0

I'm writing an hour registration system for my projectteam at school. Everything is pretty much working, but I can't seem to get the validation of user rights to work.

Validation is done in the acctype field within the user table. If 0 (guest), you can only view the list of hours, if 1 (specialist) you can add your own hours and if 2 (project-manager), you can review the hours users have submitted.

At first I was only using the $account query but instead of selecting them all I selected acctype only.

Does anyone have any idea what am I doing wrong?

$cookie = $_COOKIE['user'];
$account = mysqli_query($conn, "SELECT * FROM user WHERE user = '" . $cookie . "'");
$acctype = mysqli_fetch_assoc($account->acctype);

if(isset($cookie) && $acctype >= 1) {

} else {

}

Jonathan

Jonathan Ouwens
  • 13
  • 5

1 Answers1

1

I believe there's a few things wrong here:

  • You're reading the cookie before checking if it's set. That's a mistake. You should see if there's a cookie, and THEN read it in. You also don't need to assign it a separate variable.

Note: As I said in my comment, user data should be in a session, not a cookie.

  • I don't know what your DB schema looks like, but your query is SELECT * FROM user, meaning that if you have an ID, a user name, an access level, and some other things, you're going to get ALL that into the var $acctype, which obviously isn't an integer.

I think the fix is to execute your query, get your results, and then compare the row(s) returned and only check the acctype part:

if ($row['acctype'] >= 1){

}

Documentation: http://us1.php.net/mysqli_fetch_assoc

snollygolly
  • 1,858
  • 2
  • 17
  • 31
  • Thanks for the help, it's going to help me a lot in future problems :-) Bad news is that it took too long to get it fixed, so the project-inside-a-project was cancelled and we're going to continue using old-fashionned documents! :-( (Ah well, I'll spend some free time & use it next time :)) – Jonathan Ouwens Feb 24 '14 at 15:53