IF Statements 1

[JamesCliff]

Hi all,

Ok.... i have a page with the following code (note: these are snippets of code from the page)

	if($_SESSION['password'] == $db_pass['password']) { 
		$logged_in = 1;
					
	$user_lev = $db_object->query("SELECT user_level FROM brisk_users WHERE username = '".$_SESSION['username']."'");
					
	} else {
		$logged_in = 0;
		unset($_SESSION['username']);
		unset($_SESSION['password']);
	}

As you can see this is where i get my $logged_in and $user_lev variable from. $user_lev is the important variable here as everything else works how its supposed to.

Further down the page i have this snipped of code:

if($logged_in == 1) {

?>
  <div align="left"><font size="1" face="Verdana, Arial, Helvetica, sans-serif" color="4C4C4C">Welcome back <?php echo $_SESSION['username']; ?>, 
  you are logged in.&nbsp;&nbsp;&nbsp;</font></font><font color="4C4C4C" size="1" face="Verdana, Arial, Helvetica, sans-serif"><a href="logout.php">**LOGOUT**</a></font></div>
<?php
}
else
{
...................
}

Now as you can see above if the $logged_in variable is set to 1 then the logged in text is displayed. This works fine, however im setting up a user level system.

Basiclly as you can see in the first snippet of code im getting the specific users user_level from the database. There is 2 values the users level can be; these are 0 (member with no privalages) and 1 (site mod / admin).

I want it so when a user with a 0 $user_lev value signs in they are greeted with the original logged in message thats within the second snippet of code. However when a user with a $user_lev of 1 signs in they are greeted with the same message as the normal members message except it has the word "ADMIN" at the end. Once i have achieved this i can customize it even more.

Ive tried using IF statements within the $logged_in ifstatment but they dont work as they should. Is there anyway i can achieve what im trying to do? Surely it dosnt require much more code, a couple of lines maybe, however im not experienced enough to do this correctly.

Any help greatly appriciated.

Thanks alot

Jim

 

[WoodyRoundUp]

<?
if($logged_in == 1) {
?>
<div align="left"><font size="1" face="Verdana, Arial, Helvetica, sans-serif" color="4C4C4C">Welcome back <?php echo $_SESSION['username']; ?>,
you are logged in<?echo ($user_lev==1 ? " as Admin" : "");?>.&nbsp;&nbsp;&nbsp;</font></font><font color="4C4C4C" size="1" face="Verdana, Arial, Helvetica, sans-serif"><a href="logout.php">**LOGOUT**</a></font></div>
<?php
}
?>

 

[JamesCliff]

Thanks for the prompt reply m8.

I have added that to the code, however it isnt working. Im getting no parse errors though and the script is continueing to work like it did previously, however not with the admin echo feature.

This leads me to believe it has to be a problem with my sql query. I cant understand it though. The query seems mint, ive checked it over several times. Its as if the query is not calling the user_level from the database.

Ill post the rest of my code and see if someone can help me.

<?php

/* check login script, included in db_connect.php. */

session_start();

if (!isset($_SESSION['username']) || !isset($_SESSION['password'])) {
	$logged_in = 0;
	return;
} else {

	// remember, $_SESSION['password'] will be encrypted.

	if(!get_magic_quotes_gpc()) {
		$_SESSION['username'] = addslashes($_SESSION['username']);
	}


	// addslashes to session username before using in a query.
	$pass = $db_object->query("SELECT password FROM brisk_users WHERE username = '".$_SESSION['username']."'");

	if(DB::isError($pass) || $pass->numRows() != 1) {
		$logged_in = 0;
		unset($_SESSION['username']);
		unset($_SESSION['password']);
		// kill incorrect session variables.
	}

	$db_pass = $pass->fetchRow();

	// now we have encrypted pass from DB in 
	//$db_pass['password'], stripslashes() just incase:

	$db_pass['password'] = stripslashes($db_pass['password']);
	$_SESSION['password'] = stripslashes($_SESSION['password']);



	//compare:



	if($_SESSION['password'] == $db_pass['password']) { 
		// valid password for username
		$logged_in = 1; // they have correct info
					// in session variables.
		$user_lev = $db_object->query("SELECT user_level FROM brisk_users WHERE username = '".$_SESSION['username']."'");
		
					
					
	} else {
		$logged_in = 0;
		unset($_SESSION['username']);
		unset($_SESSION['password']);
		// kill incorrect session variables.
	}
}


// clean up
unset($db_pass['password']);

$_SESSION['username'] = stripslashes($_SESSION['username']);

?>

The above code is on a seperate page which is included into a file called db_connect_login.php and then db_connect_login is included into the main login.php. This is someone else's script, however im modding it to suit my own needs.

As you can see the code above is validating the values input into the form code below. If the values entered are valid then the code above changes the $logged_in variable to 1, however if they are invalid the variable is changed to 0. This is then included into db_connect_login.php which is then included into login.php. The code for this page is below:

require 'config/db_connect_login.php';

if($logged_in == 1) {

?>
  <div align="left"><font size="1" face="Verdana, Arial, Helvetica, sans-serif" color="4C4C4C">Welcome back <?php echo $_SESSION['username']; ?>, 
  you are logged in<? echo ($user_lev == 1 ? " as Admin" : ""); ?>&nbsp;&nbsp;&nbsp;</font></font><font color="4C4C4C" size="1" face="Verdana, Arial, Helvetica, sans-serif"><a href="logout.php">**LOGOUT**</a></font></div>
<?php
}
else
{
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<div align="left"><font color="4C4C4C"> 
  <?php

if (isset($_POST['submit'])) { // if form has been submitted


	/* check they filled in what they were supposed to and authenticate */
	if(!$_POST['uname'] | !$_POST['passwd']) {
		header('Location: index.php?page=errors/requiredfield');
		die('');
	}

	// authenticate.

	if (!get_magic_quotes_gpc()) {
		$_POST['uname'] = addslashes($_POST['uname']);
	}

	$check = $db_object->query("SELECT username, password FROM brisk_users WHERE username = '".$_POST['uname']."'");

	if (DB::isError($check) || $check->numRows() == 0) {
		header('Location: index.php?page=errors/username');
		die('');

	}

	$info = $check->fetchRow();

	// check passwords match

	$_POST['passwd'] = stripslashes($_POST['passwd']);
	$info['password'] = stripslashes($info['password']);
	$_POST['passwd'] = md5($_POST['passwd']);

	if ($_POST['passwd'] != $info['password']) {
		header('Location: index.php?page=errors/password');
		die('');
	}

	// if we get here username and password are correct, 
	//register session variables and set last login time.

	$date = date('m d, Y');

	$update_login = $db_object->query("UPDATE brisk_users SET last_login = '$date' WHERE username = '".$_POST['uname']."'");

	$_POST['uname'] = stripslashes($_POST['uname']);
	$_SESSION['username'] = $_POST['uname'];
	$_SESSION['password'] = $_POST['passwd'];
	$db_object->disconnect();
?>
  <font size="1" face="Verdana, Arial, Helvetica, sans-serif" color="4C4C4C">Welcome back <?php echo $_SESSION['username']; ?>, 
  you are logged in.&nbsp;&nbsp;&nbsp;</font></font><font color="4C4C4C" size="1" face="Verdana, Arial, Helvetica, sans-serif"><a href="logout.php">**LOGOUT**</a></font> 
  <?php
} else {	// if form hasn't been submitted
?>
</div>
<table width="100%">
<tr>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"><td>

  <p align="left"><font color="4C4C4C" size="1" face="Verdana, Arial, Helvetica, sans-serif">Username: 
    <input style="height:14px" name="uname" type="text" value="" size="8">
    &nbsp;Password:</font> <font color="4C4C4C"> 
    <input style="height:14px" name="passwd" type="password" size="8">
    &nbsp; 
    <input style="height:14px" type="submit" name="submit" value="-->">
    </font></p>
  
</td></form>
</tr>
</table>
<?php } ?>
</body>
</html>
<?php } ?>

This may give you an idea on how the system works. Its works fine without my additions, however i cant understand why my additions wont work. The user_level query is in the right place with the right conditions and the $user_lev variable is included in the login.php, yet even if the $user_lev query worked and got a value of 1 (i cant see why the query wont work) the admin echo isnt displayed onto the login.php

Can anyone help me trouble shoot this.

Thanks

Jim

 

[WoodyRoundUp]

When you do echo $usr_level."XX";
in this if, what do you see? does it give you 1XX or XX only?

if($logged_in == 1) {
echo $user_lev."XX";
?>

 

[JamesCliff]

uve lost me m8 :S,

sorry for been such a tard here, but what do you mean with the XX thing. The echo is like this:

<? echo ($user_lev == 1 ? " as Admin" : ""); ?>

Whats the question mark for after the 1?
Can you explain the problem to me again.

Sorry abouut this

Thanks

Jim

 

[WoodyRoundUp]

if($logged_in == 1) {
echo $user_lev."XX";
}

With the "XX", I just wanted to see what value contained in the $user_lev, to make sure that the error is not from here.

<? echo ($user_lev == 1 ? " as Admin" : ""); ?>
THis one here means that if the user_level is one, the it will ehco as Admin, or else display nothing.

 

[JamesCliff]

ah rite yeh i get you.

Ive tried that and im getting "ObjectXX"

Thats it.

This means it has to be the query, however i cant see why the query isnt working and the variable isnt been passed.

Anyone able to help?

Thanks

Jim

 

[WoodyRoundUp]

Can you post your code for:
$db_object->query()

that should lies in the class that stores db_object

 

[JamesCliff]

yeh, the code for the db_object is in db_connect_login.php

It is:

<?php

//require the PEAR::DB classes.

require_once 'DB.php';


$db_engine = 'mysql';
$db_user = 'jim11';
$db_pass = 'jakechloe';
$db_host = '127.0.0.1';
$db_name = 'briskfire';

$datasource = $db_engine.'://'.
			  $db_user.':'.
			  $db_pass.'@'.
		 	  $db_host.'/'.
	  		  $db_name;


$db_object = DB::connect($datasource, TRUE);

/* assign database object in $db_object, 

if the connection fails $db_object will contain

the error message. */

// If $db_object contains an error:

// error and exit.

if(DB::isError($db_object)) {
	die($db_object->getMessage());
}

$db_object->setFetchMode(DB_FETCHMODE_ASSOC);

// we write this later on, ignore for now.

include('includes/check_login.php');

?>

Thing is though, the $db_object variable works fine because it is used within the check_login.php which checks the login details entered by the user and also has the user_level query as well.

See what you think though.

The check_login.php page which does all the validation with the user details and also executes the query to check the user_level from the database contains the following code (in my opinion this is the page where the problem lies):

<?php

/* check login script, included in db_connect.php. */

session_start();

if (!isset($_SESSION['username']) || !isset($_SESSION['password'])) {
	$logged_in = 0;
	return;
} else {

	// remember, $_SESSION['password'] will be encrypted.

	if(!get_magic_quotes_gpc()) {
		$_SESSION['username'] = addslashes($_SESSION['username']);
	}


	// addslashes to session username before using in a query.
	$pass = $db_object->query("SELECT password FROM brisk_users WHERE username = '".$_SESSION['username']."'");

	if(DB::isError($pass) || $pass->numRows() != 1) {
		$logged_in = 0;
		unset($_SESSION['username']);
		unset($_SESSION['password']);
		// kill incorrect session variables.
	}

	$db_pass = $pass->fetchRow();

	// now we have encrypted pass from DB in 
	//$db_pass['password'], stripslashes() just incase:

	$db_pass['password'] = stripslashes($db_pass['password']);
	$_SESSION['password'] = stripslashes($_SESSION['password']);



	//compare:



	if($_SESSION['password'] == $db_pass['password']) { 
		// valid password for username
		$logged_in = 1; // they have correct info
					// in session variables.
		$user_lev = $db_object->query("SELECT user_level FROM brisk_users WHERE username = '".$_SESSION['username']."'");
		
					
					
	} else {
		$logged_in = 0;
		unset($_SESSION['username']);
		unset($_SESSION['password']);
		// kill incorrect session variables.
	}
}


// clean up
unset($db_pass['password']);

$_SESSION['username'] = stripslashes($_SESSION['username']);

?>

See what you think.

Thanks

Jim

 

[WoodyRoundUp]

Sorry, I still need more info.
Now, in the DB.php, look for this function:

Function Query

The code will tell me what variable should I use.

Thank you man.

 

[JamesCliff]

The DB.php is some sort of config file based within the server m8. I found it at the following location:

/usr/share/pear/DB.php

However when i searched through it i couldnt find the "Function Query" function within it.

I dont know what else you need tbh.

It seems to me that the error is from within the check_login.php as this is where the query is based. However the query isnt been executed or it is but its just not working and getting the specific user_level for the username that has been entered into the form by a site user. Once the $user_lev variable has a value everything else should work.

What u think m8?

Thanks

 

[WoodyRoundUp]

Hm. Ok.
Normally we write that file ourself.
The query is executed, but it returns object.
My purpose here is to find the data structure of the return object, so you could call it.

If that's the case, to have a simple shortcut (quickfix), use this line:

<? echo ($user_lev ? " as Admin" : ""); ?>

Hopefully this will work, other wise, I need to know more info.

 

[JamesCliff]

Ahhhh,

Ok i see now m8. The query is been executed as it returns an object. Can you explain to me what this means if an object is returned?

That code you gave me does work, however it shows the words "ad Admin" for every user that logs in even if they have a user_level as 0.

Why is this happening?

Thanks

ps. I appriciate all your help

 

[WoodyRoundUp]

Ok.
I found a new way to look through the object.
Can you print this code:

print_r($user_lev);

and see what's in there.

Thank you.

 

[JamesCliff]

lol,
well i did that m8.

Here it is if ur sure u want it or u can make sence of it lol (ive removed mysqld passwords from it):

db_result Object ( [dbh] => db_mysql Object ( [connection] => Resource id #15 [phptype] => mysql [dbsyntax] => mysql [prepare_tokens] => Array ( ) [prepare_types] => Array ( ) [num_rows] => Array ( [17] => 1 [18] => 1 ) [transaction_opcount] => 0 [autocommit] => 1 [fetchmode] => 2 [_db] => briskfire [_debug] => [_default_error_mode] => [_default_error_options] => [_default_error_handler] => [_error_class] => DB_Error [_expected_errors] => Array ( ) [features] => Array ( [prepare] => [pconnect] => 1 [transactions] => 1 [limit] => alter ) [errorcode_map] => Array ( [1004] => -15 [1005] => -15 [1006] => -15 [1007] => -5 [1008] => -17 [1022] => -5 [1046] => -14 [1050] => -5 [1051] => -18 [1054] => -19 [1062] => -5 [1064] => -2 [1100] => -21 [1136] => -22 [1146] => -18 [1048] => -3 [1216] => -3 ) [type] => [prepared_queries] => [prepare_maxstmt] => 0 [last_query] => SELECT user_level FROM brisk_users WHERE username = 'jim11' [fetchmode_object_class] => stdClass [options] => Array ( [persistent] => 1 [optimize] => performance [debug] => 0 [seqname_format] => %s_seq [autofree] => ) [dbh] => [dsn] => Array ( [phptype] => mysql [dbsyntax] => mysql [username] => **** [password] => **** [protocol] => tcp [hostspec] => **** [port] => [socket] => [database] => briskfire ) ) [result] => Resource id #18 [row_counter] => [limit_from] => [limit_count] => [limit_type] => alter [autofree] => [fetchmode] => 2 [fetchmode_object_class] => stdClass )

 

[WoodyRoundUp]

Yup. That helps a little, not too much.

But this should do it.

$user_lev = your query here.
$row = mysql_fetch_row($user_lev->dbh->result);
$user_lev = $row[0];

And put back the code for displaying to the one that I gave you.

 

[JamesCliff]

ok m8.

I added this code to my check_login.php:

$user_lev = $db_object->query("SELECT user_level FROM brisk_users WHERE username = '".$_SESSION['username']."'");
$row = mysql_fetch_row($user_lev->dbh->result);
$user_levv = $row[0];

I put an extra "v" on the last variable as you cant have 2 variables the same. I figured it was a typo error you made when typing it, or am i wrong?

Im using this code on my login.php:

<? echo ($user_levv ? " as Admin" : ""); ?>

However when im getting the following error:

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /usr/local/apache2/

http://wwwroot/briskfire.com/new/includes/check_login.php

on line 57

What you think m8?

Thanks

 

[WoodyRoundUp]

Oh dear.
Can you send me a copy of DB.php?
Is that readable by human language?

If it is, send to: woodyroundup at gmail dot com

So I could figure it out.

Sorry for all the trouble mate.

 

[JamesCliff]

Ok m8,

Ive emailed you a copy, just downloaded it off the linux server and zipped it up. Ive emailed it to your gmail account like you said.

Dont worry about the trouble, im greatful to you for all the help youve given me.

Thanks alot

Let me know what you find bud.

 

[WoodyRoundUp]

This time I think I got it.

$user_lev_rs = $db_object->query("SELECT user_level FROM brisk_users WHERE username = '".$_SESSION['username']."'");
$row = $user_lev_rs->fetchRow()
$user_lev = $row[0];

And use this:

<? echo ($user_lev==1 ? " as Admin" : ""); ?>

Cheers.