Ok i tryed making this, you should see what im trying to do, it always says im not logged in or dont have permission to view it, when i am logged in and i do have permission >.<
PHP Code:<?
ob_start();
include("config.php");
if($logged[username] && $logged[level] ==5)
{
if($_GET[user])
{
if (!$_POST[update])
{
$user = mysql_query("SELECT * from users where username = '$_GET[user]'");
$user = mysql_fetch_array($user);
echo("
<form method=\"POST\">
<b><font face=\"Verdana\" size=\"1\">
Please use this tool responsibly.
<br><br>
Username:<br>
<input type=\"text\" size=\"25\" maxlength=\"25\" name=\"username\"
value=\"$user[username]\">
<br><br>
User Title:<br>
<input type=\"text\" size=\"25\" maxlength=\"50\" name=\"usertitle\"
value=\"$user[usertitle]\">
<br><br>
User Level:<br>
");
?>
<?
if($user[level]==1){
echo("
<select name=\"level\">
<option value=\"1\">Normal User</option>
<option value=\"3\">Moderator</option>
<option value=\"5\">Administrator</option>
</select>
");
}
elseif($user[level]==3){
echo("
<select name=\"level\">
<option value=\"3\">Moderator</option>
<option value=\"1\">Normal User</option>
<option value=\"5\">Administrator</option>
</select>
");
}
elseif($user[level]==5){
echo("
<select name=\"level\">
<option value=\"5\">Administrator</option>
<option value=\"1\">Normal User</option>
<option value=\"3\">Moderator</option>
</select>
");
?>
<?
echo("
<br><br>
Name Colour:<br>
<input size=\"25\" maxlength=\"1\" name=\"namecolor\"
value=\"$user[namecolor]\"></td>
<br><br>
Age:<br>
<input type=\"text\" size=\"25\" name=\"locate\" value=\"$user[location]\">
<br><br>
Some Hobbies:<br>
<input size=\"25\" name=\"msn\" value=\"$user[msn]\">
<br><br>
Homepage:<br>
<input size=\"25\" name=\"aim\" value=\"$user[aim]\">
<br><br>
Email Address:</b></font><br>
<input size=\"25\" name=\"email\" value=\"$user[email]\">
<br><br>
<input type=\"submit\" name=\"update\" value=\"Update User\">
</form>
");
}
else
{
$email = htmlspecialchars($_POST[email]);
$aim = htmlspecialchars($_POST[aim]);
$msn = htmlspecialchars($_POST[msn]);
$locate = htmlspecialchars($_POST[locate]);
$level = htmlspecialchars($_POST[level]);
$username = htmlspecialchars($_POST[username]);
$usertitle = htmlspecialchars($_POST[usertitle]);
$namecolor = htmlspecialchars($_POST[namecolor]);
echo ("$_GET[user]'s profile has been updated.");
$update = mysql_query("Update users set email = '$email',
msn = '$msn', aim = '$aim',
location = '$locate', level = '$level', username= '$username', usertitle = '$usertitle', namecolor = '$namecolor' where username = '$_GET[user]'");
}
}
else
{
echo("<form action=\"edituser.php?user=$_POST[user]\"><font face=\"Verdana\" size=\"1\"><b>Edit User</b><br><br>Please type in the user you wish to edit<br><input type=\"text\" input size=\"25\" name=\"user\"><br><br><input type=\"submit\" value=\"Edit This User\"></form>");
}
}
else
{
echo("Sorry, but you are not allowed to view this page!");
}
}
?>
Results 1 to 10 of 13
Thread: Argh stupid thing..
-
Argh stupid thing..
Pssht
-
tell us what it is then?
-
It doesnt really matter what it is TBH..
Pssht
-
looks a bit like a user system. have you set it to remember your cookies and login etc...
-
#1 - Its an admin page to edit a user
#2 - Yes if you noticed it has ob_start(); which allows cookies.Pssht
-
Oops double posted ^.^
Last edited by Motion; 10-09-2006 at 05:20 PM.
Pssht
-
Obviously it's a user system.
Check the mysql details in code
Check the permissionsLast edited by Vixt; 10-09-2006 at 05:23 PM.
Cheesecake.
-
Like i say, my permissions are correct and i am logged in, i believe its something to do with the drop down box things as it only started doing this after i added that
Pssht
-
Im still having trouble with this >.<
Pssht
-
check u made ureself admin ;l
also make sure config.php in same directoryLast edited by Jamie.; 10-09-2006 at 07:07 PM.
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts