Hello everyone,

I really really need some help with this as Ive been trying to sort since December and cannot seem to get past it. I only know very basic PHP and still currently learning.

Basically I have a website with multiple pages and a membership system which has a ranking system for my members. The access to a page is set by the $rank_check = 5; statement which allows access to that particular rank and above. If I use the $rank_check == 5; then this will make access to that page ONLY for that rank which is great.

However, I currently have ranks between 1-99 and really need to be able to set the page access to allow which ever ranks I state otherwise admin could be accessed by unauthorised members.

So for example, if I want page 1 to have access to every rank above 5 then I can set it as: $rank_check = 5;

If I want page 2 to have access to ONLY rank 67 then I can use the $rank_check == 67; which is fine.

However, how do I set it so that I can set page 3 to allow access to for multiple ranks .... example ... ranks 5, 7, 48,67 and 99????

I have tried using the If statements. Also tried using the && statements along with the $rank_check == 5; but it didnt work. :O(

PLEASE PLEASE PLEASE help me and I will be eternally grateful. lol

Here is the actual document code:

<?php

/*

Admin Main (admin.php)

*/

$page_title = "Admin - Founder Highly Restricted";

$rank_check = 5;

include "../header.inc.php";



print "$openHTML";

ECHO <<<END

PAGE CONTENT HERE

END;



print "$closeHTML";

?>

Here are some attempts at what I have tried using so far:

if($rank_check == 6 || $rank_check == 7 || $rank_check == 8){    include "../header.inc.php";

$page_title = "admin_access6.php";
$rank_check == 6 || $rank_check == 7 || $rank_check == 8;

if($rank_check == "6" || $rank_check == "7" || $rank_check == "8"){    $let_them_pass = true;}

if($set_rank == 6 || $set_rank == 7 || $set_rank == 8){    $let_them_pass = true;}

<?php $page_title = "admin_access6.php";if($rank_check != 6 && $rank_check != 7 && $rank_check != 8){    exit;}include "../header.inc.php"; print "$openHTML"; $credit = $getGame[credit] / 100; ECHO <<<END

None of these seemed to work.

Hope someone can help me as this is a really big and urgent job I need on my website.

Thanks you so much

Justin :o)

Try this (assuming that $set_rank is the user's rank):

$rank_check = 5;  // the page rank
$let_them_pass = false;
if($set_rank > $rank_check) {
$let_them_pass = true;
}

if($let_them_pass == true) {
// do stuff
}

You only need check against $let_them_pass being either true or false.

Matti Ressler
Suomedia

commented: Very helpful and has a great deal of patience lol Im a newbie to PHP and Suo is a huge help! :o) +1

Hiya,

Thanks so much for the reply. So how exactly would I add this to my page. And from what I can see it will only allow the rank of 5 to access it??

Sorry I cant seem to get my head round it.

Justin

I am assuming that $set_rank contains the access level of your user, while $page_rank is the access level for the page. To give access to a $set_rank of 5 or above use:

if($set_rank >= $rank_check) {
  $let_them_pass = true;
}

What you posted is rather confusing, so I am just doing it my way.

Matti Ressler
Suomedia

Ah I can already give access to rank 5 and above, and I know how to give access to ONLY rank 5....

What I want to be able to do is alloacte exactly which ranks has access to a page. Like for example... rank 5, 10, 13 and 48 can access a page.

The $set_rank contains the rank list which is correct.

:o/ Does that make sense to you now?

Thanks so much

Ok... now you have explained better. Try this:

<?php

/*

Admin Main (admin.php)

*/

$rank_check = array(5, 10, 13, 28);  // ranks allowed to access this page

$let_them_pass = false;
if(in_array($set_rank,$rank_check)) {  //   $set_rank is the user's access level
$let_them_pass = true;
}

if($let_them_pass == false) {
header("location:http://www.url.com/other_page.php");  // access denied, redirect user to another page.
}

$page_title = "Admin - Founder Highly Restricted";

include "../header.inc.php";

print "$openHTML";

ECHO <<<END

PAGE CONTENT HERE

END;

print "$closeHTML";

?>

Matti Ressler
Suomedia

Heya,

Thanks for your help. Thats didnt work and actually just logged me out to the log in page saying I do not have access each time regardless of the ranks I used.

