Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Join Date
    Jan 2016
    Posts
    14

    Unanswered: check if logged in user (by id) have a field equal to something

    Hi all, I have a user logged in as
    PHP Code:
    ($_SESSION['username']) 
    is there any way I can check his row (by id) if he has a number 1 in a field called 'usertype' and if so echo some code?

    Tried lots of different ways and found a lot of unnecessary code for creating different sessions etc.

    Any help appreciated.

  2. #2
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    yes
    ..but check where?

    use a PHP query to retrieve the usertype for thetat user id
    bear in mind that when specifying a text value it must be delimited with '

    eg
    PHP Code:
    $strSQL "select usertype from myusertable where userid = '".$_SESSION['username']."'";
    //open the recordset
    //check the value returned to see if its 1 
    ..this assumes you have a table called myusertable, whcih has t least two columns. one userid contains an alphanumeric user id, and another (usertype) that contains an integer identfying the level/type of user

    or
    PHP Code:
    $strSQL "select usertype from myusertable where userid = '".$_SESSION['username']."' AND usertype = 1";
    //open the recordset
    //check a row is returned 
    ..note you cannot use an associative array without appending the value when building a string
    say you have:-
    $_SESSION['username'] the session variable set to 'TheTrooper'
    $userid a variable set to 'TheTrooper'
    then
    PHP Code:
    $strSQL "select usertype from myusertable where userid = '".$_SESSION['username']."'"
    resolves to :- "select usertype from myusertable where userid = 'TheTrooper'

    PHP Code:
    $strSQL "select usertype from myusertable where userid = '$userid'"
    resolves to :- "select usertype from myusertable where userid = 'TheTrooper'

    but
    PHP Code:
    $strSQL "select usertype from myusertable where userid = '$_SESSION['username']'"
    resolves to select usertype from myusertable where userid = '$_SESSION['username']'

    personally I think the ability to use PHP variables but not associative array variables is cackhanded. I understand why it happens but don't like it stylistically so I'd alwasy use:-
    PHP Code:
    $strSQL "select usertype from myusertable where userid = '".$userid."'"
    Last edited by healdem; 04-04-16 at 13:11.
    I'd rather be riding on the Tiger 800 or the Norton

  3. #3
    Join Date
    Jan 2016
    Posts
    14
    cool, I can see how to select it now and how that works. What I'm trying to do is some sort of if/else statement.
    If the particular logged in user has usertype of 1 then do something, if they don't then do something else. How would you go about that?

  4. #4
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    well the clue is in the question

    Code:
    What I'm trying to do is some sort of if/else statement.
    I'd use an if / then / else statement
    I'd rather be riding on the Tiger 800 or the Norton

  5. #5
    Join Date
    Jan 2016
    Posts
    14
    Quote Originally Posted by healdem View Post
    well the clue is in the question

    Code:
    What I'm trying to do is some sort of if/else statement.
    I'd use an if / then / else statement
    This is what I have so far but it's returning false at the moment. I'm stuck.

    PHP Code:
    <?php
    $id 
    "select id from users where id = '".$_SESSION['username']."'";
    $strSQL "select usertype from users where id = '".$id."'";
    if (
    $strSQL == 1) {
     echo 
    "Admin";   
    }
    else {
        echo
    "Customer";
    }

    ?>
    Last edited by TheTrooper; 04-05-16 at 05:39.

  6. #6
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    ermm have you actually executed the query?

    that code will, I guess always, echo 'Customer'
    as the variable $strSQL will never ever equal 1

    what you have there is some code that creates a SQL statement, but nowhere do you oprn a connection to your db, execute the query, then test the result for the query.
    go read up on on how to use a database, and especially how to use MySQL in a PHP script.
    I'd rather be riding on the Tiger 800 or the Norton

  7. #7
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    *** moved to PHP forum ***
    ..as its not really a MySQL question
    I'd rather be riding on the Tiger 800 or the Norton

  8. #8
    Join Date
    Jan 2016
    Posts
    14
    ok I think I'm getting close but missing something. The connection to the database is an include at the top of the page. Just having a look at the WHERE clause, is it checking the id against the session to see who is logged on essentially? I ran a test by changing usertype in the database and doesn't work so something is definately missing. Any pointers?

    PHP Code:
    $sql "
    SELECT id, username, usertype
    FROM users
    WHERE id = '"
    .$_SESSION['username']."' AND usertype = 1";

    if(
    $sql=true) {
        
        echo 
    'Admin';
            }
     else {
        echo 
    'Customer';


  9. #9
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    nowhere near close
    have you bothered to read up on how to access a MySQL database within PHP?
    at what point in your current code do you
    1) connect to the db
    2) authenticate yourself to the db
    3) execute a query
    4) examine the results of the query

    yes you are creating the SQL query, but at no point are you actually doing anything with it or any interaction with a database.
    read up on how to use MySQL with PHP
    I'd rather be riding on the Tiger 800 or the Norton

  10. #10
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    do you understand what your code actually does?
    ..lets assume
    1) you have a table called users, in that table
    2) you have columns called id, username and usertype (why you'd need an ID columkn aswell as a username beats me, but its your design. hint the username should be unique and therefore good enough to be the PK
    3) lets assume the session variable $_SESSION['username'] is set to 'TheTrooper'
    PHP Code:
    $sql "SELECT id, username, usertype FROM users WHERE id = '".$_SESSION['username']."' AND usertype = 1"
    ..so that resolves to:-
    SELECT id, username, usertype FROM users WHERE id = 'TheTrooper' AND usertype = 1";
    ..all well and good, providing the assumptions above hold

    ..but you don't execute the query

    ..you then do something with the sql variable, its not clear what precisely
    PHP Code:
    if($sql=true//effectively you are assiging the value of true to the variable $sql, which in an if statement will always return true
    {   //so you will always get this....
         
    echo 'Admin';
    } else
    {  
    //and never this....
        
    echo 'Customer';

    in PHP == is a test for equality
    = is assignment


    what level of error reporting are you using to debug your scripts?
    I'd rather be riding on the Tiger 800 or the Norton

  11. #11
    Join Date
    Jan 2016
    Posts
    14
    You assumed correctly. The page itself is a form that inserts data into my MySQL database. The user is authenticated by a login page. if the username and password are correct then the sessions is created $_SESSION['username'].

