Problem setting user permission w/PHP and SQL

ShinoKage · December 23, 2010, 2:29am

I didn’t know how to summarize this very well… I have 2 tables, one for permissions, and one for users. I logged in to my admin user account, which has all the permissions, but when I try to access one of the admin-only pages I get my “access denied” page instead…

Here’s how/where it checks:

include_once $_SERVER['DOCUMENT_ROOT'] . 'includes/access.inc.php';

if (!userHasPermission('User Administrator'))
{
	$error = 'Only User Account Administrators may access this page.';
	include '../accessdenied.html.php';
	exit();
}

And here’s the function involved:

function userHasPermission($permission)
{
	include 'db.inc.php';
	
	$email = mysqli_real_escape_string($link, $_SESSION['email']);
	$permission = mysqli_real_escape_string($link, $permission);
	
	$sql = "SELECT COUNT(*) FROM user
			INNER JOIN userpermissions ON user.id = userid
			INNER JOIN permissions ON permissionid = permissions.id
			WHERE email = '$email' AND permissions.id='$permission'";
	$result = mysqli_query($link, $sql);
	if (!$result)
	{
		$error = 'Error searching for user permissions.';
		include 'error.html.php';
		exit();
	}
	$row = mysqli_fetch_array($result);
	
	if ($row[0] > 0)
	{
		return TRUE;
	} else {
		return FALSE;
	}
}

And I’ve checked the query a hundred times, so I know there’re no typos (I already found them), and I have no idea what the issue is >.>

Thanks in advance

Steve_ · December 23, 2010, 3:44am

May I ask, your query is very generic. Where exactly do you look for the specific page’s permissions?
Besides that, I don’t see anything wrong with your code, does the query return results?

ShinoKage · December 23, 2010, 4:25am

I’m not exactly sure what you mean… I probably shouldn’t’ve used the word “permissions”. That if statement is where it checks for the user’s given permissions (admin, regular user, etc).

I know it’s generic x_x I’m basing it off of something else, when I tried to make it more specific it gave me errors.

What do you mean does it return results? Like, put it thru a loop to output the data or something?

You’ll have to forgive me, I’m very new to all this programming stuff :injured:

lorenw · December 24, 2010, 5:11pm

“I get my “access denied” page”
Is this error coming from error.html.php or is your error from this block.


if (!userHasPermission('User Administrator')) 
{ 
    $error = 'Only User Account Administrators may access this page.'; 
    include '../accessdenied.html.php'; 
    exit(); 
}

if it is from error.html.php you are not pulling any results.

ShinoKage · December 25, 2010, 5:32pm

lorenw:

“I get my “access denied” page”
Is this error coming from error.html.php or is your error from this block.
if (!userHasPermission('User Administrator')) 
{ 
    $error = 'Only User Account Administrators may access this page.'; 
    include '../accessdenied.html.php'; 
    exit(); 
}  
if it is from error.html.php you are not pulling any results.

Yes, it’s coming from that block there – it gives me the accessdenied.html.php file x_x