Hi folks,
This isn't exactly in the book, but since I was extending the original code from this book to make an admin panel based on the user class from chapter one and two, I was hoping someone on here could help me out.
I modified the user class, since for the time being I wasn't planning on a forum (although that might change in the future), to create admins and the like as such:
PHP Code:
class User
{
// Permission levels.
const HELPER = 2;
const MODERATOR = 4;
const VICE_ADMIN = 8;
const ADMIN = 16;
// etc...
?>
Now my problem occurs on my admin panel. Whenever I try to make an admin (value = 16) it returns a value of 1. In fact I've tried the code I use on other things as well as experiments and anything in double digits or greater is returning 1 (might return other single digit numbers as well - I can test further if necessary). I originally had the options hardcoded into the selection box. I then tried making a MySQL table with the values to see if it was something I may have overlooked and the same result.
The code for the admin panel:
PHP Code:
<?php
// Include shared code.
include_once 'admin_header.php';
// Generate user information form.
$user = User::getById($_SESSION['user_id']);
if ($user->permission & User::ADMIN)
{
echo '<h3>Administrator Panel</h3>';
// User Permission Panel
ob_start();
?>
<div id="wrapper">
<div id="admin_user_panel">
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post">
<table>
<caption style="text-align: left;">Manage User Rights</caption>
<tr>
<td><label for="username">Username:</label></td>
<td><select name="username" id="username"><?php
$query = sprintf('SELECT user_id, username FROM %suser ORDER BY username ASC', DB_TBL_PREFIX);
$result = mysql_query($query, $GLOBALS['DB']);
echo '<option value="-1">Please Select a User</option>';
while ($row = mysql_fetch_assoc($result))
{
echo ('<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>');
}
?></select></td>
</tr>
<tr>
<td><label for="permissions">Permissions:</label></td>
<td><select name="permissions" id="permissions"><?php
$query = sprintf('SELECT permission, permission_description FROM %spermissions ORDER BY permission ASC', DB_TBL_PREFIX);
$result = mysql_query($query, $GLOBALS['DB']);
echo '<option value="-1">Please Select Role</option>';
while ($row = mysql_fetch_assoc($result))
{
echo ('<option value="' . $row['permission'] . '">' . $row['permission_description'] . '</option>');
}
?>
</select></td>
</tr>
<tr>
<td> </td>
<td align="right"><input type="submit" value="Update"/></td>
<td><input type="hidden" name="submitted" value="1"/></td>
</tr>
<tr>
</tr>
</table>
</form>
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post">
<table>
<caption style="text-align: left;">Ban User</caption>
<tr>
<td><label for="ban">Ban:</label></td>
<td><select name="ban" id="ban"><?php
$query = sprintf('SELECT user_id, username FROM %suser ORDER BY username ASC', DB_TBL_PREFIX);
$result = mysql_query($query, $GLOBALS['DB']);
echo '<option value="-1">Please Select a User to Ban</option>';
while ($row = mysql_fetch_assoc($result))
{
echo ('<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>');
}
?></select></td>
</tr>
<tr>
<td> </td>
<td align="right"><input type="submit" value="Update"/></td>
<td><input type="hidden" name="submitted1" value="1"/></td>
</tr>
<tr>
</tr>
</table>
</form>
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post">
<table>
<caption style="text-align: left;">Warn User</caption>
<tr>
<td><label for="warn">Warn:</label></td>
<td><select name="warn" id="warn"><?php
$query = sprintf('SELECT user_id, username FROM %suser ORDER BY username ASC', DB_TBL_PREFIX);
$result = mysql_query($query, $GLOBALS['DB']);
echo '<option value="-1">Please Select a User to Warn</option>';
while ($row = mysql_fetch_assoc($result))
{
echo ('<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>');
}
?></select></td>
</tr>
