Jump to content
Larry Ullman's Book Forums

Recommended Posts

I've been struggling the past couple days to create the routine that Larry mentions on page 575 of Chapter 13 to set up Site Administration.

 

I added the "administrator" column as an unsigned TINYINT and assigned the users I want as administrators with 1 and 0 for all common users.

 

This is the code I've tried in the footer.html:

 

<?php # Script 13.2 - footer.html

// This page completes the HTML template

 

// Display links based upon the login status.

// Show LOGIN links if this is the LOGOUT page.

if (isset($_SESSION['user_id']) AND ($_GET['administrator'] == 1) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) {

echo '<a href="logout.php">Logout</a><br />

<a href="change_password.php">Change Password</a><br />

<a href="view_users.php"</a><br />

';

} elseif (isset($_SESSION['user_id']) AND ($_GET['administrator'] == 0) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) {

echo '<a href="logout.php">Logout</a><br />

<a href="change_password.php">Change Password</a><br />

';

} else { // Not logged in.

echo '<a href="register.php">Register</a><br />

<a href="login.php">Login</a><br />

<a href="forgot_password.php">Forgot Password</a><br />

';

}

?>

 

From a syntax perspective, I don't see any errors, but obviously it doesn't work. I get an "undefined index: administrator" error.

 

I want the administrators to see view_users.php and edit_user.php, etc.

Share this post


Link to post
Share on other sites

I haven't got this version of the book to look at the page directly but why would you be looking in the $_GET array for that kind of information? Surely it would be inside the variable you assign your query results to - or more likely in the $_SESSION array once the admin user has logged in?

  • Upvote 1

Share this post


Link to post
Share on other sites

The error is because you are referencing the $_GET array, which is passed as key/value pairs in the url. So if your script doesn't end with 'filename.php?administrator=#', then the index won't be defined. But as Stuart said, administrator should be set during login from a database query and should be saved to the $_SESSION array.

 

Side note: Using a $_GET parameter to define an administrator is very insecure. Any logged in user would just need to add "?administrator=1" to their url to become an administrator.

 

Hope that helps.

-matthaus

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...