It's Mods

Full Version: Php access levels? o.o
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello,

So im making myself a login system for my site. and im having trouble with access_levels/permissions.

So this is what i have in my database so far (including my password):
[Image: x46q.png]

Now when I get the row this is what I use:
Code:
$q = mysql_query("SELECT access_level FROM members WHERE usr = '$username' AND pass = '".md5($_POST['password'])."'");
if(mysql_num_rows($q) > 0)
{
    $alvl = mysql_fetch_row($q);
    $alvl = $alvl[0];
}

And this is where I use my permissions:
Code:
<? If($alvl >= 4 ) { ?>


    <div class="musicstub"> Music <br>
        </div>
<script>
$(document).ready(function() {
    $('.musicstub').stop().toggle(function(){
        $(this).animate({width: 250, height: 50}, "fast");
    },function() {
        $(this).animate({width: 100, height: 15}, "fast");
    });
});
</script>
<?}?>
But when I use it, It does not show the music tab. If i do:
Code:
If($alvl = 5 )
{
//code here
}
It shows the tab for everyone. Is there anything that is wrong with my code? or am i using the database wrong?

Thanks,
ScHmIdTy56789
Your code is very flawed (can be easily exploited) Didn't see full code.

Last time I checked PHP didn't work that way but you could try this:
PHP Code
  1. <?
  2. If($alvl >= 4 )
  3. {
  4. echo '<div class="musicstub"> Music ';
  5. echo '</div>';
  6. echo '<script>';
  7.  
  8. echo '$(document).ready(function() {';
  9. echo ' $('.musicstub').stop().toggle(function(){';
  10. echo ' $(this).animate({width: 250, height: 50}, "fast");';
  11. echo ' },function() {';
  12. echo ' $(this).animate({width: 100, height: 15}, "fast");';
  13. echo ' });';
  14. echo '});';
  15. echo '</script>';
  16. }
  17. ?>


I'm no PHP expert and there's probably a better/easier solution
(06-29-2012 03:55)Nukem Wrote: [ -> ]Your code is very flawed (can be easily exploited)

Last time I checked PHP didn't work that way but you could try this:
PHP Code
  1. <?
  2. If($alvl >= 4 )
  3. {
  4. echo '<div class="musicstub"> Music ';
  5. echo '</div>';
  6. echo '<script>';
  7.  
  8. echo '$(document).ready(function() {';
  9. echo ' $('.musicstub').stop().toggle(function(){';
  10. echo ' $(this).animate({width: 250, height: 50}, "fast");';
  11. echo ' },function() {';
  12. echo ' $(this).animate({width: 100, height: 15}, "fast");';
  13. echo ' });';
  14. echo '});';
  15. echo '</script>';
  16. }
  17. ?>


I'm no PHP expert and there's probably a better/easier solution

That did not work either

It doesnt show it, which is good. but when I login it doesnt show it at all Huh

Could I be calling it in the wrong spot?

Because this:
PHP Code
  1. $q = mysql_query("SELECT access_level FROM members WHERE usr = '$username' AND pass = '".md5($_POST['password'])."'");
  2. if(mysql_num_rows($q) > 0)
  3. {
  4. $alvl = mysql_fetch_row($q);
  5. $alvl = $alvl[0];
  6. }

Is in a different spot than this:
PHP Code
  1. if(!count($err))
  2. {
  3. // If there are no errors
  4.  
  5. $_POST['email'] = mysql_real_escape_string($_POST['email']);
  6. $_POST['username'] = mysql_real_escape_string($_POST['username']);
  7. $pass = $_POST['password'];
  8. // Escape the input data
  9.  
  10.  
  11. mysql_query(" INSERT INTO members(usr,pass,email,regIP,dt)
  12. VALUES(
  13.  
  14. '".$_POST['username']."',
  15. '".md5($pass)."',
  16. '".$_POST['email']."',
  17. '".$_SERVER['REMOTE_ADDR']."',
  18. NOW()
  19.  
  20. )");
  21.  
  22.  
  23. }
It would probably be better to do
PHP Code
  1. $alv1 = mysql_result(mysql_query("SELECT access_level FROM members WHERE usr = '$username' AND pass = 'md5({$_POST['password']})'"),0);


It would also be a good idea to debug it, so throw around some
PHP Code
  1. var_dump($alv1);
Code:
If($alvl = 5 )
is always true, it just creates the string and set it to 5. This will give the code for everyone, even when $alvl = 200. I think you meant doing this:

Code:
If($alvl == 5 )

notice the == (equals) and not = (create). There is a big difference in php with that. This will only run the code when $alvl is actually 5.
Ah fuck, you're right, can't believe I missed that.
Listen to what @surtek says Tongue
Reference URL's