Jump to content
Larry Ullman's Book Forums

Recommended Posts

I've been struggling the past couple days to create the routine that Larry mentions on page 575 of Chapter 13 to set up Site Administration.

 

I added the "administrator" column as an unsigned TINYINT and assigned the users I want as administrators with 1 and 0 for all common users.

 

This is the code I've tried in the footer.html:

 

<?php # Script 13.2 - footer.html

// This page completes the HTML template

 

// Display links based upon the login status.

// Show LOGIN links if this is the LOGOUT page.

if (isset($_SESSION['user_id']) AND ($_GET['administrator'] == 1) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) {

echo '<a href="logout.php">Logout</a><br />

<a href="change_password.php">Change Password</a><br />

<a href="view_users.php"</a><br />

';

} elseif (isset($_SESSION['user_id']) AND ($_GET['administrator'] == 0) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) {

echo '<a href="logout.php">Logout</a><br />

<a href="change_password.php">Change Password</a><br />

';

} else { // Not logged in.

echo '<a href="register.php">Register</a><br />

<a href="login.php">Login</a><br />

<a href="forgot_password.php">Forgot Password</a><br />

';

}

?>

 

From a syntax perspective, I don't see any errors, but obviously it doesn't work. I get an "undefined index: administrator" error.

 

I want the administrators to see view_users.php and edit_user.php, etc.

Link to comment
Share on other sites

I haven't got this version of the book to look at the page directly but why would you be looking in the $_GET array for that kind of information? Surely it would be inside the variable you assign your query results to - or more likely in the $_SESSION array once the admin user has logged in?

  • Upvote 1
Link to comment
Share on other sites

The error is because you are referencing the $_GET array, which is passed as key/value pairs in the url. So if your script doesn't end with 'filename.php?administrator=#', then the index won't be defined. But as Stuart said, administrator should be set during login from a database query and should be saved to the $_SESSION array.

 

Side note: Using a $_GET parameter to define an administrator is very insecure. Any logged in user would just need to add "?administrator=1" to their url to become an administrator.

 

Hope that helps.

-matthaus

Link to comment
Share on other sites

 Share

×
×
  • Create New...