Hoe kan ik zorgen dat bestanden met een hoog lvl niet gewijzigd kunnen worden?
Ik maak gebruik van het systeem van Jan Koehoorn, een super script, ik gebruik dit als edit page:
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<?php
require '../authenticatie.php';
?>
<?php
session_start();
$id = $_SESSION['id'];
$result = mysql_query("SELECT level FROM zap_members WHERE id = '$id'")
or die(mysql_error());
while($row = mysql_fetch_array($result)) {
if($row['level'] >= 8){
?>
<html>
<head>
<title>Edit the user!</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
@import '../source/login.css';
</style>
</head>
<body>
<table width="600" border="0" align="center">
<tr>
<td align="center" valign="top">
<h2><font color="#000066">Edit the user!</font></h2>
Fill in all fields!</td>
</tr>
<tr>
<td align="center" valign="top">
<?php
$tb_name = 'zap_members';
include '../config/config2.php';
$query = "SELECT * FROM `$tb_name` WHERE `id`='$id'";
$result = mysql_query( $query );
if( $result && $contact = mysql_fetch_object( $result ) )
{
$name = $contact -> name;
$username = $contact -> username;
$date = $contact -> date;
$country = $contact -> country;
$website = $contact -> website;
$ip = $contact -> ip;
$host = $contact -> host;
$level = $contact -> level;
$password = $contact -> password;
}
?>
<form action="save.php" method="get"> <input type="hidden" name="id" value="<?php echo($id) ?>">
<table border="1" cellpadding="4" cellspacing="2" bordercolor="#333333" bgcolor="#eeeeee">
<tr>
<th align="left">Name</th><td align="left"><input name="name" type="text" value="<?php echo($name) ?>" /></td></tr>
<tr><th align="left">Username</th><td align="left"><input name="username" type="text" value="<?php echo($username) ?>" /></td></tr>
<tr><th align="left">Password</th><td align="left"><input name="password" type="text" value="<?php echo sha1($password) ?>" /></td></tr>
<tr><th align="left">Date joined</th><td align="left"><input name="date" type="text" value="<?php echo($date) ?>" /></td></tr>
<tr><th align="left">Country</th><td align="left"><input name="country" type="text" value="<?php echo($country) ?>" /></td></tr>
<tr><th align="left">Website</th><td align="left"><input name="website" type="text" value="<?php echo($website) ?>" /></td></tr>
<tr><th align="left">IP</th><td align="left"><input name="ip" type="text" value="<?php echo($ip) ?>" /></td></tr>
<tr><th align="left">Host</th><td align="left"><input name="host" type="text" value="<?php echo($host) ?>" /></td></tr>
<tr><th align="left">Level</th><td align="left"><select name="level"><option value="<?php echo($level) ?>"><?php echo($level) ?></option>
<option value="1">Normal</option>
<option value="2">Poster</option>
<option value="3">Moderator</option>
<option value="8">Administrator</option></select>
</td></tr>
</table>
<br> <input type="submit" value="Save"> <input type="reset" value="reset"> <br><br>
<a href=index.php><font color="#FF0000"><strong>Back</strong></font></a><br>
</form>
</td>
</tr>
</table>
</body>
</html>
<?
}
else {
echo 'You are not an admin!';
}
}
?>
require '../authenticatie.php';
?>
<?php
session_start();
$id = $_SESSION['id'];
$result = mysql_query("SELECT level FROM zap_members WHERE id = '$id'")
or die(mysql_error());
while($row = mysql_fetch_array($result)) {
if($row['level'] >= 8){
?>
<html>
<head>
<title>Edit the user!</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
@import '../source/login.css';
</style>
</head>
<body>
<table width="600" border="0" align="center">
<tr>
<td align="center" valign="top">
<h2><font color="#000066">Edit the user!</font></h2>
Fill in all fields!</td>
</tr>
<tr>
<td align="center" valign="top">
<?php
$tb_name = 'zap_members';
include '../config/config2.php';
$query = "SELECT * FROM `$tb_name` WHERE `id`='$id'";
$result = mysql_query( $query );
if( $result && $contact = mysql_fetch_object( $result ) )
{
$name = $contact -> name;
$username = $contact -> username;
$date = $contact -> date;
$country = $contact -> country;
$website = $contact -> website;
$ip = $contact -> ip;
$host = $contact -> host;
$level = $contact -> level;
$password = $contact -> password;
}
?>
<form action="save.php" method="get"> <input type="hidden" name="id" value="<?php echo($id) ?>">
<table border="1" cellpadding="4" cellspacing="2" bordercolor="#333333" bgcolor="#eeeeee">
<tr>
<th align="left">Name</th><td align="left"><input name="name" type="text" value="<?php echo($name) ?>" /></td></tr>
<tr><th align="left">Username</th><td align="left"><input name="username" type="text" value="<?php echo($username) ?>" /></td></tr>
<tr><th align="left">Password</th><td align="left"><input name="password" type="text" value="<?php echo sha1($password) ?>" /></td></tr>
<tr><th align="left">Date joined</th><td align="left"><input name="date" type="text" value="<?php echo($date) ?>" /></td></tr>
<tr><th align="left">Country</th><td align="left"><input name="country" type="text" value="<?php echo($country) ?>" /></td></tr>
<tr><th align="left">Website</th><td align="left"><input name="website" type="text" value="<?php echo($website) ?>" /></td></tr>
<tr><th align="left">IP</th><td align="left"><input name="ip" type="text" value="<?php echo($ip) ?>" /></td></tr>
<tr><th align="left">Host</th><td align="left"><input name="host" type="text" value="<?php echo($host) ?>" /></td></tr>
<tr><th align="left">Level</th><td align="left"><select name="level"><option value="<?php echo($level) ?>"><?php echo($level) ?></option>
<option value="1">Normal</option>
<option value="2">Poster</option>
<option value="3">Moderator</option>
<option value="8">Administrator</option></select>
</td></tr>
</table>
<br> <input type="submit" value="Save"> <input type="reset" value="reset"> <br><br>
<a href=index.php><font color="#FF0000"><strong>Back</strong></font></a><br>
</form>
</td>
</tr>
</table>
</body>
</html>
<?
}
else {
echo 'You are not an admin!';
}
}
?>
De script leest gegevens uit de db van een member system, hoe kan ik zorgen dat members alleen mensen kunnen editen van een level lager dan hun level. (ze moeten wel minimaal level 5 zijn om members te kunnen editen)
m.v.g. zap
Stel dat iemand een member wil editen:
- Sla het level van de editor op in een sessie
- Vergelijk in een query het lvl van de te editen gebruiker met het lvl van de editor.
- Wanneer het lvl van de editor hoger is dan die van de te editen pagina, het script door laten gaan
- Anders melding geven, en geen mogelijkheid tot editen geven
Vergelijken kan gewoon zo in een query:
"SELECT * FROM tabel WHERE lvl < ".$_SESSION['lvl'];
Gewijzigd op 01/01/1970 01:00:00 door Robert Deiman
m.v.g. zap
- Zet wel het lvl van de persoon in een sessie
- Als iemand de pagina opend, haal je de gegevens op en sla je het lvl van de geopende pagina in $lvl
- Dan kan je het zo doen:
In de edit pagina bouw je eenzelfde controle in, en alleen als het inderdaad is toegestaan, laat je de mogelijkheid om te editen toe, anders stuur je ze terug naar de pagina waar ze vandaan kwamen.