[Pugged] Auth Revisited

Chris Van Cleve ciapug@ciapug.org
Thu, 26 Sep 2002 16:58:58 -0500 

Alright. I'm at my wit's end. I can't figure out why this isn't working=20=

with any code structure I've tried.

The calling page has this at the top:

<?php
$auth =3D 50;
include("header.inc.php");
=00=00
header.inc.php includes this call:

<?php
if ($auth > 1)
{
require('accesscontrol.inc.php');
}  ?>

The accesscontrol.php is this:

  <?php
if(!$_POST['username'] && !$_SESSION['username']) {
  include("lheader.inc.php"); ?>
<td background=3D"<?=3D $rurl ?>images/mainbkg.png" width=3D"75%"=20
height=3D"100%" valign=3D"top" align=3D"center">
   <table width=3D"75%" border=3D"0" cellspacing=3D"5" cellpadding=3D"5">
     <tr>
       <td align=3D"center"> <h2><font color=3D"#FF0000">ACCESS=20
DENIED!</font></h2></td>
     </tr>
     <tr>
       <?php $asql =3D "SELECT sec_name FROM ma_security WHERE sec_level =
=3D=20
$auth";
  			$result =3D $db->Execute($asql);
  			$lvl =3D $result->fields['sec_name']; ?>
       <td> <p><b>The portion of this website you are trying to access=20=

requires
           secure authentication, and an access level of &quot;<?=3D =
$lvl=20
?>&quot;
           or higher. If you do not have high enough access, please go=20=

<a href=3D"javascript:history.back()">back</a>,
           or visit our <a href=3D"<?=3D $rurl ?>index.php">home=20
page</a>.</b></p>
         <p><b>If you have not registered for an account with us yet,=20
please fill
           out our <a href=3D"<?=3D $rurl =
?>users/usr_reg.php">registration=20
form</a>.</b></p></td>
     </tr>
   </table>
   <?php include("footer.inc.php");
exit();
}

if($auth > $_SESSION['usr_seclvl']) {

include('lheader.inc.php'); ?>
<td background=3D"<?=3D $rurl ?>images/mainbkg.png" width=3D"100%"=20
height=3D"100%" align=3D"center" valign=3D"top">
   <table width=3D"75%" border=3D"0" cellspacing=3D"5" cellpadding=3D"5">
     <tr>
       <td align=3D"center"> <h2><font color=3D"#FF0000">ACCESS=20
DENIED!</font></h2></td>
     </tr>
     <tr>
       <td> <p><b>Your access level is not high enough to access this=20
page. Please
           selct another page to visit by clicking an icon to the left,=20=

or click
           the 'Mystic Adventures' title above to return to the home=20
page.</b></p>
         <p><b>Name:</b>
           <?=3D $_SESSION['username'] ?><br>
           <b>Author:</b>
           <?=3D $_SESSION['author'] ?><br>
           <b>Security Level:</b>
           <?=3D $_SESSION['seclvl'] ?><br>
           <b>Security Required:</b>
           <font color=3D"#FF0000"><?=3D $auth ?></font><br>
         </p></td>
     </tr>
   </table>
   <?php include('footer.inc.php');
exit();
}
?>=00=00

Any ideas wtf I'm doing wrong? The code makes sense to me, the page=20
shows my access at 99, and required at 50, but it denies no matter what.