    The initial page itself is a form which successfully inserts data into the MySQL database. The main function works fine which isn't really that important for this particular question. Retrieving, updating and inserting data is about my current limit. Echoing data based on what is in a particular field relating to a user I'm obviously struggling with.

    The idea I'm trying to create is if the user that's logged in has a usertype of 1, something else appears (in this case a button to download the csv from the databasewhich works fine). However, if someone is logged in and has a usertype value of 2, then the button doesn't appear.

  12. #12
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    so if you have code elsewhere that successfully inserts data into a MySQL table, then whats the problem?
    if you are insertign data then you are executing. the ONLY difference is that for an insert query the SQl syntax is something like:-
    $strSQL = "INSERT INTO myTable (my, column, list) VALUES (1, 'A', '2016/04/05');";
    wheres retrieving data from a db is soemthign like
    $strSQL = "SELECT my, column, list FROM mytable;";

    there is no point waffling on about what you are trying to achieve with the data if you don't actually get the data from the database in the first place

    I don't know which PHP object library you are using to access the db. but most PHP db object libraries return a resultset, which you then manipulate. so depending on how you define you query either you need to check the user type and take appropriate action

    at each interaction with the db you need to check for errors and take appropriate action. the mysql libraries give plenty of examples and plenty of feedback. always examine the mysql error number after each interaction with the db. PHP is fairly fault tolerant and a script will blithely carry on till it hits a fatal error

    so waht library are you using
    what error_reporting level are you using
    where do you run the query
    what do you do with the resultset from running (executing) the query
    what do you do if you cannot find details of the specified user in the database
    ...then and only then can you really start to worrry about whether you show or hide something on a form
    I'd rather be riding on the Tiger 800 or the Norton

  13. #13
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    OK so if the question it isn't about reading the usertype from the database then what actually is the question
    presumably if this page authenticates the user then you will already have checked the user exists in the table.... if so the extract the usertype at the same time and store it in a variable

    the depending on the state of that variable take appropriate action
    I'd rather be riding on the Tiger 800 or the Norton

  14. #14
    Join Date
    Jan 2016
    Posts
    14
    Quote Originally Posted by healdem View Post
    OK so if the question it isn't about reading the usertype from the database then what actually is the question
    presumably if this page authenticates the user then you will already have checked the user exists in the table.... if so the extract the usertype at the same time and store it in a variable

    the depending on the state of that variable take appropriate action
    ok, I think I can see where you're going with this. Never thought of doing anything like that. I have managed to display the usertype for the loggen in user on the page.

    PHP Code:
    <?php
    $sql 
    "
    SELECT id, username, usertype FROM users WHERE username = '"
    .$_SESSION['username']."'
    "
    ;
    $results $con->query($sql);

    if(
    $results->num_rows) {
        While(
    $row $results->fetch_object()) {
            echo 
    "
            
            
    {$row->usertype}
    "
    ;
        }
    } else {
        echo 
    'No Results';
    }
    Now I guess like you said store it into a variable then run a condition if it is == 1 than do stuff?

  15. #15
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    whenever you itneract with a db ALWAYS, ALWAYS check the error code.
    also consider using the PHP error handlers

    again what error_reporting level are you using whilst developing?

    comment your code, even if you kinow what it should be doing (I have my doubts) others may not

    what do you do if you cannot find a user of the specified value, what should your program logic be?

    learn about development good practice. always declare variables before first use (usuing an appropriate error_reporting level can get PHP to tell you if you are not declaring variables before first use. this stops you hitting errors caused by typos. in PHP $sql IS NOT the same variable as $SQL.

    PHP Code:
    $sql "SELECT id, username, usertype FROM users WHERE username = '".$_SESSION['username']."';"
    //where is your sanitising of the user input. this code is not secure its wide open to SQL Injection attacks
    $results $con->query($sql);  //why are you not checking the MySQL error code. you don't know if this executed correctly.
    $usertype 0//palceholder for useretype from db. set to 0
    if($results->num_rows//really you expect more than one row for the same $_SESSION['username'] value? I would have expected to test if one row was returned
    {  
        While(
    $row $results->fetch_object())
        {  
          
    $usertype $row->usertype//the fact we have given the variable the same name as the column from the db is programming style NOT required
        

    } else  
    //we didn't find that user, so set usertype to 0.

        
    $usertype 0;

    stylistically I use the following convention
    PHP Code:
    if (condition)
    {
      
    //do something
    } else
    {
      
    //do something else

    as opposed to the 'official' approach of

    PHP Code:
    if (condition) {
      
    //do something
    } else {
      
    //do something else

    whis to me just looks ugly AND whats worse it makes picking up bracket pairing errors harder than it need be
    I'd rather be riding on the Tiger 800 or the Norton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •