php file visible and accessible need help
Moderator: General Moderators
php file visible and accessible need help
Hi Guys
I am new to this php stuff and was wondering if someone could give me a little help.
I have got the social engine website script in place and works well, when someone upgrades to gold they get a link in their profile to access my video chat which is chat.php, they have to be logged in to the site for this script to execute,
The problem is if someone is logged into my site and not a gold member they don’t get the link to the video chat but if they add chat.php to the end of the address in the address bar they can use the video chat.
What I was looking for was a way to stop this, maybe put some sort of code in the chat.php. What do you think can some clever person solve this for me.
Thanks in advance
Clive
I am new to this php stuff and was wondering if someone could give me a little help.
I have got the social engine website script in place and works well, when someone upgrades to gold they get a link in their profile to access my video chat which is chat.php, they have to be logged in to the site for this script to execute,
The problem is if someone is logged into my site and not a gold member they don’t get the link to the video chat but if they add chat.php to the end of the address in the address bar they can use the video chat.
What I was looking for was a way to stop this, maybe put some sort of code in the chat.php. What do you think can some clever person solve this for me.
Thanks in advance
Clive
Re: php file visible and accessible need help
You can check the type of membership a user has at the top of chat.php (I am assuming this info is in a database somewhere). If they are not a gold member then you can either display an "Access Denied" message at the top of the screen and exit, or you can just re-direct them back to a home page.
Code: Select all
header( 'Location: http://www.yoursite.com/home_page.html' ) ;Re: php file visible and accessible need help
Thanks for the reply, I think I know what I need, I have found the table in my database that contains the gold level. It is in (se_users) table and under the field (user_level_id) and it is id 2.
Please can you tell me how I can use this to check the user is a gold member before the chat php executes.
Thanks
Please can you tell me how I can use this to check the user is a gold member before the chat php executes.
Thanks
Re: php file visible and accessible need help
Just put the logic in the chat.php page, before any other code executes.
If the user does not have a user_level_id of 2, then they will be redirected somehwere else. You would need to populate the $userId variable with the user id and adjust the query accordingly. Do you need any more help with the sql stuff?
Code: Select all
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
header( 'Location: http://www.yoursite.com/home_page.html' ) ;
}
Re: php file visible and accessible need help
Hi thanks for your help. I am trying my best to get this to work, I hav added the database connection code before your code, but I still have errors. Here is the code.waylon999 wrote:Just put the logic in the chat.php page, before any other code executes.
If the user does not have a user_level_id of 2, then they will be redirected somehwere else. You would need to populate the $userId variable with the user id and adjust the query accordingly. Do you need any more help with the sql stuff?Code: Select all
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2"; $result = mysql_query($my_query); if(mysql_num_rows($result) < 1){ header( 'Location: http://www.yoursite.com/home_page.html' ) ; }
<?php
mysql_connect("localhost", "user name", "password")or die("cannot connect");
mysql_select_db("database name")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1)
{
// IF true view our main page
echo("Woot, You logged in");
} else {
// If not, send user back to the login page
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
}
?>
But this is the error I get when I click to activate the php file.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/famegcom/public_html/locker9.com/chat.php on line 6
Woot, You logged in
And also this person is not a gold member just loged into his profile and then added chat.php in the address bar.
Any clue please
Thanks
Re: php file visible and accessible need help
The logic is a little backwards there on what to do:
I made a couple of modifications, so try that and you will hopefully get a mysql error message, and we can go from there.
Code: Select all
<?php
mysql_connect("localhost", "user name", "password")or die("cannot connect");
mysql_select_db("database name")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query) or die ("FAILED: $my_query>>>". mysql_error());
$numRows = mysql_num_rows($result);
if($numRows < 1)
{
// If True, send user back to the login page **changed
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
} else {
// if false view our main page **changed
echo("Woot, You logged in");
}
?> Re: php file visible and accessible need help
Wow thanks for all of your help, I added your code and it seems like it cant find the tables in the db, this is the error.waylon999 wrote:The logic is a little backwards there on what to do:
I made a couple of modifications, so try that and you will hopefully get a mysql error message, and we can go from there.Code: Select all
<?php mysql_connect("localhost", "user name", "password")or die("cannot connect"); mysql_select_db("database name")or die("cannot select DB"); $my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2"; $result = mysql_query($my_query) or die ("FAILED: $my_query>>>". mysql_error()); $numRows = mysql_num_rows($result); if($numRows < 1) { // If True, send user back to the login page **changed echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again"); } else { // if false view our main page **changed echo("Woot, You logged in"); } ?>
FAILED: select user_level_id from se_users where user_id = and user_level_id = 2>>>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'and user_level_id = 2' at line 1
Not sure whats wrong
Re: php file visible and accessible need help
Ok, so the problem is that you are not getting the userId correctly. Do you know if the current users id is being stored in a session variable? Try putting this at the very top of your page and see what it spits out:
Code: Select all
while ($var = each($_SESSION)) {
printf ("Key <b>%s</b> has the value of: <b>%s</b><br>", $var['key'], $var['value']);
}
exit;Re: php file visible and accessible need help
It would seem that $userId is not set in your code. As a result, your query is looking for user_id = and.cliveone wrote:FAILED: select user_level_id from se_users where user_id = and user_level_id = 2
Hard code $userId to a known user and see what it does ... then if it works you can change it out with the users ID.
