SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast
    Join Date
    May 2002
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Can't figure this out...help needed

    I have a script here, and part of it changes user groups for a selected user, here's the code for it:
    PHP Code:
    if ($_GET['action']=="changeusergroups")
    {
    dbconnect();
    echo 
    "<center><h3>Edit Usergroups</h3>";
    echo 
    "<b>User Groups Key:</b> (note: usergroups inherit all priveledges of usergroups below them)<br>";
    echo 
    "<b>User Group ID: 1/<b>- Normal Users<br>";
    echo 
    "Access: View news,reviews, and articles. Post user comments, user news, and user ratings. View All public content<br><br>";
    echo 
    "<b>User Group ID: 2</b>-  Staff Members<br>";
    echo 
    "Access: Create products and reviews, create news posts, create articles. Edit own products, reviews, news posts, and articles<br><br>";
    echo 
    "<b>User Group ID: 3</b>- Administrators<br>";
    echo 
    "Access: Edit users, delete users, validate users, edit ALL products, reviews, articles, and news. Change site settings.";
    $query1"select * from user";
    $result1mysql_query($query1)
    or die(
    mysql_error());
    echo 
    "<table border=1 cellpadding=3>";
    echo 
    "<b><tr><td>User ID</td><td>Username</td><td>User Group ID</td><td>E-mail Address</td><td>Register Date</td><td>Change User Group</td></tr></b>";
    while (
    $smysql_fetch_array($result1))
    {
    $userid$s['userid'];
    $username$s['username'];
    $emailaddress$s['email'];
    $usergroupid$s['usergroupid'];
    $registerdateconvertdate($s['registerdate']);
    echo 
    "<tr><td>$userid</td><td>$username</td><td>$usergroupid</td><td>$emailaddress</td><td>$registerdate</td><td><a href= 'admin.php?action=changeusergroups2&id=$userid'>Change Usergroup</a></td></tr><br>";
    }
    echo 
    "</table>";
    }
    if (
    $_GET['action']=="changeusergroups2")
    {
    dbconnect();
    $id$_GET['id'];
    echo 
    "<table border=1 cellpadding=3>";
    echo 
    "<b><tr><td>User ID</td><td>Username</td><td>User Group ID</td><td>E-mail Address</td><td>Register Date</td><td>Change User Group</td></tr></b>";
    echo 
    "<form action= 'admin.php?action=dochangeusergroups&id=$id' method= 'post'>";
    $query1"select * from user where userid= $id";
    $result1mysql_query($query1)
    or die(
    mysql_error());
    while (
    $smysql_fetch_array($result1))
    {
    $username$s['username'];
    $emailaddress$s['email'];
    $usergroupid$s['usergroupid'];
    $registerdateconvertdate($s['registerdate']);
    echo 
    "<tr><td>$id</td><td>$username</td><td>$usergroupid</td><td>$emailaddress</td><td>$registerdate</td>
    <td>
    <select name= 'changeusergroupid'>
    <option value=''> Select User Group ID
    <option value=''>----------------------------------------------------
    <option value= '1'> Normal User (User Group ID- 1)
    <option value= '2'> Staff (User Group ID- 2)
    <option value= '3'> Administrator (User Group ID- 3)
    </select>
    </td>
    </tr><br>"
    ;
    }
    echo 
    "</table>";
    echo 
    "<input type= 'submit' value= 'Change User Group'>";
    echo 
    "</form>";
    }
    if (
    $_GET['action']=="dochangeusergroups")
    {
    dbconnect();
    $id$_GET['id'];
    $newusergroupid$_POST['changeusergroupid'];
    $query1"update user set usergroupid= 'new$usergroupid' where userid= $id";
    $result1mysql_query($query1)
    or die(
    mysql_error());
    echo 
    "<center>User Group Updated!<br>";
    echo 
    "Click <a href= 'index.php'> here</a> to return the the admin index.<br>";

    at the top of the page, before all the if $_GET['action']'s are called, this is included:
    session_start()
    checkadminloggedin();

    my function for checkadminloggedin() is:
    PHP Code:
    function checkadminloggedin()
    {
    if (
    $_SESSION[usergroupid] !=3)
     {
    echo 
    "<center>You do not have permission to access this page.<br>";
    echo 
    "Click <a href= '../index.php'>here</a> to return to the main page<br>";
    echo 
    "If you are staff <a href='login.php'>click here</a> to login</center>";
    die();
    }

    now for some reason, on the action=changeusergroups page, when I click "change usergroup" for any user other than myself(that i'm currently logged in as), it moves to action=chageusergroups2 and then fails to pass the admincheck.
    but that shouldn't be as my $_SESSION['usergroupid'] hasn't changed.
    further more, when I click loguout, it says i'm logged in as the user i was trying to change, not my username. i have no idea why

    and for login.php session values are set using:
    PHP Code:
    $_SESSION['userid']= $s['userid'];
    $_SESSION['username']= $s['username'];
    $_SESSION['usergroupid']= $s['usergroupid'];
    $_SESSION['email']= $s['email'];
    $_SESSION['adminauth']= $s['adminauth'];
    $_SESSION['usertitle']= $s['usertitle'];
    $_SESSION['usersig']= $s['usersig'];
    $_SESSION['registerdate']= convertregisterdate($s['registerdate']);
    $_SESSION['loggedin']= 1
    any ideas or does this not make sense or is more info needed?

  2. #2
    SitePoint Enthusiast
    Join Date
    May 2002
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    forgot to mention, this works on my local server but when i upload it to my website it doesn't


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •