•  13-10-2022
  •  | 
  •  

Question

I'm writing an hour registration system for my projectteam at school. Everything is pretty much working, but I can't seem to get the validation of user rights to work.

Validation is done in the acctype field within the user table. If 0 (guest), you can only view the list of hours, if 1 (specialist) you can add your own hours and if 2 (project-manager), you can review the hours users have submitted.

At first I was only using the $account query but instead of selecting them all I selected acctype only.

Does anyone have any idea what am I doing wrong?

$cookie = $_COOKIE['user'];
$account = mysqli_query($conn, "SELECT * FROM user WHERE user = '" . $cookie . "'");
$acctype = mysqli_fetch_assoc($account->acctype);

if(isset($cookie) && $acctype >= 1) {

} else {

}

Jonathan

Was it helpful?

Solution

I believe there's a few things wrong here:

  • You're reading the cookie before checking if it's set. That's a mistake. You should see if there's a cookie, and THEN read it in. You also don't need to assign it a separate variable.

Note: As I said in my comment, user data should be in a session, not a cookie.

  • I don't know what your DB schema looks like, but your query is SELECT * FROM user, meaning that if you have an ID, a user name, an access level, and some other things, you're going to get ALL that into the var $acctype, which obviously isn't an integer.

I think the fix is to execute your query, get your results, and then compare the row(s) returned and only check the acctype part:

if ($row['acctype'] >= 1){

}

Documentation: http://us1.php.net/mysqli_fetch_assoc

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top