Can anyone see what is wrong with this shorthand in relation to the problem below?
echo "<td><font size=1 color=#e4d6b5>" . ($row['tier']<$_SESSIONS['tier'] ? "ACCESS DENIED" : $row['contents']) . "</font></td>";
I have two tables in my database:
1.) members (id,username,email,password,salt,tier) <-tier is the user's security clearance level.
2.) opwire (category,contents,date,userid,seclevel) <-opwire stores user submitted data, userid is just a number that references the user who just submitted data to opwire. Seclevel is how high of a security clearance level (tier) a user needs to see that particular line of submitted data.
I'm attempting to get the currently logged in user to be granted or restricted access to 'contents' based on their security tier (referencing member's tier vs opwire's seclevel.) I'm also not entirely confident I'm using http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
and I usually get the current user with:
$userId = $_SESSION['user_id'];
The entire table building php is below. Currently users with any tier can incorrectly view any seclevel contents when their tier should be restricting it.
<?php
include_once 'functions.php';
include_once 'db_connect.php';
sec_session_start();
if(login_check($mysqli) == true) {
$con=mysqli_connect("localhost","mylogin","mypassword","mysqldatabase");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
function getColor($strOption)
{
switch ($strOption)
{
case "Case 1":
return "#cbae80";
case "Case 2":
return "#e59350";
case "Case 3":
return "#b7aaa4";
}
}
$result = mysqli_query($con,"SELECT opwire.*,members.username FROM opwire
LEFT JOIN members on opwire.userid=members.id order by date DESC");
echo "<table border='1'>
<tr>
<th>Category</th>
<th>Contents</th>
<th>Date/Time</th>
<th>Operative</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td><font size=1 color='".getColor($row['category'])."'> " . $row['category'] . "</font></td>";
echo "<td><font size=1 color=#e4d6b5>" . ($row['tier']<$_SESSIONS['tier'] ? "ACCESS DENIED" : $row['contents']) . "</font></td>";
echo "<td><font size=1 color=silver>" . $row['date'] . "</font></td>";
echo "<td><font size=1 color=gold>" . $row['username'] . "</font></td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
} else {
echo 'Access to this area requires security clearance. <br/>';
}
?>