Ad:

PHP Discussion Thread
Unsolved
Views: 1167

Mar 20th, 2008

Please Help ... $rank_check = 5; ???Using IF statement to allow multiple rank access

Expand Post »

Hello everyone,

I really really need some help with this as Ive been trying to sort since December and cannot seem to get past it. I only know very basic PHP and still currently learning.

Basically I have a website with multiple pages and a membership system which has a ranking system for my members. The access to a page is set by the $rank_check = 5; statement which allows access to that particular rank and above. If I use the $rank_check == 5; then this will make access to that page ONLY for that rank which is great.

However, I currently have ranks between 1-99 and really need to be able to set the page access to allow which ever ranks I state otherwise admin could be accessed by unauthorised members.

So for example, if I want page 1 to have access to every rank above 5 then I can set it as: $rank_check = 5;

If I want page 2 to have access to ONLY rank 67 then I can use the $rank_check == 67; which is fine.

However, how do I set it so that I can set page 3 to allow access to for multiple ranks .... example ... ranks 5, 7, 48,67 and 99????

I have tried using the If statements. Also tried using the && statements along with the $rank_check == 5; but it didnt work. :O(

PLEASE PLEASE PLEASE help me and I will be eternally grateful. lol

Here is the actual document code:

PHP Syntax (Toggle Plain Text)
 
<?php
 
/*
 
Admin Main (admin.php)
 
*/
 
$page_title = "Admin - Founder Highly Restricted";
 
$rank_check = 5;
 
include "../header.inc.php";
 
print "$openHTML";
 
ECHO <<<END
PAGE CONTENT HERE
END;
 
print "$closeHTML";
 
?>
 
<?php

/*

Admin Main (admin.php)

*/

$page_title = "Admin - Founder Highly Restricted";

$rank_check = 5;

include "../header.inc.php";

print "$openHTML";

ECHO <<<END

PAGE CONTENT HERE

END;

print "$closeHTML";

?>

Here are some attempts at what I have tried using so far:

PHP Syntax (Toggle Plain Text)
 
if($rank_check == 6 || $rank_check == 7 || $rank_check == 8){    include "../header.inc.php";
 
$page_title = "admin_access6.php";
$rank_check == 6 || $rank_check == 7 || $rank_check == 8;
 
if($rank_check == "6" || $rank_check == "7" || $rank_check == "8"){    $let_them_pass = true;}
 
if($set_rank == 6 || $set_rank == 7 || $set_rank == 8){    $let_them_pass = true;}
 
<?php $page_title = "admin_access6.php";if($rank_check != 6 && $rank_check != 7 && $rank_check != 8){    exit;}include "../header.inc.php"; print "$openHTML"; $credit = $getGame[credit] / 100; ECHO <<<END
 
if($rank_check == 6 || $rank_check == 7 || $rank_check == 8){    include "../header.inc.php";

$page_title = "admin_access6.php";
$rank_check == 6 || $rank_check == 7 || $rank_check == 8;

if($rank_check == "6" || $rank_check == "7" || $rank_check == "8"){    $let_them_pass = true;}

if($set_rank == 6 || $set_rank == 7 || $set_rank == 8){    $let_them_pass = true;}

<?php $page_title = "admin_access6.php";if($rank_check != 6 && $rank_check != 7 && $rank_check != 8){    exit;}include "../header.inc.php"; print "$openHTML"; $credit = $getGame[credit] / 100; ECHO <<<END

None of these seemed to work.

Hope someone can help me as this is a really big and urgent job I need on my website.

Thanks you so much

Justin :o)

justted

Reputation Points: 10

Solved Threads: 2

Junior Poster

Offline

140 posts
since Dec 2007

Permalink

Mar 21st, 2008

Re: Please Help ... $rank_check = 5; ???Using IF statement to allow multiple rank ac

Try this (assuming that $set_rank is the user's rank):

PHP Syntax (Toggle Plain Text)
$rank_check = 5;  // the page rank
$let_them_pass = false;
if($set_rank > $rank_check) {
$let_them_pass = true;
}
 
if($let_them_pass == true) {
// do stuff
}
$rank_check = 5;  // the page rank
$let_them_pass = false;
if($set_rank > $rank_check) {
$let_them_pass = true;
}

if($let_them_pass == true) {
// do stuff
}

You only need check against $let_them_pass being either true or false.

