Have users able to upload

jc624 · February 24, 2011

I have this php login where the admin can upload like this:

<?phpsession_start();if(!isset($_SESSION['logged'])){	header("Location: ../clientlogin.php");	exit;}	if($_SESSION['user_type'] != 'admin'){	header("Location: home_client.php");	exit;}if(!isset($_GET['project_id'])){	exit("Need to choose a project");}include 'functions.php';$conn = openDatabaseConn();$project_id = cleanQuery($_GET['project_id']);$project_result = mysql_query("SELECT * FROM projects LEFT JOIN clients ON projects.client_id = clients.client_id WHERE project_id = $project_id", $db);if(mysql_num_rows($project_result) < 1) { header("Location: admin.php"); exit; }$project_row = mysql_fetch_assoc($project_result);?>

and heres the user:

<?phpsession_start();if(!isset($_SESSION['logged'])){	header("Location: ../clientlogin.php");	exit;}	if(!isset($_GET['project_id'])){	exit("Need to choose a project");}include 'functions.php';$conn = openDatabaseConn();$project_id = cleanQuery($_GET['project_id']);$project_result = mysql_query("SELECT * FROM projects LEFT JOIN clients ON projects.client_id = clients.client_id WHERE project_id = $project_id", $db);$project_row = mysql_fetch_assoc($project_result);if($_SESSION['client_id'] != $project_row['client_id'])	exit("You do not have permission to view this page");?>

boen_robot · February 24, 2011

What's in upload.php? What's stopping you from just checking checking $_SESSION['logged'] and unconditionally allow the file upload if so?

jc624 · February 24, 2011

What's in upload.php? What's stopping you from just checking checking $_SESSION['logged'] and unconditionally allow the file upload if so?

Yeah got it looks like i just needed user' to be included. All set thanks!

Sign In

Have users able to upload

Recommended Posts

jc624

Link to comment

Share on other sites

boen_robot

Link to comment

Share on other sites

jc624

Link to comment

Share on other sites

Archived

Browse

Activity