-1

how to check privilege in "check"php code or page ??

I using explode and in_array

after the user log in and in "check" page the code must check privilege of user if he has "dataDisplay" privilege or not ..but the code in "check" page return user to log in page

what's my wrong in "check" page code

this is my Database:

+--------------------+-------------------------------+
| username           |   user_privilege              |
|--------------------|-------------------------------|
| amal               |7gz,agt_courses,newbill        | 
|                    |                               |
+----------------------------------------------------+
|                    |                               |
| ahmed              |dataDisplay,previllige,newUsers|
+----------------------------------------------------+

first page "login" php:

<?php
ob_start();
session_start();
include '../connection/connect.php';

$username = $_POST['username'];
$password = $_POST['password'];


if($username && $password ){
    $finduser = mysqli_query($link,"SELECT * FROM LOGIN WHERE username = '".$username."' AND password = '".$password ."'") or die("error");
    if(mysqli_num_rows($finduser) !=0){
        while($row = mysqli_fetch_array($finduser)){
            $uname = $row['username'];
            $pass= $row['password '];
            $arr=explode(",",$row['user_privilege']);
        }
    }
        {
        $_SESSION['sessionname'] =$uname;
        $_SESSION['sessionpass'] =$password ;
        $_SESSION['sessionpre'] =$arr;
        header ("location:../agtSite/agt2.php");
    }
} 
ob_end_flush();
?>

second page "check" php:

<?php
session_start();

$_SESSION['sessionpre']='';
$haspermission = in_array("dataDisplay",$_SESSION['sessionpre']);

if($haspermission ){
    header("location: ../display/display.php");
}
?>
user2982666
  • 3
  • 3
  • 2
    I want to find out how many users have access to agt_courses and previllige. How would I do that with your structure? http://en.wikipedia.org/wiki/Third_normal_form – Mike B Nov 14 '13 at 18:26
  • 1
    Try writing a query that produces that count without using LIKE in your where clause. – Mike B Nov 14 '13 at 18:33
  • There's surely a "method to this madness", yet I rather watch Dr. Jekyll & Mr. Hyde; they make more sense in a "real world" situation. – Funk Forty Niner Nov 14 '13 at 18:39
  • What [Mike B wrote](http://stackoverflow.com/questions/19985404/whats-my-wrong-in-check-page-php-code#comment29753213_19985404), was a figure of speech, a sort of scenario set in an indirect question, *as it were.* – Funk Forty Niner Nov 14 '13 at 18:40
  • 1
    @Fred-ii- Teach a man to fish vs giving him a fish. Unfortunately it looks like it's going right over OP's head. – Mike B Nov 14 '13 at 18:45
  • @MikeB I couldn't have said it better Mike. I guess some aren't able to "read between the lines". I value your comments/answers and I can say that I've learned a lot from you, as well as the other guys here on SO. I haven't asked a question in quite some time, however it's happened a few times where I almost "threw in the towel" and swallowed my pride to ask one, where I was stuck for a solution, but being perseverant and hard-headed/determined, have pulled through nicely; *thanks for that.* ;-) – Funk Forty Niner Nov 14 '13 at 18:51
  • 1
    @Fred-ii- Ditto to you sir. I've noticed several times you beat me to the answer :p. Like so many other things on the internet you need to have thick skin. Get through the people who seem to be insulting you and look for the wisdom to take away. – Mike B Nov 14 '13 at 19:03
  • @MikeB Yes, I've gone through that path already (those are the ones where "going over my head works hehe), as the 'ol saying goes "garbage in, garbage out" (GIGO) and I don't "sweat the small stuff". I like to give back to the community from what I've received here and learn quite a lot through other people's mistakes (Q's and A's are quite valuable pieces of information; good or bad), plus I'm learning along the way with help that I give others who like to help themselves, Cheers Mike. – Funk Forty Niner Nov 14 '13 at 19:09

3 Answers3

1

In your check.php script you are clearing the 'sessionpre' from the $_SESSION.

$_SESSION['sessionpre']='';

I think that line should be removed.

taxicala
  • 21,408
  • 7
  • 37
  • 66
0

Your exploding the row from outside the while loop, try changing this:

$_SESSION['sessionpre'] =explode(",",$row['user_previllige']);

to this:

$_SESSION['sessionpre'] = $arr;
David Jones
  • 4,275
  • 6
  • 27
  • 51
0

Apart from what David Jones said about eploding twice, you clear the sessionpre data just before checking it :

$_SESSION['sessionpre']='';
$haspermission = in_array("dataDisplay",$_SESSION['sessionpre']);

Edit: I see taxicala beat me to it!

Jaap Moolenaar
  • 1,080
  • 6
  • 15
  • the check page code return user to log in page – user2982666 Nov 14 '13 at 18:45
  • What happens to the session in agt.php? Do a `var_dump($_SESSION);` in check.php, what does that show? Are you sure you're not being redirected to display.php and then back to login.php? You say you're being directed back to login.php, I don't see any code that would do that ( redirect to login.php ) where is it? – Jaap Moolenaar Nov 14 '13 at 21:28