the logic in the chat.php page, before any other code executes.

Code: Select all

 
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
  header( 'Location: http://www.yoursite.com/home_page.html' ) ;
}
 
If the user does not have a user_level_id of 2, then they will be redirected somehwere else. You would need to populate the $userId variable with the user id and adjust the query accordingly. Do you need any more help with the sql stuff?
Hi thanks for your help. I am trying my best to get this to work, I hav added the database connection code before your code, but I still have errors. Here is the code.

<?php
mysql_connect("localhost", "user name", "password")or die("cannot connect");
mysql_select_db("database name")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1)
{
// IF true view our main page
echo("Woot, You logged in");
} else {
// If not, send user back to the login page
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
}
?>

But this is the error I get when I click to activate the php file.

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/famegcom/public_html/locker9.com/chat.php on line 6
Woot, You logged in

And also this person is not a gold member just loged into his profile and then added chat.php in the address bar.

Any clue please

Thanks
waylon999
Forum Commoner
Posts: 26
Joined: Mon Mar 23, 2009 5:29 pm

Re: php file visible and accessible need help

Post by waylon999 »

The logic is a little backwards there on what to do:

Code: Select all

 
<?php
mysql_connect("localhost", "user name", "password")or die("cannot connect");
mysql_select_db("database name")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query) or die ("FAILED: $my_query>>>". mysql_error());
$numRows = mysql_num_rows($result);
if($numRows < 1)
{
// If True, send user back to the login page **changed
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
} else {
// if false view our main page  **changed
echo("Woot, You logged in");
}
?> 
I made a couple of modifications, so try that and you will hopefully get a mysql error message, and we can go from there.
cliveone
Forum Newbie
Posts: 7
Joined: Wed Mar 25, 2009 1:42 pm

Re: php file visible and accessible need help

Post by cliveone »

waylon999 wrote:The logic is a little backwards there on what to do:

Code: Select all

 
<?php
mysql_connect("localhost", "user name", "password")or die("cannot connect");
mysql_select_db("database name")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query) or die ("FAILED: $my_query>>>". mysql_error());
$numRows = mysql_num_rows($result);
if($numRows < 1)
{
// If True, send user back to the login page **changed
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
} else {
// if false view our main page  **changed
echo("Woot, You logged in");
}
?> 
I made a couple of modifications, so try that and you will hopefully get a mysql error message, and we can go from there.
Wow thanks for all of your help, I added your code and it seems like it cant find the tables in the db, this is the error.

FAILED: select user_level_id from se_users where user_id = and user_level_id = 2>>>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'and user_level_id = 2' at line 1

Not sure whats wrong
waylon999
Forum Commoner
Posts: 26
Joined: Mon Mar 23, 2009 5:29 pm

Re: php file visible and accessible need help

Post by waylon999 »

Ok, so the problem is that you are not getting the userId correctly. Do you know if the current users id is being stored in a session variable? Try putting this at the very top of your page and see what it spits out:

Code: Select all

 
while ($var = each($_SESSION)) {
printf ("Key <b>%s</b> has the value of: <b>%s</b><br>", $var['key'], $var['value']);
} 
exit;
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Re: php file visible and accessible need help

Post by Stryks »

cliveone wrote:FAILED: select user_level_id from se_users where user_id = and user_level_id = 2
It would seem that $userId is not set in your code. As a result, your query is looking for user_id = and.

Hard code $userId to a known user and see what it does ... then if it works you can change it out with the users ID.
cliveone
Forum Newbie
Posts: 7
Joined: Wed Mar 25, 2009 1:42 pm

Re: php file visible and accessible need help

Post by cliveone »

waylon999 wrote:Ok, so the problem is that you are not getting the userId correctly. Do you know if the current users id is being stored in a session variable? Try putting this at the very top of your page and see what it spits out:

Code: Select all

 
while ($var = each($_SESSION)) {
printf ("Key <b>%s</b> has the value of: <b>%s</b><br>", $var['key'], $var['value']);
} 
exit;
I did a search for 2 in se_users and it produced the user_level_id columb so the user_level_id is in the se_users table. I also noticed this line of code in the SQL query box
SELECT * FROM `famegcom_locker9feb19`.`se_users` WHERE (`user_id` LIKE '%2%' OR `user_level_id` LIKE '%2%'
Not sure if it will help
cliveone
Forum Newbie
Posts: 7
Joined: Wed Mar 25, 2009 1:42 pm

Re: php file visible and accessible need help

Post by cliveone »

Stryks wrote:
cliveone wrote:FAILED: select user_level_id from se_users where user_id = and user_level_id = 2
It would seem that $userId is not set in your code. As a result, your query is looking for user_id = and.

Hard code $userId to a known user and see what it does ... then if it works you can change it out with the users ID.
I have added a true user name in $userId is this what you mean cos that dont work, this is the code

<?php

mysql_connect("localhost", "famegcom_cliveon", "rossco")or die("cannot connect");
mysql_select_db("famegcom_locker9feb19")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $WorLad and user_level_id = 2";
$result = mysql_query($my_query) or die ("FAILED: $my_query>>>". mysql_error());
$numRows = mysql_num_rows($result);
if($numRows < 1)
{
// If True, send user back to the login page **changed
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
} else {
// if false view our main page **changed
echo("Woot, You logged in");
}
?>
cliveone
Forum Newbie
Posts: 7
Joined: Wed Mar 25, 2009 1:42 pm

Re: php file visible and accessible need help

Post by cliveone »

Guys I have thought of a way that might be better, the php file that I am talking about has a flash video chat embeded in it, the flash file then reads a php file called integration.php this file tells the flash file the user_id is true and that the person is logged into the profile, this info is picked up from my website code not the database, unfortunately if a user is logged in but not a gold member all they have to do is type chat.php in the address bar and they can use the chat, becouse the chat knows that this person is logged in, there is no check on level 2 in the database which is gold member, if we can ad something to this file it would be a lot better.

Here is the code as is

<?php
include '../header.php';
session_start();
if (isset($user->user_info[user_username]) && $user->user_info[user_username] != ""){
$username = utf8_encode($user->user_info[user_username]);
$changeuser = 0;
$showLoginError = 0;
$aditional_profile_infos = SEUser::getProfileValues($user->user_info['user_id']);
$gen = $aditional_profile_infos['profilevalue_5'];
if ($gen == 1) {
$gender = 'male';
}else if($gen == 2) {
$gender = 'female';
}
$level_id = $user->user_info[user_level_id];

if ($level_id == 1){
$freeVideoTime = 3600;
$createRoomsEnabled = 0;
$privatemessages = 0;
}else if ($level_id == 2){
$freeVideoTime = 14400;
$createRoomsEnabled = 1;
$privatemessages = 1;
}


}
if ($user->user_info[user_username] == "" || $user->user_info[user_username] == null){
$showLoginError = 1;
}
?>

Sorry for all of this but I think this is the file to do it in.
Post Reply