Matti Ressler
Suomedia

Last edited by Suomedia; Mar 21st, 2008 at 1:07 am.

Suomedia

Reputation Points: 15

Solved Threads: 19

Junior Poster

Offline

154 posts
since Mar 2008

Permalink

Mar 21st, 2008

Re: Please Help ... $rank_check = 5; ???Using IF statement to allow multiple rank access

Hiya,

Thanks so much for the reply. So how exactly would I add this to my page. And from what I can see it will only allow the rank of 5 to access it??

Sorry I cant seem to get my head round it.

Justin

justted

Reputation Points: 10

Solved Threads: 2

Junior Poster

Offline

140 posts
since Dec 2007

Permalink

Mar 21st, 2008

Re: Please Help ... $rank_check = 5; ???Using IF statement to allow multiple rank ac

I am assuming that $set_rank contains the access level of your user, while $page_rank is the access level for the page. To give access to a $set_rank of 5 or above use:

PHP Syntax (Toggle Plain Text)
if($set_rank >= $rank_check) {
  $let_them_pass = true;
}
if($set_rank >= $rank_check) {
  $let_them_pass = true;
}

What you posted is rather confusing, so I am just doing it my way.

Matti Ressler
Suomedia

Last edited by Suomedia; Mar 21st, 2008 at 1:29 am.

Suomedia

Reputation Points: 15

Solved Threads: 19

Junior Poster

Offline

154 posts
since Mar 2008

Permalink

Mar 21st, 2008

Re: Please Help ... $rank_check = 5; ???Using IF statement to allow multiple rank access

Ah I can already give access to rank 5 and above, and I know how to give access to ONLY rank 5....

What I want to be able to do is alloacte exactly which ranks has access to a page. Like for example... rank 5, 10, 13 and 48 can access a page.

The $set_rank contains the rank list which is correct.

:o/ Does that make sense to you now?

Thanks so much

justted

Reputation Points: 10

Solved Threads: 2

Junior Poster

Offline

140 posts
since Dec 2007

Permalink

Mar 21st, 2008

Re: Please Help ... $rank_check = 5; ???Using IF statement to allow multiple rank ac

Ok... now you have explained better. Try this:

PHP Syntax (Toggle Plain Text)
<?php
 
/*
 
Admin Main (admin.php)
 
*/
 
$rank_check = array(5, 10, 13, 28);  // ranks allowed to access this page
 
$let_them_pass = false;
if(in_array($set_rank,$rank_check)) {  //   $set_rank is the user's access level
$let_them_pass = true;
}
 
if($let_them_pass == false) {
header("location:http://www.url.com/other_page.php");  // access denied, redirect user to another page.
}
 
$page_title = "Admin - Founder Highly Restricted";
 
include "../header.inc.php";
 
print "$openHTML";
 
ECHO <<<END
PAGE CONTENT HERE
END;
 
print "$closeHTML";
 
?>
<?php

/*

Admin Main (admin.php)

*/

$rank_check = array(5, 10, 13, 28);  // ranks allowed to access this page

$let_them_pass = false;
if(in_array($set_rank,$rank_check)) {  //   $set_rank is the user's access level
$let_them_pass = true;
}

if($let_them_pass == false) {
header("location:http://www.url.com/other_page.php");  // access denied, redirect user to another page.
}

$page_title = "Admin - Founder Highly Restricted";

include "../header.inc.php";

print "$openHTML";

ECHO <<<END

PAGE CONTENT HERE

END;

print "$closeHTML";

?>

Matti Ressler
Suomedia

Suomedia

Reputation Points: 15

Solved Threads: 19

Junior Poster

Offline

154 posts
since Mar 2008

Permalink

Mar 21st, 2008

Re: Please Help ... $rank_check = 5; ???Using IF statement to allow multiple rank access

Heya,

Thanks for your help. Thats didnt work and actually just logged me out to the log in page saying I do not have access each time regardless of the ranks I used.

Im trying to work out how it all links together and have this page which is the admin_set_status.php page

PHP Syntax (Toggle Plain Text)
<?php
 
/*
Process Set Status (admin_status.pro.php)
*/
 
$rank_check == 99;
include "../global.inc.php";
 
$set_username = strtolower(ereg_replace(" ", "", $set_username));
 
mysql_query("UPDATE members2 SET rank=$set_rank WHERE username = '$set_username' AND game = '$game'");
$findUser = fetch("SELECT id FROM members2 WHERE username = '$set_username' AND game = '$game'");
 
if ($set_rank == 0)
{
	mysql_query("DELETE FROM forum_replies2 WHERE author = '$findUser[id]' AND game = '$game'");
	mysql_query("DELETE FROM forum_subjects2 WHERE author = '$findUser[id]' AND game = '$game'");
}
 
$rank = array("Suspended", "Mute", "Under 13", "Member",  "City Guides", "News Reporter", "Member Support Officer", "Senior City Guide", "Committee Manager", "Mayors Secretary", "Police Cadets", "Job Centre Manager", "Lottery Manager", "Media Manager", "Games Centre Manager", "Community Engineer", "Police Seargeant", "Police Inspector", "Police Chief Inspector", "Police Superintendent", "Police Chief Superintendent", "Deputy Chief of Police", "Chief of Police", "Deputy Mayor", "Mayor", "Chief Engineer", "CPW Founder");
 
record("Changed Status", "$username changed $set_username's status to $rank[$set_rank]", $timestamp, $game, $userid);
 
header("Location: admin_set_status.php?game=$game&error=You+have+changed+their+rank+successfully.");
 
?>
<?php

/*
Process Set Status (admin_status.pro.php)
*/

$rank_check == 99;
include "../global.inc.php";

$set_username = strtolower(ereg_replace(" ", "", $set_username));

mysql_query("UPDATE members2 SET rank=$set_rank WHERE username = '$set_username' AND game = '$game'");
$findUser = fetch("SELECT id FROM members2 WHERE username = '$set_username' AND game = '$game'");

if ($set_rank == 0)
{
	mysql_query("DELETE FROM forum_replies2 WHERE author = '$findUser[id]' AND game = '$game'");
	mysql_query("DELETE FROM forum_subjects2 WHERE author = '$findUser[id]' AND game = '$game'");
}

$rank = array("Suspended", "Mute", "Under 13", "Member",  "City Guides", "News Reporter", "Member Support Officer", "Senior City Guide", "Committee Manager", "Mayors Secretary", "Police Cadets", "Job Centre Manager", "Lottery Manager", "Media Manager", "Games Centre Manager", "Community Engineer", "Police Seargeant", "Police Inspector", "Police Chief Inspector", "Police Superintendent", "Police Chief Superintendent", "Deputy Chief of Police", "Chief of Police", "Deputy Mayor", "Mayor", "Chief Engineer", "CPW Founder");

record("Changed Status", "$username changed $set_username's status to $rank[$set_rank]", $timestamp, $game, $userid);

header("Location: admin_set_status.php?game=$game&error=You+have+changed+their+rank+successfully.");

?>

Im not sure if its the $set_rank thats causing the problem.

:>s

Thanks so much

Justin

justted

Reputation Points: 10

Solved Threads: 2

Junior Poster

Offline

140 posts
since Dec 2007

Permalink

Mar 21st, 2008

Re: Please Help ... $rank_check = 5; ???Using IF statement to allow multiple rank ac

I don't see or know where you are setting the value for $set_rank. The code I posted works just fine if $set_rank is properly set as the user's access level.

You can check this with:

PHP Syntax (Toggle Plain Text)
echo $set_rank; die();
echo $set_rank; die();

You really need to clean up your code properly, eg. your queries should be written like this:

PHP Syntax (Toggle Plain Text)
mysql_query("UPDATE members2 SET rank ='" . $set_rank . "' WHERE username = '" . $set_username . "' AND game = '" . $game . "'");
mysql_query("UPDATE members2 SET rank ='" . $set_rank . "' WHERE username = '" . $set_username . "' AND game = '" . $game . "'");

Matti Ressler
Suomedia

Suomedia

Reputation Points: 15

Solved Threads: 19

Junior Poster

Offline

154 posts
since Mar 2008

Permalink

Mar 21st, 2008

Re: Please Help ... $rank_check = 5; ???Using IF statement to allow multiple rank access

Hello again,

Im going to try and work through what you have just written. thanks.

Would this be the place?

PHP Syntax (Toggle Plain Text)
<?php
 
ob_start();
include "globals.inc.php";
 
$con=mysql_connect($db_server,$db_username,$db_password);
//connection string
 
mysql_select_db($db_name,$con);
//select db
 
include "func.lib.php";
 
srand((double)microtime()*1000000);
 
$getGame = fetch("SELECT * FROM game_tables WHERE id = '$game'");
$game = $getGame[id];
$gameName = "$getGame[game_name]</a>";
 
if ($getGame[use_logo] == "1")
{
	$gameName = "<img src=$base_url/images/user_images/opg_$game/logo.gif></a>";
}
$gameName2 = "$getGame[game_name]";
$pointVar = "$getGame[point_var]";
$pointsVar = "$getGame[point_var]";
 
if (!$pointVar) { $pointVar = "$defaultPointsVariable"; }
 
$userCookie = "username_$game";
$passCookie = "password_$game";
 
$getInfo = fetch("SELECT * FROM members2 WHERE username = '$HTTP_COOKIE_VARS[$userCookie]' AND password = '$HTTP_COOKIE_VARS[$passCookie]' AND game = '$game'");
//echo "SELECT * FROM members2 WHERE username = '$HTTP_COOKIE_VARS[$userCookie]' AND password = '$HTTP_COOKIE_VARS[$passCookie]' AND game = '$game'";
$getInfo2 = fetch("SELECT * FROM members_profiles2 WHERE username = '$getInfo[username]' AND game = '$game'");
//echo "SELECT * FROM members_profiles2 WHERE username = '$getInfo[username]' AND game = '$game'";
$username = $getInfo[username];
$display_name = $getInfo[display_name];
$userid = $getInfo[id];
$points = $getInfo[points];
$rank = $getInfo[rank];
$hungerLevel = $getInfo[hunger_level];
//print_r($getInfo);
 
if (!$username)     
{ 
$username = "<i>Not logged in.</i>"; 
} 
 
else
{
	$sql_name="usrname";
	$membername=$username;
	$u=$HTTP_COOKIE_VARS[$passCookie];
	$_email= $getInfo2[email];
	$memberid= $getInfo[id];
	$tmp=mysql_query("SELECT * FROM pro_membersu_privchatf WHERE usrname = '$membername' LIMIT 1"); 
	while($e=mysql_fetch_array($tmp)) 
	{
		$_id = ($e['id']);
	}
	// if password exists, get users email (default table)
	$sql="SELECT * FROM pro_membersu_privchatf WHERE ".$sql_name."='$membername' LIMIT 1";
	$tmp=mysql_query($sql) or die(mysql_error().$sql);; 
	while($log_in=mysql_fetch_array($tmp)) 
	{
	$_email = ($log_in[$sql_email]);
	}
 
	if ($_id == '')
	{ 
	// if first visit, add member to MEMBERS table
	$sql = "INSERT INTO pro_membersu_privchatf (id,usrname, usrpassword, e_mail, age, gender, location, hobbies, aboutme, terms, date, photo) 
	VALUES ('$memberid','$membername', '$u', '$_email', '', '', '', '', '', '', NOW(), '')";mysql_query($sql) or die(mysql_error()); 
	$tmp=mysql_query("SELECT * FROM pro_membersu_privchatd WHERE membername = '$membername' order by id DESC LIMIT 1"); 
	while($e=mysql_fetch_array($tmp)) 
	{
		$_name = ($e['id']);
	}
 
	if ($_name == '')
	{ 
	// if first visit, add member to ONLINE table
	$system_c = date("U");
	$sql = "INSERT INTO pro_membersu_privchatd (memberid, membername, status, ontime, active) 
	VALUES ('$memberid', '$membername', 'Online', '$today', '$system_c')";mysql_query($sql) or die(mysql_error()); 
	}
		}	
 
