Forum Making

Smackie

Greetings,

      I been working on a forum. its almost complete.. but im having a problem (btw this forum is for only my site). I am calling all the categories out from a while loop and was wondering if someone could tell me how i can some of the categories were only selected members can view thie topics and stuff.?

here is the page..

<table width="100%" height="20" border="0" bgcolor="000033" cellpadding="2" cellspacing="0">
  <tr>
    <th class="txt" width="80%">Forum</th>
    <th class="txt" width="10%">Topics</th>
    <th class="txt" width="10%">Post</th>
  </tr>
</table>
<?php
	$get_category = mysql_query("SELECT * FROM category GROUP BY id") or die(mysql_error());
		while($row = mysql_fetch_array($get_category)) {
		?>
<table width="100%" height="20" border="0" bgcolor="00255d" cellpadding="2" cellspacing="0">
  <tr>
    <th class="txt" width="60%" align="left"><B><U><font size="2"><?php echo $row['category']; ?></font></u></b></th>
  </tr>
</table>
<table width="100%"  border="1" bordercolor="CFC095"  bgcolor="000033" cellpadding="3" cellspacing="0">
<?php 
	$id = $_GET['id'];	
	$get_topic = mysql_query("SELECT * FROM header WHERE catid=" . $row['id'] . " ORDER BY catid") or die(mysql_error());	
		while($topic_info = mysql_fetch_array($get_topic)) {
			$id = $topic_info['id'];
			$catid = $topic_info['catid'];
			$heading = stripslashes($topic_info['heading']);
			$description = $topic_info['description'];

$get_num_topics = mysql_query("SELECT catid FROM forum_question WHERE catid = $catid");
$topics = mysql_num_rows($get_num_topics);

$get_num_posts = mysql_query("SELECT catid FROM forum_answer WHERE catid = $catid");
$posts = mysql_num_rows($get_num_posts);
?>
  <tr>
    <td class="txt" width="80%" align="left"><a href="../index.php?seashadows=topic&catid=<?php echo $catid; ?>&id=<?php echo $id; ?>"><?php echo $heading; ?></a><br /><?php echo $description; ?></td>
    <td class="txt" width="10%"><?php echo $topics; ?></td>
    <td class="txt" width="10%"><?php echo $posts; ?></td>
<?php

if($_SESSION['user_level'] == 5) {


?>
  <tr>
    <td class="txt" align="right" colspan="3"><a class="two" href="../index.php?seashadows=header_functions&id=<?php echo $id; ?>">Edit</a> | <a class="two" href="../index.php?seashadows=header_functions&action=delete1&id=<?php echo $id; ?>">Delete</a></td>
  </tr>
    <tr>
    <td class="txt" align="right" colspan="3"><a href="../index.php?seashadows=add_heading"><strong>Create New Subject</strong></a></td>
  </tr>
  <?php
  }
  }
  }
  ?>
  </table>

Thank you,

Smackie

I been working on it since no one replied yet.. and i got it working alittle somewhat but still don't work quiet right. I have it where it hides the Category that i want. (Promotion Review Board) but doesn't show it to the people who needs to see it. can someone help me here is the if statement that i made for it

if ($_SESSION['user_level']) {
    $get_category = mysql_query("SELECT * FROM category WHERE access <= $_SESSION[user_level] GROUP BY id") or die(mysql_error());
	} else {
    $get_category = mysql_query("SELECT * FROM category WHERE access = 0 GROUP BY id") or die(mysql_error());
	}

😕

Thank you
Smackie

oh and not sure if anyone else is having the same problem im having but it takes me several tries to log into this site. Someone should get the login fixed.

benracer

not sure maybee...

$level = $_SESSION['user_level'];
if (!empty($level)){ 
    $get_category = mysql_query("SELECT * FROM category WHERE access <= '$level' GROUP BY id") or die(mysql_error()); 
    } else { 
    $get_category = mysql_query("SELECT * FROM category WHERE access = 0 GROUP BY id") or die(mysql_error()); 
    }

"---------
oh and not sure if anyone else is having the same problem im having but it takes me several tries to log into this site. Someone should get the login fixed.
---------"

Just refresh the page =D

Smackie

that kinda put me back at the beginning.. :-\ does the same thing before i done the if statement.

and for the login on this board i tried refreshing it still asks for a login.

benracer

What is the if statements job in this case?

if(??? something happerns???) {do something}

Smackie

well its suppose to get the user_level from users table in database (from the Session when a users logs in). then in the query its suppose to check that the access is the same as user level if not then it will only show the ones that are access of 0..

i have Promotion review board access set to 5 so then only users that have user_level 5 can see the Promotion Review Board

Quadodo

This isn't an answer to your question, but from what I can see in your coding, you're allowing SQL injection attacks. This can be fixed by making this function:

function sql_quote($data) {
  if (get_magic_quotes_gpc() == 1) {
  $data = stripslashes($data);
  }

return addslashes($data);
}

Then putting sql_quote($_GET['id']) or anything taken in by POST or GET 🙂