If statement

Chris_Evans

Hi - I've got a small problem that I've been trying to figure out for a little while. Basically I have an admin pannel but only users with a particular rank can access certain pages, so I'm using "authcheck.php" to check the page against the rank in the database, where $page = "mypage".

Here's the code:

<?php
session_start()
if (!$_SESSION['username']) {
	header("Location: $siteurl/login.php");
	exit;
	}
if (!$_SESSION['user_rank']) {
	header("Location: $siteurl/authfail.php");
	exit;
	}

$username = $_SESSION['username'];
$rank = $_SESSION['user_rank'];

$stop = mysql_query("SELECT * FROM authcheck WHERE rank='$rank'")
	or die("Error, could not connect to the database.");
While ($row = mysql_fetch_array($result))
	{
	If $row['page'] != $page
		{
		header("location: $siteurl/authfail.php");
		}
	else
		{
?>

Now whether you can spot the problem or not, I don't know but the main problem is with the

If $row['page']...

bit onwards. Any help will be appreciated, thanks,

Chris

Chris_Evans

Oh and I forgot to mention, that file is included at the top of every required page, and before it's included I have written $page="$$$" etc. And then the bracket allows for the rest of the page to be written... finally I finish the page off with:

<?
 Include("$siteurl/templates/footer.php");
 }
?>

I couldn't see another way of doing it, maybe somebody here can.

Thanks,

Chris

trooper

You need to see if there is a value in the authcheck table that equals the users rank

make the following change

While ($row = mysql_fetch_array($result))
    {
    If (!$row['page'])
{
        header("location: $siteurl/authfail.php");
        }

So here we are simply saying - if there are no records returned from the query then the authentication has failed.

HTH

Originally posted by Chris_Evans
Hi - I've got a small problem that I've been trying to figure out for a little while. Basically I have an admin pannel but only users with a particular rank can access certain pages, so I'm using "authcheck.php" to check the page against the rank in the database, where $page = "mypage".

Here's the code:
<?php
session_start()
if (!$_SESSION['username']) {
	header("Location: $siteurl/login.php");
	exit;
	}
if (!$_SESSION['user_rank']) {
	header("Location: $siteurl/authfail.php");
	exit;
	}

$username = $_SESSION['username'];
$rank = $_SESSION['user_rank'];

$stop = mysql_query("SELECT * FROM authcheck WHERE rank='$rank'")
	or die("Error, could not connect to the database.");
While ($row = mysql_fetch_array($result))
	{
	If $row['page'] != $page
		{
		header("location: $siteurl/authfail.php");
		}
	else
		{
?>
Now whether you can spot the problem or not, I don't know but the main problem is with the

If $row['page']...

bit onwards. Any help will be appreciated, thanks,

Chris [/B]

Chris_Evans

Thanks for that, it worked but then I got another error... but I fixed it, he he, thanks to a friend, it was that I missed a '}'

Chris