My PHP function not working

Question

I'm working on something a bit more for myself, thats for another website that I own. It involves a lot of groups with permissions and such, and right now i have a function that looks like this

function hasPermission($user, $permission){
    global $connection;

    $sql = "SELECT * FROM admins WHERE `ID` = '". $user ."'";

    $rs = $connection->query($sql);

    if ($rs){
        $user = $rs->fetch_array(MYSQL_ASSOC);
        $userRank = $user['Rank'];

        $sql = "SELECT * FROM `ranks' WHERE `RankName` = '". $userRank ."'";
        $rs = $connection->query($sql);

        if ($rs){
            $rank = $rs->fetch_array(MYSQL_ASSOC);

            if ($rank[$permission] == 1){
                return true;
            }
            else{
                return false;
            }
        }
    }
    else{
        echo($connection->error);
    }
}

Then when I call the function with the parameters set like this if (hasPermission($_SESSION['ID'], 'IsFullAccess') == true) it returns false, and I get my custom error message saying I don't have permission. And yes, in my database, the "IsFullAccess" column is set to 1 for that rank.

What am I doing wrong here?

Answer 1

After reading your code, it seems like you're not familiar with sql's JOIN:

your query looks something like this:

$sql= "SELECT r.$permission as p FROM admins a JOIN ranks r ON a.rank=r.RankName WHERE a.ID=$user";
$rs = $connection->query($sql);
if (!$rs)
    return false;
$hasPermission = $rs->fetch_array(MYSQL_ASSOC);
return $hasPermission['p'];

(keep in mind sql injection)

Make sure that the db returns the result you expect before testing it within php

Answer 2

Try to use hasPermission($_SESSION['ID'], 'IsFullAccess') == 1) instead of hasPermission($_SESSION['ID'], 'IsFullAccess') == true). (true should be convert to 1)