Re: php file visible and accessible need help
I did a search for 2 in se_users and it produced the user_level_id columb so the user_level_id is in the se_users table. I also noticed this line of code in the SQL query boxwaylon999 wrote:Ok, so the problem is that you are not getting the userId correctly. Do you know if the current users id is being stored in a session variable? Try putting this at the very top of your page and see what it spits out:Code: Select all
while ($var = each($_SESSION)) { printf ("Key <b>%s</b> has the value of: <b>%s</b><br>", $var['key'], $var['value']); } exit;
SELECT * FROM `famegcom_locker9feb19`.`se_users` WHERE (`user_id` LIKE '%2%' OR `user_level_id` LIKE '%2%'
Not sure if it will help
Re: php file visible and accessible need help
I have added a true user name in $userId is this what you mean cos that dont work, this is the codeStryks wrote:It would seem that $userId is not set in your code. As a result, your query is looking for user_id = and.cliveone wrote:FAILED: select user_level_id from se_users where user_id = and user_level_id = 2
Hard code $userId to a known user and see what it does ... then if it works you can change it out with the users ID.
<?php
mysql_connect("localhost", "famegcom_cliveon", "rossco")or die("cannot connect");
mysql_select_db("famegcom_locker9feb19")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $WorLad and user_level_id = 2";
$result = mysql_query($my_query) or die ("FAILED: $my_query>>>". mysql_error());
$numRows = mysql_num_rows($result);
if($numRows < 1)
{
// If True, send user back to the login page **changed
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
} else {
// if false view our main page **changed
echo("Woot, You logged in");
}
?>
Re: php file visible and accessible need help
Guys I have thought of a way that might be better, the php file that I am talking about has a flash video chat embeded in it, the flash file then reads a php file called integration.php this file tells the flash file the user_id is true and that the person is logged into the profile, this info is picked up from my website code not the database, unfortunately if a user is logged in but not a gold member all they have to do is type chat.php in the address bar and they can use the chat, becouse the chat knows that this person is logged in, there is no check on level 2 in the database which is gold member, if we can ad something to this file it would be a lot better.
Here is the code as is
<?php
include '../header.php';
session_start();
if (isset($user->user_info[user_username]) && $user->user_info[user_username] != ""){
$username = utf8_encode($user->user_info[user_username]);
$changeuser = 0;
$showLoginError = 0;
$aditional_profile_infos = SEUser::getProfileValues($user->user_info['user_id']);
$gen = $aditional_profile_infos['profilevalue_5'];
if ($gen == 1) {
$gender = 'male';
}else if($gen == 2) {
$gender = 'female';
}
$level_id = $user->user_info[user_level_id];
if ($level_id == 1){
$freeVideoTime = 3600;
$createRoomsEnabled = 0;
$privatemessages = 0;
}else if ($level_id == 2){
$freeVideoTime = 14400;
$createRoomsEnabled = 1;
$privatemessages = 1;
}
}
if ($user->user_info[user_username] == "" || $user->user_info[user_username] == null){
$showLoginError = 1;
}
?>
Sorry for all of this but I think this is the file to do it in.
Here is the code as is
<?php
include '../header.php';
session_start();
if (isset($user->user_info[user_username]) && $user->user_info[user_username] != ""){
$username = utf8_encode($user->user_info[user_username]);
$changeuser = 0;
$showLoginError = 0;
$aditional_profile_infos = SEUser::getProfileValues($user->user_info['user_id']);
$gen = $aditional_profile_infos['profilevalue_5'];
if ($gen == 1) {
$gender = 'male';
}else if($gen == 2) {
$gender = 'female';
}
$level_id = $user->user_info[user_level_id];
if ($level_id == 1){
$freeVideoTime = 3600;
$createRoomsEnabled = 0;
$privatemessages = 0;
}else if ($level_id == 2){
$freeVideoTime = 14400;
$createRoomsEnabled = 1;
$privatemessages = 1;
}
}
if ($user->user_info[user_username] == "" || $user->user_info[user_username] == null){
$showLoginError = 1;
}
?>
Sorry for all of this but I think this is the file to do it in.