Help with PHP

[itsmemario]

Hey, so I'm having an issue with a website, the code below shows an ADMIN button in profile if your UGrade is 255. Well, that works.

The problem is when I first restored my DB it had 60,000 accounts and probably because of that much, it's showing ADMIN button to everyone...

Any way to fix that?

PHP Code:

        <?php        
        ini_set('memory_limit', '-1');
        $aaa = mssql_query("SELECT * FROM Account");
        $ugid = mssql_fetch_assoc($aaa);
        $_SESSION['UGradeID'] = $ugid['UGradeID'];?>
        <?php if($_SESSION['UGradeID'] == 255){ ?>
         <li><a href="index.php?act=admin" class="admin_button"></a></li>
        <?php } ?>

Thanks.

[MentaL]

[Montage]

Hey, so I'm having an issue with a website, the code below shows an ADMIN button in profile if your UGrade is 255. Well, that works.

The problem is when I first restored my DB it had 60,000 accounts and probably because of that much, it's showing ADMIN button to everyone...

Any way to fix that?

PHP Code:

        <?php        
        ini_set('memory_limit', '-1');
        $aaa = mssql_query("SELECT * FROM Account");
        $ugid = mssql_fetch_assoc($aaa);
        $_SESSION['UGradeID'] = $ugid['UGradeID'];?>
        <?php if($_SESSION['UGradeID'] == 255){ ?>
         <li><a rel="nofollow" href="index.php?act=admin" class="admin_button"></a></li>
        <?php } ?>

Thanks.

why you dont try to wipe the account and try again even php not gives error?

[itsmemario]

why you dont try to wipe the account and try again even php not gives error?

I wiped it, it is showing button just for 255 UGrade now. But my fear is, when it reaches a certain number of accounts if it will bug again...

That's why I need someone to maybe tell me if the code is the best possible or it can be improved to prevent that.

And yeah no php error.

Thanks for posting!

[Montage]

that code need have config also that connect on database if you have config code please post here

[itsmemario]

that code need have config also that connect on database if you have config code please post here

Regular php connect script, there you go:

PHP Code:

<?php

$DBHost = 'PC\SQLEXPRESS'; //The host of your DB (I.E: MACHINE\SQL2005 or IP if remotelly)
$DBUser = 'sa'; //Your DB User 
$DBPass = 'my pass here'; //Your DB Password 
$DB = 'GunzDB'; //Your GunZDB 

$conn = @mssql_connect($DBHost, $DBUser, $DBPass); 
@mssql_select_db($DB); 

?>

[Montage]

can you screenshot gunzDB table and UGradeID= 255 was admin grade?

[Keristrasza]

your code just grabs every account in the database without any order and then checks if the first row has a 255 ugradeid o-o afaics the admin button would be showing based on whatever random internal order the sql server has

idk where you even find this stuff o-o

[itsmemario]

your code just grabs every account in the database without any order and then checks if the first row has a 255 ugradeid o-o afaics the admin button would be showing based on whatever random internal order the sql server has

idk where you even find this stuff o-o

It's from Genetic Gunz website, I really love it, its good looking and everything works...

Do you got any clue how to make it search/select only rows that has UGrade set to 255?

[Keristrasza]

well you presumably only want the button to show when an admin is logged in so it'd be like "SELECT UGradeID FROM Account WHERE AID = ?", where the ? is a prepared statement parameter that you'd bind to the user's AID

[anonymousit2016]

Great, thank for your answers!!!!

[itsmemario]

well you presumably only want the button to show when an admin is logged in so it'd be like "SELECT UGradeID FROM Account WHERE AID = ?", where the ? is a prepared statement parameter that you'd bind to the user's AID

I hate to keep asking stuff, I know it is annoying, but my php skills are lame... I tried thinking a way of doing it but I'm not sure how to

Well I'm gonna keep trying til you give me a hand (If you want and can)

I suppose $char['AID'] is the parameter for the AID

[Dave]

The problem with your code is that you literally select every account (why would you even do that in the first place), and then only fetch the first row.
You have to add a WHERE clause to your SQL query where you select an account based on the session AID or UserID (whatever you use), and then it should work just fine.

[itsmemario]

The problem with your code is that you literally select every account (why would you even do that in the first place), and then only fetch the first row.
You have to add a WHERE clause to your SQL query where you select an account based on the session AID or UserID (whatever you use), and then it should work just fine.

Oh I see, makes sense... is the code bellow correct? I'm not sure how to use if statement to check if UGradeID = 255

PHP Code:

$aaa = mssql_query("SELECT UGradeID FROM Account WHERE AID = '".$char['AID']"'"); 


[Modal]

Kind of off-topic, but why do people insist on using styled <a> tags for buttons? It's one thing to use <button>, but why <a>? Just make proper <input> elements. Cleaner.

[Montage]

im wondering on this code

"SELECT * FROM Account"

account means normal account not staff account right if you look on the database staff and normal account was same tbl?for example tbl_accountblahblah or tbl_accountblahblah i think your code was for normal account not for staff please check your code clearly or read what the codes for staff or for normal account or better give the whole files here so i can help you