 
}
if (!$display_name) { $display_name = "<i>Not logged in.</i>"; }
if (!$points)       { $points = "0"; }
 
if ($getInfo[hunger_level] > 10) { mysql_query("UPDATE members SET hunger_level = 10 WHERE id = '$userid' AND game = '$game'"); $hungerLevel = 10;}
 
if ($getInfo[hunger_level] < 0) { mysql_query("UPDATE members SET hunger_level = 0 WHERE id = '$userid' AND game = '$game'");  $hungerLevel = 0; }
 
$hungerLevel = $hungerArray[$hungerLevel];
 
if (!$rank_check) { $rank_check = 0; }
if (!$rank) { $rank = 0; }
if ($rank < $rank_check)
{
	//exit;
	die(header(error("$base_url/login.php?game=$game","$noAccessError")));
}
 
#############
######## Hits
mysql_query("UPDATE hits SET hits = hits + 1");
 
mysql_query("UPDATE game_tables SET hits=$getGame[hits]+1 WHERE id = '$game'");
 
$current_date = "$getGame[the_current_date]";
$zeroHits = "0";
if ($datestamp != "$current_date")
{
	mysql_query("UPDATE game_tables SET daily_page_views=0 WHERE the_current_date != '$datestamp'") or die ("Database error: ".mysql_error());
	mysql_query("UPDATE game_tables SET the_current_date = '$datestamp' WHERE the_current_date != '$datestamp'") or die ("Database error: ".mysql_error());
	$getGame[daily_page_views] = 0;
}
 
mysql_query("UPDATE game_tables SET daily_page_views = daily_page_views + 1 WHERE id = '$game'");
 
#############
 
?>
<?php

ob_start();
include "globals.inc.php";

$con=mysql_connect($db_server,$db_username,$db_password);
//connection string

mysql_select_db($db_name,$con);
//select db

include "func.lib.php";

srand((double)microtime()*1000000);

$getGame = fetch("SELECT * FROM game_tables WHERE id = '$game'");
$game = $getGame[id];
$gameName = "$getGame[game_name]</a>";

if ($getGame[use_logo] == "1")
{
	$gameName = "<img src=$base_url/images/user_images/opg_$game/logo.gif></a>";
}
$gameName2 = "$getGame[game_name]";
$pointVar = "$getGame[point_var]";
$pointsVar = "$getGame[point_var]";

if (!$pointVar) { $pointVar = "$defaultPointsVariable"; }

$userCookie = "username_$game";
$passCookie = "password_$game";

$getInfo = fetch("SELECT * FROM members2 WHERE username = '$HTTP_COOKIE_VARS[$userCookie]' AND password = '$HTTP_COOKIE_VARS[$passCookie]' AND game = '$game'");
//echo "SELECT * FROM members2 WHERE username = '$HTTP_COOKIE_VARS[$userCookie]' AND password = '$HTTP_COOKIE_VARS[$passCookie]' AND game = '$game'";
$getInfo2 = fetch("SELECT * FROM members_profiles2 WHERE username = '$getInfo[username]' AND game = '$game'");
//echo "SELECT * FROM members_profiles2 WHERE username = '$getInfo[username]' AND game = '$game'";
$username = $getInfo[username];
$display_name = $getInfo[display_name];
$userid = $getInfo[id];
$points = $getInfo[points];
$rank = $getInfo[rank];
$hungerLevel = $getInfo[hunger_level];
//print_r($getInfo);
 
if (!$username)     
{ 
$username = "<i>Not logged in.</i>"; 
} 

else
{
	$sql_name="usrname";
	$membername=$username;
	$u=$HTTP_COOKIE_VARS[$passCookie];
	$_email= $getInfo2[email];
	$memberid= $getInfo[id];
	$tmp=mysql_query("SELECT * FROM pro_membersu_privchatf WHERE usrname = '$membername' LIMIT 1"); 
	while($e=mysql_fetch_array($tmp)) 
	{
		$_id = ($e['id']);
	}
	// if password exists, get users email (default table)
	$sql="SELECT * FROM pro_membersu_privchatf WHERE ".$sql_name."='$membername' LIMIT 1";
	$tmp=mysql_query($sql) or die(mysql_error().$sql);; 
	while($log_in=mysql_fetch_array($tmp)) 
	{
	$_email = ($log_in[$sql_email]);
	}
	
