jc624 Posted February 24, 2011 Share Posted February 24, 2011 I have this php login where the admin can upload like this: <?phpsession_start();if(!isset($_SESSION['logged'])){ header("Location: ../clientlogin.php"); exit;} if($_SESSION['user_type'] != 'admin'){ header("Location: home_client.php"); exit;}if(!isset($_GET['project_id'])){ exit("Need to choose a project");}include 'functions.php';$conn = openDatabaseConn();$project_id = cleanQuery($_GET['project_id']);$project_result = mysql_query("SELECT * FROM projects LEFT JOIN clients ON projects.client_id = clients.client_id WHERE project_id = $project_id", $db);if(mysql_num_rows($project_result) < 1) { header("Location: admin.php"); exit; }$project_row = mysql_fetch_assoc($project_result);?> and heres the user: <?phpsession_start();if(!isset($_SESSION['logged'])){ header("Location: ../clientlogin.php"); exit;} if(!isset($_GET['project_id'])){ exit("Need to choose a project");}include 'functions.php';$conn = openDatabaseConn();$project_id = cleanQuery($_GET['project_id']);$project_result = mysql_query("SELECT * FROM projects LEFT JOIN clients ON projects.client_id = clients.client_id WHERE project_id = $project_id", $db);$project_row = mysql_fetch_assoc($project_result);if($_SESSION['client_id'] != $project_row['client_id']) exit("You do not have permission to view this page");?> Link to comment Share on other sites More sharing options...
boen_robot Posted February 24, 2011 Share Posted February 24, 2011 What's in upload.php? What's stopping you from just checking checking $_SESSION['logged'] and unconditionally allow the file upload if so? Link to comment Share on other sites More sharing options...
jc624 Posted February 24, 2011 Author Share Posted February 24, 2011 What's in upload.php? What's stopping you from just checking checking $_SESSION['logged'] and unconditionally allow the file upload if so?Yeah got it looks like i just needed user' to be included. All set thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.