Page 1 of 1
php file visible and accessible need help
Posted: Wed Mar 25, 2009 2:01 pm
by cliveone
Hi Guys
I am new to this php stuff and was wondering if someone could give me a little help.
I have got the social engine website script in place and works well, when someone upgrades to gold they get a link in their profile to access my video chat which is chat.php, they have to be logged in to the site for this script to execute,
The problem is if someone is logged into my site and not a gold member they don’t get the link to the video chat but if they add chat.php to the end of the address in the address bar they can use the video chat.
What I was looking for was a way to stop this, maybe put some sort of code in the chat.php. What do you think can some clever person solve this for me.
Thanks in advance
Clive
Re: php file visible and accessible need help
Posted: Wed Mar 25, 2009 5:40 pm
by waylon999
You can check the type of membership a user has at the top of chat.php (I am assuming this info is in a database somewhere). If they are not a gold member then you can either display an "Access Denied" message at the top of the screen and exit, or you can just re-direct them back to a home page.
Code: Select all
header( 'Location: http://www.yoursite.com/home_page.html' ) ;
Re: php file visible and accessible need help
Posted: Thu Mar 26, 2009 6:12 am
by cliveone
Thanks for the reply, I think I know what I need, I have found the table in my database that contains the gold level. It is in (se_users) table and under the field (user_level_id) and it is id 2.
Please can you tell me how I can use this to check the user is a gold member before the chat php executes.
Thanks
Re: php file visible and accessible need help
Posted: Thu Mar 26, 2009 11:18 am
by waylon999
Just put the logic in the chat.php page, before any other code executes.
Code: Select all
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
header( 'Location: http://www.yoursite.com/home_page.html' ) ;
}
If the user does not have a user_level_id of 2, then they will be redirected somehwere else. You would need to populate the $userId variable with the user id and adjust the query accordingly. Do you need any more help with the sql stuff?
Re: php file visible and accessible need help
Posted: Thu Mar 26, 2009 4:27 pm
by cliveone
waylon999 wrote:Just put the logic in the chat.php page, before any other code executes.
Code: Select all
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
header( 'Location: http://www.yoursite.com/home_page.html' ) ;
}
If the user does not have a user_level_id of 2, then they will be redirected somehwere else. You would need to populate the $userId variable with the user id and adjust the query accordingly. Do you need any more help with the sql stuff?
Hi thanks for your help. I am trying my best to get this to work, I hav added the database connection code before your code, but I still have errors. Here is the code.
<?php
mysql_connect("localhost", "user name", "password")or die("cannot connect");
mysql_select_db("database name")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1)
{
// IF true view our main page
echo("Woot, You logged in");
} else {
// If not, send user back to the login page
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
}
?>
But this is the error I get when I click to activate the php file.
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/famegcom/public_html/locker9.com/chat.php on line 6
Woot, You logged in
And also this person is not a gold member just loged into his profile and then added chat.php in the address bar.
Any clue please
Thanks
Re: php file visible and accessible need help
Posted: Thu Mar 26, 2009 4:52 pm
by waylon999
The logic is a little backwards there on what to do:
Code: Select all
<?php
mysql_connect("localhost", "user name", "password")or die("cannot connect");
mysql_select_db("database name")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query) or die ("FAILED: $my_query>>>". mysql_error());
$numRows = mysql_num_rows($result);
if($numRows < 1)
{
// If True, send user back to the login page **changed
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
} else {
// if false view our main page **changed
echo("Woot, You logged in");
}
?>
I made a couple of modifications, so try that and you will hopefully get a mysql error message, and we can go from there.
Re: php file visible and accessible need help
Posted: Thu Mar 26, 2009 6:01 pm
by cliveone
waylon999 wrote:The logic is a little backwards there on what to do:
Code: Select all
<?php
mysql_connect("localhost", "user name", "password")or die("cannot connect");
mysql_select_db("database name")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $userId and user_level_id = 2";
$result = mysql_query($my_query) or die ("FAILED: $my_query>>>". mysql_error());
$numRows = mysql_num_rows($result);
if($numRows < 1)
{
// If True, send user back to the login page **changed
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
} else {
// if false view our main page **changed
echo("Woot, You logged in");
}
?>
I made a couple of modifications, so try that and you will hopefully get a mysql error message, and we can go from there.
Wow thanks for all of your help, I added your code and it seems like it cant find the tables in the db, this is the error.
FAILED: select user_level_id from se_users where user_id = and user_level_id = 2>>>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'and user_level_id = 2' at line 1
Not sure whats wrong
Re: php file visible and accessible need help
Posted: Thu Mar 26, 2009 6:11 pm
by waylon999
Ok, so the problem is that you are not getting the userId correctly. Do you know if the current users id is being stored in a session variable? Try putting this at the very top of your page and see what it spits out:
Code: Select all
while ($var = each($_SESSION)) {
printf ("Key <b>%s</b> has the value of: <b>%s</b><br>", $var['key'], $var['value']);
}
exit;
Re: php file visible and accessible need help
Posted: Thu Mar 26, 2009 6:13 pm
by Stryks
cliveone wrote:FAILED: select user_level_id from se_users where user_id = and user_level_id = 2
It would seem that $userId is not set in your code. As a result, your query is looking for user_id = and.
Hard code $userId to a known user and see what it does ... then if it works you can change it out with the users ID.
Re: php file visible and accessible need help
Posted: Thu Mar 26, 2009 6:29 pm
by cliveone
waylon999 wrote:Ok, so the problem is that you are not getting the userId correctly. Do you know if the current users id is being stored in a session variable? Try putting this at the very top of your page and see what it spits out:
Code: Select all
while ($var = each($_SESSION)) {
printf ("Key <b>%s</b> has the value of: <b>%s</b><br>", $var['key'], $var['value']);
}
exit;
I did a search for 2 in se_users and it produced the user_level_id columb so the user_level_id is in the se_users table. I also noticed this line of code in the SQL query box
SELECT * FROM `famegcom_locker9feb19`.`se_users` WHERE (`user_id` LIKE '%2%' OR `user_level_id` LIKE '%2%'
Not sure if it will help
Re: php file visible and accessible need help
Posted: Thu Mar 26, 2009 6:43 pm
by cliveone
Stryks wrote:cliveone wrote:FAILED: select user_level_id from se_users where user_id = and user_level_id = 2
It would seem that $userId is not set in your code. As a result, your query is looking for user_id = and.
Hard code $userId to a known user and see what it does ... then if it works you can change it out with the users ID.
I have added a true user name in $userId is this what you mean cos that dont work, this is the code
<?php
mysql_connect("localhost", "famegcom_cliveon", "rossco")or die("cannot connect");
mysql_select_db("famegcom_locker9feb19")or die("cannot select DB");
$my_query = "select user_level_id from se_users where user_id = $WorLad and user_level_id = 2";
$result = mysql_query($my_query) or die ("FAILED: $my_query>>>". mysql_error());
$numRows = mysql_num_rows($result);
if($numRows < 1)
{
// If True, send user back to the login page **changed
echo("Login unsuccessful, <a href='user_home.php'>Click here</a> to try again");
} else {
// if false view our main page **changed
echo("Woot, You logged in");
}
?>
Re: php file visible and accessible need help
Posted: Thu Mar 26, 2009 6:57 pm
by cliveone
Guys I have thought of a way that might be better, the php file that I am talking about has a flash video chat embeded in it, the flash file then reads a php file called integration.php this file tells the flash file the user_id is true and that the person is logged into the profile, this info is picked up from my website code not the database, unfortunately if a user is logged in but not a gold member all they have to do is type chat.php in the address bar and they can use the chat, becouse the chat knows that this person is logged in, there is no check on level 2 in the database which is gold member, if we can ad something to this file it would be a lot better.
Here is the code as is
<?php
include '../header.php';
session_start();
if (isset($user->user_info[user_username]) && $user->user_info[user_username] != ""){
$username = utf8_encode($user->user_info[user_username]);
$changeuser = 0;
$showLoginError = 0;
$aditional_profile_infos = SEUser::getProfileValues($user->user_info['user_id']);
$gen = $aditional_profile_infos['profilevalue_5'];
if ($gen == 1) {
$gender = 'male';
}else if($gen == 2) {
$gender = 'female';
}
$level_id = $user->user_info[user_level_id];
if ($level_id == 1){
$freeVideoTime = 3600;
$createRoomsEnabled = 0;
$privatemessages = 0;
}else if ($level_id == 2){
$freeVideoTime = 14400;
$createRoomsEnabled = 1;
$privatemessages = 1;
}
}
if ($user->user_info[user_username] == "" || $user->user_info[user_username] == null){
$showLoginError = 1;
}
?>
Sorry for all of this but I think this is the file to do it in.