Im trying to work out how it all links together and have this page which is the admin_set_status.php page

<?php

/*
Process Set Status (admin_status.pro.php)
*/

$rank_check == 99;
include "../global.inc.php";

$set_username = strtolower(ereg_replace(" ", "", $set_username));

mysql_query("UPDATE members2 SET rank=$set_rank WHERE username = '$set_username' AND game = '$game'");
$findUser = fetch("SELECT id FROM members2 WHERE username = '$set_username' AND game = '$game'");

if ($set_rank == 0)
{
	mysql_query("DELETE FROM forum_replies2 WHERE author = '$findUser[id]' AND game = '$game'");
	mysql_query("DELETE FROM forum_subjects2 WHERE author = '$findUser[id]' AND game = '$game'");
}

$rank = array("Suspended", "Mute", "Under 13", "Member",  "City Guides", "News Reporter", "Member Support Officer", "Senior City Guide", "Committee Manager", "Mayors Secretary", "Police Cadets", "Job Centre Manager", "Lottery Manager", "Media Manager", "Games Centre Manager", "Community Engineer", "Police Seargeant", "Police Inspector", "Police Chief Inspector", "Police Superintendent", "Police Chief Superintendent", "Deputy Chief of Police", "Chief of Police", "Deputy Mayor", "Mayor", "Chief Engineer", "CPW Founder");

record("Changed Status", "$username changed $set_username's status to $rank[$set_rank]", $timestamp, $game, $userid);

header("Location: admin_set_status.php?game=$game&error=You+have+changed+their+rank+successfully.");

?>

Im not sure if its the $set_rank thats causing the problem.

:>s


Thanks so much

Justin

I don't see or know where you are setting the value for $set_rank. The code I posted works just fine if $set_rank is properly set as the user's access level.

You can check this with:

echo $set_rank; die();

You really need to clean up your code properly, eg. your queries should be written like this:

mysql_query("UPDATE members2 SET rank ='" . $set_rank . "' WHERE username = '" . $set_username . "' AND game = '" . $game . "'");

Matti Ressler
Suomedia

Hello again,

Im going to try and work through what you have just written. thanks.

Would this be the place?

<?php

ob_start();
include "globals.inc.php";

$con=mysql_connect($db_server,$db_username,$db_password);
//connection string

mysql_select_db($db_name,$con);
//select db

include "func.lib.php";

srand((double)microtime()*1000000);

$getGame = fetch("SELECT * FROM game_tables WHERE id = '$game'");
$game = $getGame[id];
$gameName = "$getGame[game_name]</a>";

if ($getGame[use_logo] == "1")
{
	$gameName = "<img src=$base_url/images/user_images/opg_$game/logo.gif></a>";
}
$gameName2 = "$getGame[game_name]";
$pointVar = "$getGame[point_var]";
$pointsVar = "$getGame[point_var]";

if (!$pointVar) { $pointVar = "$defaultPointsVariable"; }

$userCookie = "username_$game";
$passCookie = "password_$game";

$getInfo = fetch("SELECT * FROM members2 WHERE username = '$HTTP_COOKIE_VARS[$userCookie]' AND password = '$HTTP_COOKIE_VARS[$passCookie]' AND game = '$game'");
//echo "SELECT * FROM members2 WHERE username = '$HTTP_COOKIE_VARS[$userCookie]' AND password = '$HTTP_COOKIE_VARS[$passCookie]' AND game = '$game'";
$getInfo2 = fetch("SELECT * FROM members_profiles2 WHERE username = '$getInfo[username]' AND game = '$game'");
//echo "SELECT * FROM members_profiles2 WHERE username = '$getInfo[username]' AND game = '$game'";
$username = $getInfo[username];
$display_name = $getInfo[display_name];
$userid = $getInfo[id];
$points = $getInfo[points];
$rank = $getInfo[rank];
$hungerLevel = $getInfo[hunger_level];
//print_r($getInfo);
 
if (!$username)     
{ 
$username = "<i>Not logged in.</i>"; 
} 

else
{
	$sql_name="usrname";
	$membername=$username;
	$u=$HTTP_COOKIE_VARS[$passCookie];
	$_email= $getInfo2[email];
	$memberid= $getInfo[id];
	$tmp=mysql_query("SELECT * FROM pro_membersu_privchatf WHERE usrname = '$membername' LIMIT 1"); 
	while($e=mysql_fetch_array($tmp)) 
	{
		$_id = ($e['id']);
	}
	// if password exists, get users email (default table)
	$sql="SELECT * FROM pro_membersu_privchatf WHERE ".$sql_name."='$membername' LIMIT 1";
	$tmp=mysql_query($sql) or die(mysql_error().$sql);; 
	while($log_in=mysql_fetch_array($tmp)) 
	{
	$_email = ($log_in[$sql_email]);
	}
	
	if ($_id == '')
	{ 
	// if first visit, add member to MEMBERS table
	$sql = "INSERT INTO pro_membersu_privchatf (id,usrname, usrpassword, e_mail, age, gender, location, hobbies, aboutme, terms, date, photo) 
	VALUES ('$memberid','$membername', '$u', '$_email', '', '', '', '', '', '', NOW(), '')";mysql_query($sql) or die(mysql_error()); 
	$tmp=mysql_query("SELECT * FROM pro_membersu_privchatd WHERE membername = '$membername' order by id DESC LIMIT 1"); 
	while($e=mysql_fetch_array($tmp)) 
	{
		$_name = ($e['id']);
	}
	
	if ($_name == '')
	{ 
	// if first visit, add member to ONLINE table
	$system_c = date("U");
	$sql = "INSERT INTO pro_membersu_privchatd (memberid, membername, status, ontime, active) 
	VALUES ('$memberid', '$membername', 'Online', '$today', '$system_c')";mysql_query($sql) or die(mysql_error()); 
	}
		}	
			
			
}
if (!$display_name) { $display_name = "<i>Not logged in.</i>"; }
if (!$points)       { $points = "0"; }

if ($getInfo[hunger_level] > 10) { mysql_query("UPDATE members SET hunger_level = 10 WHERE id = '$userid' AND game = '$game'"); $hungerLevel = 10;}

if ($getInfo[hunger_level] < 0) { mysql_query("UPDATE members SET hunger_level = 0 WHERE id = '$userid' AND game = '$game'");  $hungerLevel = 0; }

$hungerLevel = $hungerArray[$hungerLevel];

if (!$rank_check) { $rank_check = 0; }
if (!$rank) { $rank = 0; }
if ($rank < $rank_check)
{
	//exit;
	die(header(error("$base_url/login.php?game=$game","$noAccessError")));
}

#############
######## Hits
mysql_query("UPDATE hits SET hits = hits + 1");

mysql_query("UPDATE game_tables SET hits=$getGame[hits]+1 WHERE id = '$game'");

$current_date = "$getGame[the_current_date]";
$zeroHits = "0";
if ($datestamp != "$current_date")
{
	mysql_query("UPDATE game_tables SET daily_page_views=0 WHERE the_current_date != '$datestamp'") or die ("Database error: ".mysql_error());
	mysql_query("UPDATE game_tables SET the_current_date = '$datestamp' WHERE the_current_date != '$datestamp'") or die ("Database error: ".mysql_error());
	$getGame[daily_page_views] = 0;
}

mysql_query("UPDATE game_tables SET daily_page_views = daily_page_views + 1 WHERE id = '$game'");

#############

?>

This is the global document. For some reason I cannot get my head around the $set_rank for some reason. lol

I basically brought the script that said it would have 100% support etc but when I got it the guy never ever replied to tech problems and Ive noticed this has been common with other people.

So I have basically had to learn as much PHP/MySql as I can and try and get it all fixed and changed myself. So far ive managed to do lots but this has been a constant problem. lol

Thanks for letting me know about the need to clean it up :)

Justin

That does not contain $set_rank .... the only thing that I can see close to it is:

$rank = $getInfo[rank];

Perhaps $set_rank is set in globals.inc.php as I would expect it to be registered in the user session.


Matti Ressler
Suomedia

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.