Validating users for access

SFDonovan

I have tried to get this script to work for weeks and can't get it to behave.

If a user has a value in milpacs_members or the member is a superuser then they get access to viewdrill.

For all other instances they are sent to accessdenied.

I am getting an error that says the following.

Parse error: syntax error, unexpected T_BOOLEAN_AND in /home/xxxxxxxx/public_html/milpacs/modules/MILPACS/checkuser.php on line 49

I once had much of it working but if the user had no value in milpacs_members yet they were logged in as an admin it just displayed a blank page.

This is why I added the check for valid authors.

/* Get list of valid authors */
$row = $db->sql_fetchrow($db->sql_query("SELECT title, admins FROM ".$prefix."_modules WHERE title='$module_name'"));
$row2 = $db->sql_fetchrow($db->sql_query("SELECT name, radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));
$admins = explode(",", $row['admins']);
$auth_user = 0;
for ($i=0; $i < sizeof($admins); $i++) {
    if ($row2['name'] == "$admins[$i]" AND $row['admins'] != "") {
        $auth_user = 1;   

    }
}

//Store logged username 
$nukeusername = $userinfo['username']; 

$sql = "SELECT * FROM ".$prefix."_milpacs_members WHERE nukeusername='$nukeusername'"; 
   $result = $db->sql_query($sql); 
   if(isset($nukeusername)) && ($db->sql_numrows($result) > 0) || ($row2['radminsuper'] == 1 || $auth_user == 1) { 	   

       session_start(); 
       $_SESSION['loggedin1'] = 1;       

       Header("Location: modules.php?name=MILPACS&file=viewdrill"); 
		} else {         

       session_start(); 
       $_SESSION['loggedin1'] = 0;       

       Header("Location: modules.php?name=MILPACS&file=accessdenied"); 
    }

Weedpacket

Like it says:

 if(isset($nukeusername)) && ($db->sql_numrows($result) > 0) || ($row2['radminsuper'] == 1 || $auth_user == 1) {

Count your parentheses - you've got a pair missing.

halojoy

Weedpacket wrote:
Like it says:
 if(isset($nukeusername)) && ($db->sql_numrows($result) > 0) || ($row2['radminsuper'] == 1 || $auth_user == 1) {      
Count your parentheses - you've got a pair missing.

Maybe this will work

if(isset($nukeusername) && ($db->sql_numrows($result) > 0) || ($row2['radminsuper'] == 1 || $auth_user == 1)) {

that is what I think

SFDonovan

This is what I ended up with:

if  (isset($nukeusername) && ($nukeusername != "") && ($db->sql_numrows($result) > 0) || ($row2['radminsuper'] == 1 || $auth_user == 1)) {

So I don't get any errors but my logic is still wrong.

When I am not logged in as either and admin or a user I can still access viewdrill.php

Here is my latest. I added an ismember smallint(1) field to my members table but no joy.

/* Get list of valid authors */
$row = $db->sql_fetchrow($db->sql_query("SELECT title, admins FROM ".$prefix."_modules WHERE title='$module_name'"));
$row2 = $db->sql_fetchrow($db->sql_query("SELECT name, radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));
$admins = explode(",", $row['admins']);
$auth_user = 0;
for ($i=0; $i < sizeof($admins); $i++) {
    if ($row2['name'] == "$admins[$i]" AND $row['admins'] != "") {
        $auth_user = 1;   

    }
}

//Store logged username 
$nukeusername = $userinfo['username']; 

$sql = "SELECT * FROM ".$prefix."_milpacs_members WHERE nukeusername='$nukeusername'AND ismember = '1'"; 
   $result = $db->sql_query($sql); 
   if  (isset($nukeusername) && ($nukeusername != "") && ($db->sql_numrows($result) > 0) || ($row2['radminsuper'] == 1 || $auth_user == 1)) { 	   

       session_start(); 
       $_SESSION['loggedin1'] = 1;       

       Header("Location: modules.php?name=MILPACS&file=viewdrill"); 
		} else {         

       session_start(); 
       $_SESSION['loggedin1'] = 0;       

       Header("Location: modules.php?name=MILPACS&file=accessdenied"); 
    } 	
?>

I am getting stumped.

I check if the username is set, check to see it is not blank, see if I returned any rows for a match, OR the person is logged in as an admin.

Where have I gone wrong?