<tr>
<td> </td>
<td align="right"><input type="submit" value="Update"/></td>
<td><input type="hidden" name="submitted2" value="1"/></td>
</tr>
<tr>
</tr>
</table>
</form>
</div>
<div id="admin_user_view">
<table>
<caption style="text-align: right;">Banned Users</caption>
<tr>
</tr>
<tr><td>User ID</td><td>Username</td></tr>
<?php
$query = sprintf('SELECT user_id, banned FROM %sbanned WHERE banned = %d', DB_TBL_PREFIX, 1);
$result = mysql_query($query, $GLOBALS['DB']);
while ($row = mysql_fetch_assoc($result))
{
echo '<tr><td>' . $row['user_id'] . '</td><td>';
$query1 = sprintf('SELECT username FROM %suser WHERE user_id = %d', DB_TBL_PREFIX, $row['user_id']);
$result1 = mysql_query($query1, $GLOBALS['DB']);
$row1 = mysql_fetch_assoc($result1);
echo $row1['username'] . '</td></tr>';
}
?>
<tr>
</tr>
</table><br /><br />
<table>
<caption style="text-align: right;">Warned Users</caption>
<tr>
</tr>
<tr><td>User ID</td><td>Username</td></tr>
<?php
$query = sprintf('SELECT user_id, warned FROM %sbanned WHERE warned = %d', DB_TBL_PREFIX, 1);
$result = mysql_query($query, $GLOBALS['DB']);
while ($row = mysql_fetch_assoc($result))
{
echo '<tr><td>' . $row['user_id'] . '</td><td>';
$query1 = sprintf('SELECT username FROM %suser WHERE user_id = %d', DB_TBL_PREFIX, $row['user_id']);
$result1 = mysql_query($query1, $GLOBALS['DB']);
$row1 = mysql_fetch_assoc($result1);
echo $row1['username'] . '</td></tr>';
}
?>
<tr>
</tr>
</table>
</div>
</div>
<?php
$form = ob_get_clean();
// Show the form if this is the first time the page is viewed.
if (!isset($_POST['submitted']) && !isset($_POST['submitted1']) && !isset($_POST['submitted2']))
{
$GLOBALS['TEMPLATE']['content'] = $form;
}
// Otherwise process the incoming data.
else if (isset($_POST['submitted']))
{
$user_id = $_POST['username']['user_id'];
$permission = $_POST['permissions']['permission'];
$query = sprintf("UPDATE %suser SET permission = %d WHERE user_id = '$user_id'", DB_TBL_PREFIX, $permission);
mysql_query($query, $GLOBALS['DB']);
echo mysql_error();
$GLOBALS['TEMPLATE']['content'] = '<p><strong>The user\'s status has been modified successfully.</strong></p>';
}
else if (isset($_POST['submitted1']))
{
$user_id = $_POST['ban']['user_id'];
$query = sprintf("INSERT INTO %sbanned (user_id, banned, warned) VALUES (%d, %d, %d)", DB_TBL_PREFIX, $user_id, 1, 0);
mysql_query($query, $GLOBALS['DB']);
echo mysql_error();
$GLOBALS['TEMPLATE']['content'] = '<p><strong>The user\'s status has been modified successfully.</strong></p>';
}
else if (isset($_POST['submitted2']))
{
$user_id = $_POST['warn']['user_id'];
$query = sprintf("INSERT INTO %sbanned (user_id, banned, warned) VALUES (%d, %d, %d)", DB_TBL_PREFIX, $user_id, 0, 1);
mysql_query($query, $GLOBALS['DB']);
echo mysql_error();
$GLOBALS['TEMPLATE']['content'] = '<p><strong>The user\'s status has been modified successfully.</strong></p>';
}
}
else
{
header('HTTP/1.0 401 Authorization Error');
ob_start();
?>
<script type="text/javascript">
window.seconds = 5;
window.onload = function()
{
if (window.seconds != 0)
{
document.getElementById('secondsDisplay').innerHTML = '' + window.seconds + ' second' + ((window.seconds > 1) ? 's' : '');
window.seconds--;
setTimeout(window.onload, 1000);
}
else
{
window.location = '../index.php';
}
}
</script>
<?php
$GLOBALS['TEMPLATE']['extra_head'] = ob_get_contents();
ob_clean();
?>
<p>The credentials you have supplied do not authorize you for access.</p>
<p><strong>You will be redirected to the main page in <span id="secondsDisplay">5 seconds</span>.</strong></p>
<p>If you are not automatically redirected there, please click on the following link: <a href="../index.php">Home</a></p>
<?php
$GLOBALS['TEMPLATE']['content'] = ob_get_clean();
}
// Display the page
include 'templates/admin_template.php';
?>
Any help would be greatly appreciated
Chapter 1 & 2 - Issue with double digit option values...
