In my site I have a Staff lounge, But it seems that everyone can see it, whether your a member or now.
Header.inc.php:
$userinfo = mysql_fetch_array(mysql_query("SELECT * FROM members WHERE username='$username'"));
$rank = $userinfo[rank];
$rank1 = $userinfo[rank1];
$rank2 = $userinfo[rank2];
$rank3 = $userinfo[rank3];
$rank4 = $userinfo[rank4];
if (!$checkrank) { $checkrank = 0; }
if (!$rank) { $rank = 0; }
if (!$rank == ' ') { $rank = 0; }
if ($rank < $checkrank)
{
header("Location: $baseurl/index.php?error=You+can+not+view+this+page.");
}
if ($rank >= 30)
{
$admin = "<a href=\"$baseurl/staff/admin.php\">Admin</a>";
}
Ranks are 5-30 The higher the rank the more of the staff lounge members can see, However No matter what peoples ranks are everyone can see the page (BUT THE ADMIN AREA, Thats the only thing no one can see other than RANK 30 people)
At the top of each page I have (banners.php):
$checkrank = 5;
if ($rank <= 0)
{
header("Location: $baseurl/index.php?article=$article&error=Only+SketchedNeo+staff+can+see+this.");
}
include ($_SERVER['DOCUMENT_ROOT'].'/staff/header.inc.php');
A friend and I sat here for hours last night, Changing the $checkrank to 20 and the if $rank 18 and then making her rank to 15 on the database, but she would still see all pages.
My database structure is:
id int(11)
username varchar(200) latin1_swedish_ci
password varchar(216) latin1_swedish_ci
security varchar(200) latin1_swedish_ci
email varchar(216) latin1_swedish_ci
ip varchar(200) latin1_swedish_ci
rank varchar(216) latin1_swedish_ci
name varchar(30) latin1_swedish_ci
age varchar(40) latin1_swedish_ci
gender varchar(40) latin1_swedish_ci
location varchar(40) latin1_swedish_ci
helpfaerie int(11)
profile text latin1_swedish_ci
about text latin1_swedish_ci
tasks text latin1_swedish_ci
joined varchar(216) latin1_swedish_ci
laston int(200)
icedmutereason text latin1_swedish_ci
icedmutedetails text latin1_swedish_ci
icedmuteby varchar(200) latin1_swedish_ci
icedmutedate int(200)
posts int(11)
signature varchar(216) latin1_swedish_ci
avatar varchar(216) latin1_swedish_ci
neohtml text latin1_swedish_ci
siggy text latin1_swedish_ci
verify int(11)
changedpass int(1)
How can I make it so only members with a minimum rank see pages? I need it to be for example members with rank 17+ can see this page, Therefore members with ranks 16 and Lower are redirected back to the home page.
I found a tutorial for ACL (access control list)
You need to prevent any page output after sending redirect headers.
header("Location: $baseurl/index.php");
die();
If you don't stop the script from executing, then the redirect will never happen.