I have a site where users can request to see other users private photos. The whole system is set up using php and mysql.
The basic idea is that one user can request to see another's private photo collection. by default every user in the database is set to and enum value of 'o' and if they send a request to see pictures and the user accepts this their enum value changes to 1 and they can see the users private photos.
I have this working fine, however i have created a table called 'permissions' with three columns like so:
user_id | private_id | privilege
2 4 1
5 6 0
so by demonstration from the table above; user id 2 can now see user id 4's private pictures. However user id 5 can not see user id 6's photos.
Like i said the basic idea works but at the moment if a user doesn't have permission or an enum value of 1 then they're suppose to see template image(s) with a padlock.
At the moment only the users which are paired in this table can view the padlock images/template images.
so for instance if user_id = 2 and private_id = 1 - then user 2 will be able to see the padlock/template images.
But this is wrong because i want all users to be able to see the padlock images (when logged in) if they have an enum value of 0.
Can someone show me where i am going wrong? I have tried but i can't figure it out. thanks.
i think i should also mention that i have a table called 'users' which holds my main user_ids, with email, contact numbers etc, and the table 'permissions' user_id has just been setup as an additional table to manage the permissions, so this might need to = 'users.user_id' but I'm not too sure of this, because i am still learning mysql.
FUNCTION:
function account_perms() {
global $connection;
global $_SESSION;
global $profile_id;
$query = "SELECT ptb_permissions.user_id, ptb_permissions.private_id, ptb_permissions.privellages
FROM ptb_permissions
WHERE ptb_permissions.private_id = \"$profile_id\"
AND ptb_permissions.user_id = ".$_SESSION['user_id']." ";
$account_perms = mysql_query($query, $connection);
confirm_query($query, $connection);
return $account_perms;
}
CODE:
<div="tj_gallery">
<? if (logged_in()) { ?>
<?php include('includes/mod_profile/mod_photos/private.php'); ?>
<? } ?>
</div>
PRIVATE.PHP:
<?php
$photo = "data/private_photos/$profile[1]/pic1.jpg";
if (!file_exists($photo)) {
$photo = "data/photos/0/_default.jpg";
}
$thumb = "data/private_photos/$profile[1]/thumb_pic1.jpg";
if (!file_exists($thumb)) {
$thumb = "data/photos/0/_default.jpg";
}
if (logged_in()) {
echo
"<li><a href=\"$photo\" rel=\"shadowbox\" title=\"<strong>$profile[2]'s Photo's</strong>\"><img src=\"$thumb\" width=\"90\" height=\"90\" alt=\"<strong>{$profile[2]}'s Photos</strong>\" /></a></li>";
}
?>
<? } } ?>
<?
$account_perms = account_perms();
while ($perms = mysql_fetch_array($account_perms)) {
if ($perms['privellages'] == '0') {
$photo = "data/private_photos/0/_default.jpg";
if (!file_exists($photo)) {
$photo = "data/photos/0/_default.jpg";
}
$thumb = "data/private_photos/0/_default.jpg";
if (!file_exists($thumb)) {
$thumb = "data/photos/0/_default.jpg";
}
if (logged_in()) {
echo
"<li><a href=\"privileges.php\" rel=\"shadowbox;height=300;width=500\" title=\"<strong>Access Denied</strong>\"><img src=\"$thumb\" width=\"90\" height=\"90\" alt=\"<strong>{$profile[2]}'s Photos</strong>\" /></a></li>";
}
?>
<? } } ?>