2

I'm working on something a bit more for myself, thats for another website that I own. It involves a lot of groups with permissions and such, and right now i have a function that looks like this

function hasPermission($user, $permission){
 global $connection;
 $sql = "SELECT * FROM admins WHERE `ID` = '". $user ."'";
 $rs = $connection->query($sql);
 if ($rs){
 $user = $rs->fetch_array(MYSQL_ASSOC);
 $userRank = $user['Rank'];
 $sql = "SELECT * FROM `ranks' WHERE `RankName` = '". $userRank ."'";
 $rs = $connection->query($sql);
 if ($rs){
 $rank = $rs->fetch_array(MYSQL_ASSOC);
 if ($rank[$permission] == 1){
 return true;
 }
 else{
 return false;
 }
 }
 }
 else{
 echo($connection->error);
 }
}

Then when I call the function with the parameters set like this if (hasPermission($_SESSION['ID'], 'IsFullAccess') == true) it returns false, and I get my custom error message saying I don't have permission. And yes, in my database, the "IsFullAccess" column is set to 1 for that rank.

What am I doing wrong here?

asked May 23, 2015 at 5:44
3
  • 1
    Is user id stored as string ? are you sure IsFullAccess is stored in the DB ? Commented May 23, 2015 at 6:07
  • It is stored as an integer, however i have tried removing the quotes and i get the same result. And yes, I'm sure 'IsFullAccess' in the database Commented May 23, 2015 at 6:10
  • I noticed that I was assigning a variable $user to a new value, which since it was a parameter of the function, it could cause an issue. So I changed that, and I'm still getting the same issue. If anyone has any idea, please let me know Commented May 23, 2015 at 17:22

2 Answers 2

1

After reading your code, it seems like you're not familiar with sql's JOIN:

your query looks something like this:

$sql= "SELECT r.$permission as p FROM admins a JOIN ranks r ON a.rank=r.RankName WHERE a.ID=$user";
$rs = $connection->query($sql);
if (!$rs)
 return false;
$hasPermission = $rs->fetch_array(MYSQL_ASSOC);
return $hasPermission['p'];

(keep in mind sql injection)

Make sure that the db returns the result you expect before testing it within php

answered May 23, 2015 at 6:18
Sign up to request clarification or add additional context in comments.

4 Comments

I have no idea what you're assigning $sql to, very confused
Please read the links within the answer on SQL JOINs, it would save you al lot of php code, and it's way more efficient
I've looked at MySQL join statements a bi more, and spent a few hours trying a few different solutions and I'm still unable to get it to work.
Could you post the solution you tried? A join would work and Uri's code looks good
0

Try to use hasPermission($_SESSION['ID'], 'IsFullAccess') == 1) instead of hasPermission($_SESSION['ID'], 'IsFullAccess') == true). (true should be convert to 1)

answered May 23, 2015 at 5:59

2 Comments

Try using === instead of ==.
I'm not sure how that would make a difference. If anything == would have a higher chance of working because === means you want to check if it's the same datatype. Even though they are I'm going to use == incase I forget to set the right type in the DB,

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.