HomeBuilding Your WebsiteWeb Programming and Application Development

question on access checking

m3rajk posted this at 03:00 — 11th September 2003.

They have: 461 posts

Joined: Jul 2003

ok. i don't get this....

i have some access checks that look like

<?php
# if you're access level 1, 2, or 3
if($sa!=($al1||$al2||$al3)){
?>

but then i had a check that was failing that was looking for an either or to figure out what to do to a user, so i realized it was only letting me through as a quirk (or so i thought).

but now i hae another issue. in a few functions i switched the above to

<?php
if(($sa!=$al1)||($sa!=$al2)||($sa!=$al3)){
?>
and now it doesn't work, even though i know for a fact my access levelis one of the ones there (access levels are in a db include that i KNOW is included in the function. $sa is set previously when it finds the users' SiteAccess)

i don't get what's going on here. is the first way valid? why doesn't the second work?

i even echoed out the if line to see that i did truely match one fo the values.

POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.

Suzanne posted this at 03:10 — 11th September 2003.

Suzanne's picture

She has: 5,507 posts

Joined: Feb 2000

You are SETTING the variable values, not evaluating them.

<?php
// set $variable to 'value'
$variable = 'value';

// check if $variable is equal to 'value'
if ($variable == 'value') {}
?>

m3rajk posted this at 18:50 — 11th September 2003.

They have: 461 posts

Joined: Jul 2003

the ! must not have translated over. i thought there was a ! in there
i don't know why it didn't show up when i sent it to myself.

the = are != in the code that's executing

POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.

ShaneS posted this at 19:22 — 11th September 2003.

They have: 93 posts

Joined: Jun 2003

Umm I think you confusing youself here

You comment says to check to see if they have that access level, but your IF statment is checking if it is NOT EQUAL (!=) to check the value for being equal do what Suzanne said (==)

Little background:
= : sets the varible on the left to the value on the right
== : compares the value on the right against the value on the left for equality
!= : compares the value on the right against the value on the left to make sure they are NOT EQUAL

There are more, like >, <, <= , >=, === but I dont want to confuse you.

The next part you need to understand is the IF structure.

IF (comparison here) { //if the value on the comparison was TRUE continue in the braces

CODE TO EXECUTE IF CHECK IS TRUE
} // IF FALSE WE START FROM HERE

How to code for a false....
IF (comparison){
//true code
}else{
//OK the above failed now lets work in here because we failed
} //Now we are done the FALSE part, and are code continues from here.

[Design Alpha] -Web Services : Design,Hosting,Advertising,Software
Ask about custom pricing on hosting!!
Site Assets: [UltraGaming.com] [Blades of Warcraft]

Suzanne posted this at 19:28 — 11th September 2003.

Suzanne's picture

She has: 5,507 posts

Joined: Feb 2000

And so it is...

Okay then... I *think* you should be using the cookie or session variables there. Unless you have $sa = $_COOKIE[sa]; or something?

Also, while this is awfully vague, I found I had to be really careful to get all the information in the right order. I didn't use variables for the check, but rather actual things.

So:

<?php
if ($_SESSION[adminaccess] != ('admin'||'moderator')) {}
?>

Check to make sure your $a1 et cetera variables make sense, too. (I'm not saying you can't use variables, I don't know.) And make sure that $sa is really being passed along in the cookie or session by doing this:

<?php
if (isset($sa)) {
    echo $sa;
    exit;
}
?>

And then you'll know for sure.

m3rajk posted this at 03:27 — 12th September 2003.

They have: 461 posts

Joined: Jul 2003

actually i pull it out of the db at the begining of each function when i double check everyone is authorized (by username and pw which is in cookies)

and i already echoed out to make sure that
1: $sa is being set right
2: the variables i check against are set right

and i found in all instances that they were, php was just being funky about letting me through. in some cases it acted as if if($sa==($jra||$adm||$wbm)) correctly, in other times it didn't (the check to see if you can do that function does == and theone to see which level you have within the function is !=)

so i don't understand why it seems to work sometimes (most of the ==) and not others (some of the == and all of the !=) and when i change it to (($sa==$jra)||($sa==$adm)||($sa==$wbm)) is echos out right yet tells me i don't have access, and when i switch that back i have to mae the other one (== or !=) to be individual to work right (instead of just doing the first one regaurdless of if that's right)

POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.

Suzanne posted this at 11:56 — 12th September 2003.

Suzanne's picture

She has: 5,507 posts

Joined: Feb 2000

I think you have a larger problem. Try logging in as one of the other access levels and then try to access manually a higher access page.

m3rajk posted this at 15:10 — 12th September 2003.

They have: 461 posts

Joined: Jul 2003

i got that feeling too, which is why i was wondering if anyone knew if the first wat was valid, and why the second would blow up even though my site access does echo out to be in the group allowed in

POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.

m3rajk posted this at 04:32 — 13th September 2003.

They have: 461 posts

Joined: Jul 2003

apparently

<?php
if(($variable_from_db!=$access_level_in_include1)||($variable_from_db!=$access_level_in_include2))
?>
gets triggered if either one is true because ONE is true. what i needed was && or to pull the ! so that it's either
<?php
if(($variable_from_db!=$access_level_in_include1)&&($variable_from_db!=$access_level_in_include2))
?>
or
<?php
if(!(($variable_from_db==$access_level_in_include1)||($variable_from_db==$access_level_in_include2)))
?>
when i moved the ! i realized what had happened. one of them was bieng true and the other false for me. inface, no one would ever get anyting BUT the error as a result. that's when i realized the && in place of || would have worked too

POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.

Suzanne posted this at 13:02 — 13th September 2003.

Suzanne's picture

She has: 5,507 posts

Joined: Feb 2000

logic will getcha every time. you have to really watch what you want to do.

i.e. use comments and ALWAYS have an else for if statements. I find expanding it out helps me with flaws in logic.

// if you're access level 1, 2 or 3 <-- if any of these things is true, go forward
// allow entry
// else prohibit entry

or alternatively what you were doing:

// if you're NOT access level 1
// prohibit entry <-- will terminate prematurely if access level 2 or 3
// elseif you're NOT access level 2
// prohibit entry <-- will terminate prematurely if access level 3
// elseif you're NOT access level 3
// prohibit entry
// else allow entry

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.