Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    Regular Coder
    Join Date
    Mar 2009
    Location
    United Kingdom
    Posts
    161
    Thanks
    6
    Thanked 28 Times in 28 Posts

    Display text if admin

    Hello, im trying to make it so if you are logged in and you are an admin it will display a link on the main page. But whatever i do the link is always there and ive set a user with admin = 0 (none).

    PHP Code:
    <? 
    $tbl_name
    ="users";
    $ip=$_SERVER['REMOTE_ADDR'];
    $sql="SELECT * FROM $tbl_name WHERE admin ='1' AND ip ='$ip'";
    $result=mysql_query($sql);
    $rows=mysql_fetch_array($result);
    $iptrue=$rows['ip'];
    if(
    $ip == $iptrue && $rows['admin'] = 1){
    ?>
    <a href="/adm/index.php">Admin Control Panel</a>
    <? }
    Help please..

  • #2
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    PHP Code:
    if ($rows['admin'] == 1)
    {
    //Process admin coding
    }
    else {
    //Process non-admin coding


  • #3
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Could two users share the same IP address in your system? If so you'll need to tweak your code some.
    OracleGuy

  • #4
    Regular Coder
    Join Date
    Mar 2009
    Location
    United Kingdom
    Posts
    161
    Thanks
    6
    Thanked 28 Times in 28 Posts
    masterofollies : Tried that still the link came up with Non-admin users.

    oracleguy : yes i have 2 users in the database they have the same IP address.

  • #5
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    I know mine works because I've used that same coding dozens of times in administrator control panels. You aren't using a double equal on your coding.

    PHP Code:
    $rows['admin'] = 1
    a single equal means "assign to" where double equal means "is equal to"

  • #6
    Regular Coder
    Join Date
    Mar 2009
    Location
    United Kingdom
    Posts
    161
    Thanks
    6
    Thanked 28 Times in 28 Posts
    No still not working new code is
    PHP Code:
    <? 
    $tbl_name
    ="users";
    $ip=$_SERVER['REMOTE_ADDR'];
    $sql="SELECT * FROM $tbl_name WHERE admin ='1' AND ip ='$ip'";
    $result=mysql_query($sql);
    $rows=mysql_fetch_array($result);
    $iptrue=$rows['ip'];
    if(
    $ip == $iptrue && $rows['admin'] == 1){
    ?>
    <a href="./adm/index.php">Admin Control Panel</a>
    <? }
    Tried without the '$ip == $iptrue' as well still the link shows up for someone without admin.

  • #7
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    If that's the whole code, I think it's broken because your logic is flawed. Follow along...

    PHP Code:
    <? 
    $tbl_name
    ="users";

    // get the remote ip
    $ip=$_SERVER['REMOTE_ADDR'];

    // get all results from the table with the admin flag set where the ip is the remote ip
    $sql="SELECT * FROM $tbl_name WHERE admin ='1' AND ip ='$ip'";

    // query...
    $result=mysql_query($sql);
    $rows=mysql_fetch_array($result);

    // set to the ip from the table
    $iptrue=$rows['ip'];

    /* The ip/iptrue comparison is meaningless.  You're comparing 
        the value fetched against the value you told it to fetch. */

    // If the value I told it to fetch is fetched and the row has an admin flag, show the link.
    if($ip == $iptrue && $rows['admin'] == 1){
    ?>
    <a href="./adm/index.php">Admin Control Panel</a>
    <? }
    The weak link is that there's nothing in the query restricting it to the actual current user, unless you're relying on the IP address alone. As oracleguy implied, that could create problems.
    Are you a Help Vampire?

  • #8
    Regular Coder
    Join Date
    Mar 2009
    Location
    United Kingdom
    Posts
    161
    Thanks
    6
    Thanked 28 Times in 28 Posts
    So how can i make it identify a user if he is a admin or not?

  • #9
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    0 = non-admin
    1 = admin

    That is all you need, you don't need an ip address or anything.

  • #10
    Regular Coder
    Join Date
    Mar 2009
    Location
    United Kingdom
    Posts
    161
    Thanks
    6
    Thanked 28 Times in 28 Posts
    Ok now i have

    PHP Code:
    <? 
    $tbl_name
    ="users";
    $sql="SELECT * FROM $tbl_name WHERE admin='1'";
    $result=mysql_query($sql);
    $rows=mysql_fetch_array($result);
    if(
    $rows['admin']){
    ?>
    <p align="center"><a href="./adm/index.php">Admin Control Panel</a></p>
    <? }
    Still no luck, user with admin defined as 0 still sees the link.

  • #11
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    Here do this.

    PHP Code:
    <?php 
    $adminquery 
    = ("SELECT * FROM users");
    $adminrow mysql_fetch_array($adminquery);
    if(
    $adminrow['admin'] == 1){

    echo 
    '<p align="center"><a href="./adm/index.php">Admin Control Panel</a></p>';
    }
    else {
    echo 
    'No link';
     }
    ?>
    Delete your other and use that. I am assuming your admin field is a smallint. If not change it to smallint with a value of 1.

  • #12
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    Your logic is still flawed. You're selecting all rows from the table with an admin flag set and then checking whether you've selected any rows with an admin flag set. That's incorrect. You want to figure out if the current user is an admin. Your query does not contain that information.
    Are you a Help Vampire?

  • #13
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    Quote Originally Posted by masterofollies View Post
    Here do this.

    <snip>
    This doesn't look useful for anything but a single-user system since it selects all and assumes that the first row selected is an admin.

    (Forgot to actually run the query, too.)
    Are you a Help Vampire?

  • #14
    Regular Coder
    Join Date
    Mar 2009
    Location
    United Kingdom
    Posts
    161
    Thanks
    6
    Thanked 28 Times in 28 Posts
    thats what I thought and as said it still presents the link to non admin users.

    So how is it possible?

  • #15
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    I don't know what you're doing for your login system. I'm guessing you may not be using one since you were looking at using IP addresses. Assuming you actually do have a login system and you check before (or alongside) the query that the user is logged in, the query itself might resemble:

    PHP Code:
    $query "SELECT user FROM users WHERE user='$thisUserName' AND admin='1'"
    This is highly dependent upon your actual implementation, of course, but the idea is that it checks whether the current user is an admin. mysql_query() would fetch the result, assign it to a variable with mysql_fetch_array(), and then use mysql_num_rows() to test whether there are any rows in the result. If so, admin. Else, not admin.

    For a positive result, meaning the user is an admin, the mysql_num_rows should be only 1 since your user ID ("user" in my example) should be unique in any users table. For a negative result, meaning the user is not admin, 0 is returned. Remember to check for errors for all of the functions, too. Check the man pages for results on error conditions.

    http://us3.php.net/mysql_query
    http://us3.php.net/mysql_fetch_array
    http://us3.php.net/mysql_num_rows
    Are you a Help Vampire?


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •