I think your database

johnpitter — Fri, 11 Mar 2011 10:12:09 +0000

I think your database connection is not don't proper.

joyce — Wed, 12 Dec 2001 04:20:44 +0000

hmm..still cannot solved the problem...

Mark Hensler — Tue, 11 Dec 2001 16:27:20 +0000

Quote:
I am checking permissions
No permissions |1||

This is your problem. I think that your IF statement should be an AND, not an OR.

I don't know what is causing the error on line 47.

joyce — Tue, 11 Dec 2001 09:27:39 +0000

i got this two lines when i click the submit button:

I am checking permissions
No permissions |1||

i tried to login....and i got this error:

Fatal error: Call to a member function on a non-object in /usr/local/plesk/apache/vhosts/certifyexpress.com/httpdocs/exam/bea/member.php on line 47

line 47 of member.php:

<?php
if ($user=$DB_site->query_first(\"SELECT userid,username,password,cookieuser FROM user WHERE username='\".addslashes(htmlspecialchars($username)).\"'\")) {
?>

Mark Hensler — Tue, 11 Dec 2001 06:58:41 +0000

I'm not familiar with vB code, sorry.

Try doing some basic debug stuff...
throw echo() everyewhere:

<?php
if (isset($first_ques)) {
    echo \"I am continuing the quiz<BR>\n\";
    continue_quiz();
}
else if (isset($language[take_quiz])) {
    echo \"I am checking permissions<BR>\n\";
    $permissions=getpermissions();
    if (!$permissions[canview] or !$permissionscanpostnew]) {
        echo \"No permissions |$permissions[canview]|$permissionscanpostnew|<BR>\n\";
        show_nopermission();
    }
    else {
        echo \"Starting quiz<BR>\n\";
        start_quiz();
    }
}
?>

joyce — Tue, 11 Dec 2001 05:59:55 +0000

i have a page where users are not allowed to view that page if they are not login. the login page(a.php) will prompt out asking users to login or register.

my problem is, after the users key in login name and password and click 'login'...it will go to page not found. and not go back to the page b4 the a.php was prompt.

this is my code:

<?php
if (isset($first_ques)) 
    {
        continue_quiz();
    }
    else if (isset($language[take_quiz])) 
    {
        $permissions=getpermissions();
        if (!$permissions[canview] or !$permissions[canpostnew]) {
            show_nopermission();
    }
    else
        start_quiz();
    }
?>

this is a.php:

<?php
if ($action==\"login\") {
  include(\"./global.php\");
  if (isset($username)) {
    // get userid for given username
    if ($user=$DB_site->query_first(\"SELECT userid,username,password,cookieuser FROM user WHERE username='\".addslashes(htmlspecialchars($username)).\"'\")) {
      if ($user['password']!=md5($password)) {  // check password
        eval(\"standarderror(\\"\".gettemplate(\"error_wrongpassword\").\"\\");\");
        exit;
      }
      $userid=$user[userid];
    } else { // invalid username entered
      eval(\"standarderror(\\"\".gettemplate(\"error_wrongusername\").\"\\");\");
      exit;
    }

    if ($user['cookieuser']==1) {
      vbsetcookie(\"bbuserid\",$user['userid']);
      vbsetcookie(\"bbpassword\",$user['password']);
    }

    $DB_site->query(\"DELETE FROM session WHERE sessionhash='\".addslashes($session[dbsessionhash]).\"'\");

    $session['sessionhash']=md5(uniqid(microtime()));
    $session['dbsessionhash']=$session['sessionhash'];
    $DB_site->query(\"INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('\".addslashes($session['sessionhash']).\"','\".intval($userid).\"','\".addslashes($session['host']).\"','\".addslashes($session['useragent']).\"','\".time().\"','$session[styleid]')\");
    vbsetcookie(\"sessionhash\",$session['sessionhash'],0);
    $username = $user['username'];
  }

  $url=ereg_replace(\"sessionhash=[a-z0-9]{32}&\",\"\",$url);
  $url=ereg_replace(\"\\?sessionhash=[a-z0-9]{32}\",\"\",$url);
  $url=ereg_replace(\"s=[a-z0-9]{32}&\",\"\",$url);
  $url=ereg_replace(\"\\?s=[a-z0-9]{32}\",\"\",$url);

  if ($url!=\"\" and $url!=\"index.php\" and $url!=$HTTP_REFERER) {

    if (strpos($url,\"?\")>0) {
      $url.=\"&s=$session[dbsessionhash]\";
    } else {
      $url.=\"?s=$session[dbsessionhash]\";
    }
   
    $url = str_replace(\"\\"\", \"\", $url);
    eval(\"standardredirect(\\"\".gettemplate(\"redirect_login\").\"\\",\\"$url\\");\");
  } else {
    $bbuserinfo=getuserinfo($userid);
    eval(\"standardredirect(\\"\".gettemplate(\"redirect_login\").\"\\",\\"$HTTP_REFERER\\");\");
  }

}
?>

this is the function getpermissions:
[Admin Edit: Removed at the request of vBulletin. Please be carefull what code you post. ;)]

and this is the function show_nopermissions:

<?php
function show_nopermission() {
  global $bbtitle,$logincode,$url,$scriptpath,$bbuserinfo,$session;

  // generate 'logged in as:' box or username and pwd box
  if (!$logincode) {
    $logincode=makelogincode();
  }

  if ($bbuserinfo[userid]==0) {
    eval(\"standarderror(\\"\".gettemplate(\"error_nopermission_loggedout\").\"\\");\");
  } else {
    eval(\"standarderror(\\"\".gettemplate(\"error_nopermission_loggedin\").\"\\");\");
  }
  exit;
}
?>

pls help...really confuse here..

Mark Hensler — Tue, 11 Dec 2001 05:20:21 +0000

You should get a good book on handling sessions. (I'm afraid I don't know of any )

Basically, you monitor those users who are logged in. Then before you grant access to an area, you check their session. If there is no session or the user has insufficient rights, you throw them out the door.