It looks like $indinfo *may* get set to FALSE
and passed back on a failed query. I'd vardump()
the $username in findLoginType() and make sure
it's going in correctly, and that your output is not
FALSE coming out.
I also seem to remember something about
"==" not being an equality operator for strings.
Seems like, and I may be incorrect here, that
$a == $b is only true if they reference the same
object in memory. Perhaps there's something
about that for $a == 's'
For giggles, use strcmp() and see if it helps.
That "==" issue is about 1-2 years old by now,
and I'm not sure if it ever changed, or what the
status is currently.
'Luck!
-Szii
----- Original Message -----
From: "J. Wharton" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 24, 2002 8:51 AM
Subject: Re: [PHP-DB] User getting superuser access. ack!
> here's the code for findLoginType($username):
>
> function findLoginType($username)
> {
> $dbusername="foo";
> $password="bar";
> DBConnect($dbusername, $password); //sets up a connection with the mysql
> database
>
> $userquery="select * from users where username='$username'";
> $theresultsplz=mysql_query($userquery) or die (mysql_error());
> $indinfo=mysql_fetch_object($theresultsplz);
> return $indinfo->usertype;
> }
>
>
> <[EMAIL PROTECTED]> wrote in message
> 01c701c1eb00$3fdf7120$[EMAIL PROTECTED]">news:01c701c1eb00$3fdf7120$[EMAIL PROTECTED]...
> > Well, that looks like a problem within the findLoginType()
> > call. Since it's not been included, it's hard to help you. :)
> >
> > 'Luck
> >
> > -Szii
> >
> >
> > ----- Original Message -----
> > From: "J. Wharton" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, April 23, 2002 11:09 AM
> > Subject: [PHP-DB] User getting superuser access. ack!
> >
> >
> > > I am having a problem where from certain browsers, a user gets the
> superuser
> > > access, but from mine, she gets normal access. Help!
> > >
> > > Here is a snippet of my code:
> > >
> > > //findLoginType returns a single character code stored in the user table
> for
> > > each user.
> > > //variable $username=$REMOTE_USER as previously defined.
> > >
> > > $hm=findLoginType($username);
> > > if ($hm=='s')
> > > {echo "<meta http-equiv=\"refresh\" content=\"0; URL=supaIndex.php\">";}
> > >
> > > else
> > > { //do normal user stuff}
> > >
> > >
> > >
> > >
> > >
> > > --
> > > PHP Database Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
