Thanks guys..
I tried gruant2000381341 suggestion... it kinda works.
...$sql = mysql_query("SELECT * FROM policies WHERE $ul='1'"); .... that $ul='1' needs to be like the session var.
when I log in using the code above, as user_level 2 .. it tells me "nothing to show" .. if i change the select to .... $ul='2' ... then it shows ALL results .. weather intended for that user level or not.
This is my current code.
<?php require_once('Connections/conn_resellers.php'); ?>
<?php require_once( "webassist/security_assist/helper_php.php" ); ?>
<?php
if (!WA_Auth_RulePasses("Logged in to users")){
WA_Auth_RestrictAccess("login.php");
}
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
// EVENTS SELECT
mysql_select_db($database_conn_resellers, $conn_resellers);
$query_events = "SELECT * FROM events";
$events = mysql_query($query_events, $conn_resellers) or die(mysql_error());
$row_events = mysql_fetch_assoc($events);
$totalRows_events = mysql_num_rows($events);
?>
<?php
//session_start();
// determine which query value based on session
if (isset($_SESSION['user_level'])) {
if($_SESSION['user_level']== 1) {$ul = 1;}
if($_SESSION['user_level']== 2) {$ul = 2;}
if($_SESSION['user_level']== 3) {$ul = 3;}
if($_SESSION['user_level']== 4) {$ul = 4;}
}
//run query
$sql = mysql_query("SELECT * FROM policies WHERE $ul='1'");
//initialize
$dynamicList = "";
//get count
$numRows = mysql_num_rows($sql);
//see if any returns
if ($numRows < 1) {
$dynamicList = "Notta";
//if results start loop
} else {
while($row = mysql_fetch_array($sql)){
//$name = $row["name"];
$filename = $row["file_name"];
//$date = $row["date"];
$dynamicList .= ' ' . $filename . '<br />';
}
}
//display the list
?>
....
<body>
<?php if(WA_Auth_RulePasses("authorized")){ // Begin Show Region ?>
<p>#2 Authorized rule shown</p>
<div class="policy-list"> <?php echo $dynamicList; ?> </div>
<?php } // End Show Region ?>
</body>
Here is the DB:
//-----------------------------------------------
CREATE TABLE `policies` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`file_name` varchar(45) NOT NULL,
`1` varchar(45) NOT NULL DEFAULT '0',
`2` varchar(45) NOT NULL DEFAULT '0',
`3` varchar(45) NOT NULL DEFAULT '0',
`4` varchar(45) NOT NULL DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=14 DEFAULT CHARSET=latin1;
//-----------------------------------------------
that 1, 2, 3, 4 is equal to the user_level.