Forum ADMIN and USER issue! Please Help

Question

rEhSi_123 8 Junior Poster

15 Years Ago

I have a issue with displaying wether a ADMIN or a USER on my forum.
If a user is ADMIN then it displays the user as ADMIN but if the user isn't an ADMIN it still displays it as ADMIN which I dont want. Could somebody please check my code.

This part of the code display the ADMIN or USER text:

<?php
$row2 = mysql_fetch_assoc($res2);
         if($row2['admin'] == 1 && $admin_user_level == 0){
            echo "You cannot view this topic!";
            }else {
               $a = (isa($row['uid'])) ? "<font style=\"color:#800000;font-weight:bold;\">ADMIN</font>" : "<font style=\"color:#333300;font-weight:bold;\">USER</font>";
               echo "<table border=\"0\" width=\"100%\"cellspacing=\"3\" cellpadding=\"3\">\n";
               echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\"><b>".$row['title']."</b>- Posted on: <em>".$row['date']."</em></td></tr>\n";
               echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($row['uid'],true)."<br>Post Count: ".post($row['uid'])."</br>".$a."</td>\n";
               echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
               echo topic($row['message']);
?>

and this is my whole code:

<?php

error_reporting(E_ALL ^ E_NOTICE); //Report all error except NOTICES
$id = mss($_GET['id']);
$page = (!$_GET['page'] || $_GET['page'] < 0) ? "1" : $_GET['page'];
$page = ceil($page);

$limit = 10;
$start = $limit;
$end = $page*$limit-($limit);

if($id){
   $sql = "SELECT * FROM `forum_topics` WHERE `id`='".$id."'";
   $res = mysql_query($sql) or die(mysql_error());
   if(mysql_num_rows($res) == 0){
      echo "This topic does not exists!";
      }else {
         $row = mysql_fetch_assoc($res);
         $sql2 = "SELECT admin FROM `forum_sub_cats` WHERE `id`='".$row['cid']."'";
         $res2 = mysql_query($sql2) or die(mysql_error());
         $row2 = mysql_fetch_assoc($res2);
         if($row2['admin'] == 1 && $admin_user_level == 0){
            echo "You cannot view this topic!";
            }else {
               $a = (isa($row['uid'])) ? "<font style=\"color:#800000;font-weight:bold;\">ADMIN</font>" : "<font style=\"color:#333300;font-weight:bold;\">USER</font>";
               echo "<table border=\"0\" width=\"100%\"cellspacing=\"3\" cellpadding=\"3\">\n";
               echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\"><b>".$row['title']."</b>- Posted on: <em>".$row['date']."</em></td></tr>\n";
               echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($row['uid'],true)."<br>Post Count: ".post($row['uid'])."</br>".$a."</td>\n";
               echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
               echo topic($row['message']);
               
               echo "</td>\n";
               echo "</tr>\n";
               $amount_check = "SELECT * FROM `forum_replies` WHERE `tid`='".$id."'";
               $amount_check_res = mysql_query($amount_check) or die(mysql_error());
               $amount_count = mysql_num_rows($amount_check_res);
               $pages = ceil($amount_count/$limit);
               
               $previous = ($page-1 <= 0) ? "&laquo; Prev" : "<a href=\"./index.php?act=topic&id=".$id."&page=".($page-1)."\">&laquo; Prev</a>";
               $nextpage = ($page+1 > $pages) ? "Next &raquo;" : "<a href=\"./index.php?act=topic&id=".$id."&page=".($page+1)."\">Next &raquo;</a>";
               echo "<tr><td align=\"right\" colspan=\"2\" class=\"forum_header\">\n";
               echo "Pages: ";
               echo $previous;
               for($i=1;$i<=$pages;$i++){
                  $href = ($page == $i) ? " ".$i." " : " <a href=\"./index.php?act=topic&id=".$id."&page=".$i."\">".$i."</a> ";
                  echo $href;
               }
               echo $nextpage;
               echo "</td></tr>\n";
               $select_sql = "SELECT * FROM `forum_replies` WHERE `tid`='".$id."' ORDER BY id ASC LIMIT ".$end.",".$start."";
               $select_res = mysql_query($select_sql) or die(mysql_error());
               
               while($rowr = mysql_fetch_assoc($select_res)){
               echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\">Posted on: <em>".$rowr['date']."</em></td></tr>\n";
               echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($rowr['uid'],true)."<br>Post Count: ".post($rowr['uid'])."</br>".$a."</td>\n";
               echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
               echo topic($rowr['message']);
               if($rowr['edit_time'] > 0){
                  echo "<tr><td align=\"left\" colspan=\"3\" class=\"forum_header\"><em>Edited at:".date("l jS \of F Y",$rowr['edit_time']) . " at " . date("h:i:s",$rowr['edit_time'])."</em></td></tr>\n";
                  }
               $adminz = isa($_SESSION['uid']);
               if($adminz == 1 || $rowr['uid'] == $_SESSION['uid'] || $admin_user_level == 0){
                  echo "<tr><td align=\"right\" colspan=\"2\"><a href=\"index.php?act=mod&act2=reply&id=".$rowr['id']."\"><img src=\"edit.gif\"></a> <a href=\"index.php?act=test&id=".$rowr['tid']."&reply_id=".$rowr['id']."\"><img src=\"quoteIcon.gif\"></a></td></tr>\n";               
                  }
               echo "</td>\n";
               echo "</tr>\n";
               }
               echo "<tr><td colspan=\"2\" align=\"left\"><a href=\"./index.php?act=reply&id=".$row['id']."\">Reply Now</a></td></tr>\n";               
               echo "</table>\n";
                 }  
                  }
                     }else {
                           echo "Please view a valid topic!";
                          }
?>

php

2 Contributors
8 Replies
120 Views
2 Days Discussion Span
Latest Post 15 Years Ago Latest Post by darkagn

darkagn 315 Veteran Poster

15 Years Ago

if($row2['admin'] == 1 && $admin_user_level == 0)

I can't see anywhere in your code where $admin_user_level is set. Is it possible that this is not correctly being set for the user?
Try this immeadiately before that line:

echo "POST_ADMIN: " . $row2['admin'] . "<br>";
echo "ADMIN_USER: $admin_user_level<br>";

and see what happens...

darkagn 315 Veteran Poster

15 Years Ago

Given the results, I think that $admin_user_level is working correctly. So the problem is with the admin post ($row2) being equal to 0 instead of 1? The only time you will get the "You cannot view this topic!" message is when the user is not admin and $row2 = 1. When does $row2 = 1? That is, what does the admin column in the forum_replies table relate to?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

rEhSi_123 8 Junior Poster · Answer 1 · 2009-03-31T18:05:14+00:00

if($row2['admin'] == 1 && $admin_user_level == 0)
I can't see anywhere in your code where $admin_user_level is set. Is it possible that this is not correctly being set for the user?
Try this immeadiately before that line:
echo "POST_ADMIN: " . $row2['admin'] . "<br>";
echo "ADMIN_USER: $admin_user_level<br>";
and see what happens...

Right Sir!

Yes I noticed that myself too......but I am just not too sure where to put my

if($admin_user_level == 0){}

I tested your code and this is the value that was displayed on the screen when I am logged in as a USER:

POST_ADMIN: 0
ADMIN_USER: 0

and if I login as ADMIN this is the value that was displayed which is right:

POST_ADMIN: 0
ADMIN_USER: 1

Even though the USER is displayed as a ADMIN he/she doesnot have ADMIN functions.

rEhSi_123 8 Junior Poster · Answer 2 · 2009-04-01T03:54:19+00:00

That is, what does the admin column in the forum_replies table relate to?

It doesn't relate to anything as far as I know!:-/

This my table

CREATE TABLE IF NOT EXISTS `forum_replies` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `tid` int(11) NOT NULL,
  `uid` int(11) NOT NULL,
  `message` text NOT NULL,
  `date` varchar(64) NOT NULL,
  `time` int(25) NOT NULL,
  `edit_time` int(25) NOT NULL,
  `reply_id` int(11) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=83 ;

This part of the code actually posts the topic message on the forum:

$a = (isa($row['uid'])) ? "<font style=\"color:#800000;font-weight:bold;\">ADMIN</font>" : "";
echo "<table border=\"0\" width=\"100%\"cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<tr><td colspan=\"2\" align=\"left\" class=\"forum_header\"><b>".$row['title']."</b>- Posted on: <em>".$row['date']."</em></td></tr>\n";
echo "<tr><td align=\"left\" width=\"15%\" valign=\"top\" class=\"forum_header\">".uid($row['uid'],true)."<br>Post Count: ".post($row['uid'])."</br>".$a."</td>\n";
echo "<td align=\"left\" valign=\"top\" class=\"forum_header\">\n";
echo topic($row['message']);
					
echo "</td>\n";
echo "</tr>\n";

rEhSi_123 8 Junior Poster · Answer 3 · 2009-04-01T03:57:42+00:00

I think this part of the code actually else's out since both $row2 == 1 && $admin_user_level == 0:$

if($row2['admin'] == 1 && $admin_user_level == 0){
echo "You cannot view this topic!";
				}
				else {
$a = (isa($row['uid'])) ? "<font style=\"color:#800000;font-weight:bold;\">ADMIN</font>" : "";

darkagn 315 Veteran Poster Featured Poster · Answer 4 · 2009-04-01T15:49:20+00:00

