Comparing $userinfo['username']

Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

How could I compare this to two different values?

Code:

$nukeusername = $userinfo['username'];  





$sql = "SELECT * FROM " . $prefix . "_eto_divisions WHERE div_commander ='$nukeusername'";

For instance if I also had a div_xo and wanted to compare that value to $nukeusername' in the same script.

What this does is if I get a return...

Code:




$result = $db->sql_query($sql); 


   if ($db->sql_numrows($result) > 0) { 


       @session_destroy(); 


       session_start(); 


       $_SESSION['loggedin1'] = 1;

...I set a session and allow access, but I want to give access to more than one person.

Right now if I just do this:

Code:

$sql = "SELECT * FROM " . $prefix . "_eto_divisions WHERE div_commander ='$nukeusername' OR div_xo ='$nukeusername'";

I get diverted to my AccessDenied page.

Posted: Fri May 26, 2006 2:27 pm

I don't see anything obviously wrong but I'm wondering about the string "command" in that statement and whether it falls afoul of Sentinel. I saw some strange stuff with the word onion with a U in place of the O lately. If you got an abuse report via email from Sentinel or you can look in Sentinel admin and see what type of abuse it was maybe you could temporarily turn that blocker off and see.

Posted: Fri May 26, 2006 2:45 pm

My AccessDenial page is one I wrote and not the Sentinal one, so I think the script is still serving pages within my module.

Code:




if ($db->sql_numrows($result) > 0) { 


       @session_destroy(); 


       session_start(); 


       $_SESSION['loggedin1'] = 1;       


       Header("Location: modules.php?name=Campaign&file=CombatAssets"); 


    } else { 


       @session_destroy(); 


       session_start(); 


       $_SESSION['loggedin1'] = 0;       


       Header("Location: modules.php?name=Campaign&file=AccessDenied"); 


    } 


    die();

Posted: Fri May 26, 2006 5:36 pm

I guess I would echo out the SQL you are generating and maybe try the same thing in PHPmyadmin (if you have that available). Little syntax differences can make a big difference.

Posted: Thu Jun 01, 2006 7:19 am

I've been thinking about your post Donovan and maybe you've resolved it but I wanted to put this out there anyway. Maybe others will have better ways but here's what I do when I'm developing something. First the code:

[code] $sql = "UPDATE ".$prefix."_bbconfig SET config_value = '1' WHERE config_name = 'override_user_style'";
echo $sql;
if( !($result = $db->sql_query($sql)) )
{
$error = $db->sql_error();
$msg = $error[code] . ' ' . $error[message];
$msg .= "<br> for the following sql: ".$sql."";
die($msg);
} [/code]

This is code from some work I was doing on a bulletin board problem but it applies more generally. I know that it echoes the sql twice in the case of an error but I also want to see it if it works while I'm developing.

In your case I would also try to echo out the number of rows found ... I haven't tried it and am not sure what that would be if there is a sql error in your statement. Your test is that the number of rows is not greater than 1. I think that I would want to make sure it really is zero and not some null value or the result of a sql error.

I actually leave the error checking code above in the modules I develop for my own web site because I want to see what's happening and I'd rather a user sees something on his screen than just have the program go into lala land.

Posted: Mon Jun 26, 2006 2:01 pm

I still can't get this to work right.

If a person has a value in the milpacs_members table or the person is a superuser they get access to drill report.

In all other instances I want them diverted to accessdenied.

I get a blank page if logged in as an admin with no corresponding value in milpacs_members.

Here is my latest.

Code:

if (!defined('MODULE_FILE')) { 


    die ("You can't access this file directly..."); 


} 





require_once("mainfile.php"); 


$module_name = basename(dirname(__FILE__)); 


get_lang($module_name); 


global $prefix, $db; 





/* Get list of valid authors */


$row = $db->sql_fetchrow($db->sql_query("SELECT title, admins FROM ".$prefix."_modules WHERE title='$module_name'"));


$row2 = $db->sql_fetchrow($db->sql_query("SELECT name, radminsuper FROM ".$prefix."_authors WHERE aid='$aid'"));


$admins = explode(",", $row['admins']);


$auth_user = 0;


for ($i=0; $i < sizeof($admins); $i++) {


    if ($row2['name'] == "$admins[$i]" AND $row['admins'] != "") {


        $auth_user = 1;   


    }


}





//Store logged username 


$nukeusername = $userinfo['username']; 





$sql = "SELECT * FROM ".$prefix."_milpacs_members WHERE nukeusername='$nukeusername'"; 


   $result = $db->sql_query($sql); 


   if(isset($nukeusername)) && ($db->sql_numrows($result) > 0) || ($row2['radminsuper'] == 1 || $auth_user == 1) {       


       session_start(); 


       $_SESSION['loggedin1'] = 1;       


       Header("Location: modules.php?name=MILPACS&file=viewdrill"); 


      } else {         


       session_start(); 


       $_SESSION['loggedin1'] = 0;       


       Header("Location: modules.php?name=MILPACS&file=accessdenied"); 


    }    


?>

Currently I have this error:

Quote:

Parse error: syntax error, unexpected T_BOOLEAN_AND in /home/xxxxxx/public_html/milpacs/modules/MILPACS/checkuser.php on line 49

registered · Posted: Tue Jun 27, 2006 6:10 am

I don't know if this is line 49, but I do know that this line has an error in it for unmatched parenthesis:

if(isset($nukeusername)) && ($db->sql_numrows($result) > 0) || ($row2['radminsuper'] == 1 || $auth_user == 1) {

You are closing the if statment parenthesis right after your first element. This could very well be causing your problems as it does not know how to address what comes after.