	if ($_id == '')
	{ 
	// if first visit, add member to MEMBERS table
	$sql = "INSERT INTO pro_membersu_privchatf (id,usrname, usrpassword, e_mail, age, gender, location, hobbies, aboutme, terms, date, photo) 
	VALUES ('$memberid','$membername', '$u', '$_email', '', '', '', '', '', '', NOW(), '')";mysql_query($sql) or die(mysql_error()); 
	$tmp=mysql_query("SELECT * FROM pro_membersu_privchatd WHERE membername = '$membername' order by id DESC LIMIT 1"); 
	while($e=mysql_fetch_array($tmp)) 
	{
		$_name = ($e['id']);
	}
	
	if ($_name == '')
	{ 
	// if first visit, add member to ONLINE table
	$system_c = date("U");
	$sql = "INSERT INTO pro_membersu_privchatd (memberid, membername, status, ontime, active) 
	VALUES ('$memberid', '$membername', 'Online', '$today', '$system_c')";mysql_query($sql) or die(mysql_error()); 
	}
		}	
			
			
}
if (!$display_name) { $display_name = "<i>Not logged in.</i>"; }
if (!$points)       { $points = "0"; }

if ($getInfo[hunger_level] > 10) { mysql_query("UPDATE members SET hunger_level = 10 WHERE id = '$userid' AND game = '$game'"); $hungerLevel = 10;}

if ($getInfo[hunger_level] < 0) { mysql_query("UPDATE members SET hunger_level = 0 WHERE id = '$userid' AND game = '$game'");  $hungerLevel = 0; }

$hungerLevel = $hungerArray[$hungerLevel];

if (!$rank_check) { $rank_check = 0; }
if (!$rank) { $rank = 0; }
if ($rank < $rank_check)
{
	//exit;
	die(header(error("$base_url/login.php?game=$game","$noAccessError")));
}

#############
######## Hits
mysql_query("UPDATE hits SET hits = hits + 1");

mysql_query("UPDATE game_tables SET hits=$getGame[hits]+1 WHERE id = '$game'");

$current_date = "$getGame[the_current_date]";
$zeroHits = "0";
if ($datestamp != "$current_date")
{
	mysql_query("UPDATE game_tables SET daily_page_views=0 WHERE the_current_date != '$datestamp'") or die ("Database error: ".mysql_error());
	mysql_query("UPDATE game_tables SET the_current_date = '$datestamp' WHERE the_current_date != '$datestamp'") or die ("Database error: ".mysql_error());
	$getGame[daily_page_views] = 0;
}

mysql_query("UPDATE game_tables SET daily_page_views = daily_page_views + 1 WHERE id = '$game'");

#############

?>

This is the global document. For some reason I cannot get my head around the $set_rank for some reason. lol

I basically brought the script that said it would have 100% support etc but when I got it the guy never ever replied to tech problems and Ive noticed this has been common with other people.

So I have basically had to learn as much PHP/MySql as I can and try and get it all fixed and changed myself. So far ive managed to do lots but this has been a constant problem. lol

Thanks for letting me know about the need to clean it up

Justin

justted

Reputation Points: 10

Solved Threads: 2

Junior Poster

Offline

140 posts
since Dec 2007

Permalink

Mar 21st, 2008

Re: Please Help ... $rank_check = 5; ???Using IF statement to allow multiple rank ac

That does not contain $set_rank .... the only thing that I can see close to it is:

PHP Syntax (Toggle Plain Text)
$rank = $getInfo[rank];
$rank = $getInfo[rank];

Perhaps $set_rank is set in globals.inc.php as I would expect it to be registered in the user session.

Matti Ressler
Suomedia

Suomedia

Reputation Points: 15

Solved Threads: 19

Junior Poster

Offline

154 posts
since Mar 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in PHP Forum Timeline: Login question php??

Next Thread in PHP Forum Timeline: online transaction system

DaniWeb Message

Cancel Changes

User Name
Password