PHP/MySql Member script Help!

[мϊкэ]

Right.. i havent asked i question in quite a while now but... here it goes.. im making a members script for the new version of xEnigmA and i want it so if your rank is admin you can edit/delete/add things once you have logged in.
In the MySql Db the rows for this member script are:

ID (Obviously)
UserName
Password
Rank**
Avatar
Email

There are going to be 2 ranks Admin & Member just for now. And i want it so, if your rank is admin you can view the add/delete/edit news part but if you are just a member it will be a blank page. So far to view the menu when you have logged in i am using this:

PHP Code:

<?
if (isset($_SESSION['username'])) { // Allows you to view the menu if you're logged in
echo "Menu.";
include ('add.php');
}else{ // If not It displays this
echo "You must login to view the Members Menu.";
}
?>

The session for that is:

PHP Code:

$_SESSION['username'] = $row['username']; 


ive also made one for the rank

PHP Code:

$_SESSION['rank'] = $row['rank']; 


I tried something like this for it but it didnt work it just displayed the "Your not logged in message:

PHP Code:

<?
if ($_SESSION['rank']=="Admin") { // If you are logged in and your members rank is Admin Display this
echo "Admin Area";
include ('add.php');
}else{ // If not It displays this
echo "You Are not an admin.";
}
?>

But as i said it didnt work it just displayed the "You are not an admin" message. Does anybody know how i could do this?
What i want to know how to do is.
*If you are logged in and your rank is Admin you can view the page, and if not, you get a message saying you are not.

I havent tried using a rank system like this before and i cannot remember what i have previously done, Help!

[splintercell!]

I use number for my ranks which seems to be what most forums do. So im not sure.

[мϊкэ]

erm i duno...

PHP Code:

<?php

if ($_POST['username']) {
$username=$_POST['username'];
$password=$_POST['password'];

if ($password==NULL) {
echo "A password was not supplied";
}else{

$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());

$data = mysql_fetch_array($query);

if($data['password'] != $password) {
echo "The supplied login is incorrect";
}else{

$query = mysql_query("SELECT username,password FROM users WHERE username = '$username'") or die(mysql_error());

$row = mysql_fetch_array($query);

$_SESSION["rank"] = $row['rank'];
$_SESSION["username"] = $row['username'];

header ('Location: members.php?act=menu');
}
}
}
?>
Login:
<form action='members.php?act=login' method='POST'>
<table class="middles">
<tr>
<td align='left'>
Username:<br><input type='text' size='15' maxlength='25' name='username'>
</td>
</tr>
<tr>
<td align='left'>
Password:<br><input type='password' size='15' maxlength='25' name='password'>
</td>
</tr>
<tr>
<td align='left'>
<input type="submit" value="Login">
</td>
</tr>
<tr>
<td align='left'>
</td>
</tr>
</table>
</form>

session_start(); is in dbconnect... but it works fine with the username one... it logs you in and you can go on the menu anytime then... :s

becuase you use numbers how is your rank row layed out is it like a drop down menu?

Edit: i just tried with numbers didnt work :@

[splintercell!]

I use enum in mySQL so its '1','2' etc.. but i cant really see where you have included the db connect file :s Ive looked at my own script and yours looks fine really.

[мϊкэ]

so... what code do you use? Help! im still stuck, i would really like to get this finished before the new layout

dbconnect is further up the file, because i needed to use it for something else

[splintercell!]

AH! I think I may have it you only select two fields from the database so it cant register the user level. Try using SELECT *

[Wyked]

didnt read ur whole thing but..

if ( $_SESSION['rank'] == "admin")
{
what u want only them to see
}
esle
{
echo "Noob, go away";
}

[Wyked]

Also to get your variables quick use the while mysql_fetch_rows.. etc.

use

extract($row);

Edit by Michael-W (Forum Moderator): Please don't double post. Simply use the edit button instead.

[мϊкэ]

so could you just kinda tell me how i should do it, instead of giving me like snippets of what i should do jumbled up?? sorry for bein rude

so should it be somthin like:

PHP Code:

<?
include("dbconnect.php");

$getrank = mysql_query("SELECT * FROM users");

while($q=mysql_fetch_array($getrank)){

extract($q);

if ($_SESSION["rank"]=="Admin") {
echo "Welcome admin.";
}else{
echo "Go away you loser your not an admin >:|";
}
}
?>

im usin that one and it just displays the "Error" message about 5 - 6 times :s

[splintercell!]

you just need to edit your login forum from what I see to:

PHP Code:

<?php

if ($_POST['username']) {
$username=$_POST['username'];
$password=$_POST['password'];

if ($password==NULL) {
echo "A password was not supplied";
}else{

$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());

$data = mysql_fetch_array($query);

if($data['password'] != $password) {
echo "The supplied login is incorrect";
}else{

$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());

$row = mysql_fetch_array($query);

$_SESSION["rank"] = $row['rank'];
$_SESSION["username"] = $row['username'];

header ('Location: members.php?act=menu');
}
}
}
?>
Login:
<form action='members.php?act=login' method='POST'>
<table class="middles">
<tr>
<td align='left'>
Username:<br><input type='text' size='15' maxlength='25' name='username'>
</td>
</tr>
<tr>
<td align='left'>
Password:<br><input type='password' size='15' maxlength='25' name='password'>
</td>
</tr>
<tr>
<td align='left'>
<input type="submit" value="Login">
</td>
</tr>
<tr>
<td align='left'>
</td>
</tr>
</table>
</form>

that will hopefully work