Yes. Your problem is that $row2 always equals 0. Your code says:

"If $row2 == 1 AND if $admin_user_level == 0, then don't let the topic be viewed."

Since $row2 always = 0, the topic can ALWAYS be viewed, regardless of the value of $admin_user_level.

Rules of boolean AND algebra:

T && T = T
T && F = F
F && T = F
F && F = F

EDIT: Since there is no column 'admin' in forum_replies table, I would remove all reference to $row2 in that if-statement and just have the if-statement check the value of $admin_user_level.

rEhSi_123 8 Junior Poster · Answer 5 · 2009-04-02T04:11:07+00:00

$a = (isa($row['uid'])) ? "<font style=\"color:#800000;font-weight:bold;\">ADMIN</font>" : "";

The above code displays ADMIN next to a username if the USER is a ADMIN......which is spot on!

But, now say if a ADMIN starts a thread and if any non ADMIN user posts in the topic he automatically gets ADMIN displayed under his username :'( which I dont want.........

and if a ADMIN comments in a topic which was started off by a normal USER the ADMIN letter is not present even though the user commented is a ADMIN........

Could you please shed some light.......

This is code file for creating a topic...Please check and let me know what is wrong

<?php

if(!$_SESSION['uid']){
header("Location: index.php");
}
$id = mss($_GET['id']);

if($id){
   $sql = "SELECT * FROM `forum_sub_cats` WHERE `id`='" .$id. "'";
   $res = mysql_query($sql) or die(mysql_error);
    if(mysql_num_rows($res) == 0){
   echo "The forum you are trying to create on, does not exists!\n";
    }else {
      $row1 = mysql_fetch_assoc($res);
      if($row1['admin'] == 1 && $admin_user_level == 0){
         echo "You are not a administrator, therefore you cannot post on this forum\n";
         }else{
            if(!$_POST['submit']){
            echo "<table border=\"0\" cellspacing=\"3\" cellspacing=\"3\">\n";
            echo "<form method=\"post\" action=\"./index.php?act=create&id=".$id."\">\n";
            echo "<tr><td>Forum Sub Category</td><td><select name=\"cat\">\n";
            $sql2 = "SELECT * FROM `forum_cats` WHERE `admin` < ".$admin_user_level."+1";
            $res2 = mysql_query($sql2) or die(mysql_error());
            while($row = mysql_fetch_assoc($res2)){
            $sql3 = "SELECT * FROM `forum_sub_cats` WHERE `cid`='".$row['id']."'";
            $res3 = mysql_query($sql3) or die(mysql_error());
          
            echo "<option value=\"0\">".$row['name']."</option>\n";
            while($row2 = mysql_fetch_assoc($res3)){
            $selected = ($row2['id'] == $id) ? " SELECTED" : "";
            echo "<option value=\"".$row2['id']."\"".$selected.">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".$row2['name']."</option>\n";
               }
            }
            echo "</select></td></tr>\n";
            echo "<tr><td>Topic Title</td><td><input type=\"text\" name=\"title\"></td></tr>\n";
            echo "<tr><td>Message</td><td><textarea name=\"message\" style=\"width:300px;height:100px;\"></textarea></td></tr>\n";
            echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Create Topic\"></td></tr>\n";
            echo "</form></table>\n";
            }else{
               $cat = mss($_POST['cat']);
               $title = mss($_POST['title']);
               $msg = mss($_POST['message']);
               
               if($cat && $title && $msg){
                  $sql = "SELECT admin FROM `forum_sub_cats` WHERE `id`='".$cat."'";
                  $res =  mysql_query($sql) or die(mysql_error());
                  if(mysql_num_rows($res) == 0){
                  echo "This forum sub category does not exist!\n";
                     }else {
                        $row = mysql_fetch_assoc($res);
                        if($row['admin'] == 1 && $admin_user_level !=1){
                            echo "You are not an admin therefore you cannot post a new topic on this forum!\n";
                           }else { 
                              if(strlen($title) < 3 || strlen($title) > 32){
                                 echo "The Title must be between 3 and 32 characters\n";
                                }else {
                                   if(strlen($msg) < 3 || strlen($msg) > 10000){
                                      echo "The message must be between 3 and 10000 characters\n";
                                      }else {
                                         $date = date("d-m-y") ." at ". date("h-i-s");
                                         $time = time(); 
                                         $sql2 = "INSERT into `forum_topics` (`cid`,`title`,`uid`,`date`,`time`,`message`) VALUES('".$cat."','".$title."','".$_SESSION['uid']."','".$date."','".$time."','".$msg."')";
                                         $res2 =  mysql_query($sql2) or die(mysql_error());
                                         $tid = mysql_insert_id();
                                         topic_go($tid);
                                         }
                                   }
                             }
                        }
                  }else {
                     echo "Please supply all the fields\n";
                     }
               }
          }
      }
   }else {
      if(!$_POST['submit']){
         
            echo "<table border=\"0\" cellspacing=\"3\" cellspacing=\"3\">\n";
            echo "<form method=\"post\" action=\"./index.php?act=create\">\n";
            echo "<tr><td>Forum Sub Category</td><td><select name=\"cat\">\n";
            $sql2 = "SELECT * FROM `forum_cats` WHERE `admin` < ".$admin_user_level."+1";
            $res2 = mysql_query($sql2) or die(mysql_error());
            while($row = mysql_fetch_assoc($res2)){
            $sql3 = "SELECT * FROM `forum_sub_cats` WHERE `cid`='".$row['id']."'";
            $res3 = mysql_query($sql3) or die(mysql_error());
          
            echo "<option value=\"0\">".$row['name']."</option>\n";
            while($row2 = mysql_fetch_assoc($res3)){
            $selected = ($row2['id'] == $id) ? " SELECTED" : "";
            echo "<option value=\"".$row2['id']."\"".$selected.">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".$row2['name']."</option>\n";
               }
            }
            echo "</select></td></tr>\n";
            echo "<tr><td>Topic Title</td><td><input type=\"text\" name=\"title\"></td></tr>\n";
            echo "<tr><td>Message</td><td><textarea name=\"message\" style=\"width:300px;height:100px;\"></textarea></td></tr>\n";
            echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Create Topic\"></td></tr>\n";
            echo "</form></table>\n";
            }else{
               $cat = mss($_POST['cat']);
               $title = mss($_POST['title']);
               $msg = mss($_POST['message']);
               
               if($cat && $title && $msg){
                  $sql = "SELECT admin FROM `forum_sub_cats` WHERE `id`='".$cat."'";
                  $res =  mysql_query($sql) or die(mysql_error());
                  if(mysql_num_rows($res) == 0){
                  echo "This forum sub category does not exist!\n";
                     }else {
                        $row = mysql_fetch_assoc($res);
                        if($row['admin'] == 1 && $admin_user_level !=1){
                            echo "You are not an admin therefore you cannot post a new topic on this forum!\n";
                           }else { 
                              if(strlen($title) < 3 || strlen($title) > 32){
                                 echo "The Title must be between 3 and 32 characters\n";
                                }else {
                                   if(strlen($msg) < 3 || strlen($msg) > 10000){
                                      echo "The message must be between 3 and 10000 characters\n";
                                      }else {
                                         $date = date("d-m-y") ." at ". date("h-i-s");
                                         $time = time(); 
                                         $sql2 = "INSERT into `forum_topics` (`cid`,`title`,`uid`,`date`,`time`,`message`) VALUES('".$cat."','".$title."','".$_SESSION['uid']."','".$date."','".$time."','".$msg."')";
                                         $res2 =  mysql_query($sql2) or die(mysql_error());
                                         $tid = mysql_insert_id();
                                         header("Location: index.php?act=topic&id=".$tid.""); 
                                         }
                                   }
                             }
                        }
                  }else {
                     echo "Please supply all the fields\n";
                     }
         }
      }
?>

darkagn 315 Veteran Poster Featured Poster · Answer 6 · 2009-04-02T10:21:24+00:00

Oh, sorry I completely misunderstood your previous post. I think you need to query the users table (or whatever yours is called) to find out if the user posting the reply is admin user or not. Your code uses the admin status of the user that started the thread, you need to recheck the admin status each time a post is created, not when the thread is created.