Aramist

Olá amigos. Espero que possa me ajudar... Sou novato no estudo de PHP, e estou tentando fazer um sistema de níveis de acesso em PHP através do Dreamweaver. O problema é o seguinte: Quando tento acessar a área restrita não consigo. Porém se eu excluo o sistema de restrição de acesso ... consigo acessar normalmente. Segue abaixo os códigos dá página de login e de uma das páginas restritas. Login_admin.php <?php require_once('../Connections/Conndg.php'); ?> <?php // *** Validate request to login to this site. session_start(); $loginFormAction = $_SERVER['PHP_SELF']; if (isset($accesscheck)) { $GLOBALS['PrevUrl'] = $accesscheck; session_register('PrevUrl'); } if (isset($_POST['usu_nome'])) { $loginUsername=$_POST['usu_nome']; $password=$_POST['usu_senha']; $MM_fldUserAuthorization = "usu_nivel"; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "login_admin.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_Conndg, $Conndg); $LoginRS__query=sprintf("SELECT usu_nome, usu_senha, usu_nivel FROM usuarios WHERE usu_nome='%s' AND usu_senha='%s'", get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $Conndg) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'usu_nivel'); //declare two session variables and assign them $GLOBALS['MM_Username'] = $loginUsername; $GLOBALS['MM_UserGroup'] = $loginStrGroup; //register the session variables session_register("MM_Username"); session_register("MM_UserGroup"); if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> </head> <body> <?php if(isset($_GET["login_errado"])) { ?> <p><strong>O login e/ou senha não consta em nosso banco de dados.</strong></p> <?php } ?> <form ACTION="<?php echo $loginFormAction; ?>" name="form1" id="form1" method="POST"> <p><input name="usu_nome" type="text" id="usu_nome" /></p> <p><input name="usu_senha" type="password" id="usu_senha" /> </p> <p><input type="submit" name="Submit" value="Logar" /></p> </form> </body> </html> index.php <?php require_once('../Connections/Conndg.php'); ?> <?php //initialize the session session_start(); // ** Logout the current user. ** $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true"; if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){ $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){ //to fully log out a visitor we need to clear the session varialbles session_unregister('MM_Username'); session_unregister('MM_UserGroup'); $logoutGoTo = "login_admin.php"; if ($logoutGoTo) { header("Location: $logoutGoTo"); exit; } } ?> <?php session_start(); $MM_authorizedUsers = "1"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "login_admin.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php mysql_select_db($database_Conndg, $Conndg); $query_Recordset1 = "SELECT * FROM usuarios"; $Recordset1 = mysql_query($query_Recordset1, $Conndg) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); $totalRows_Recordset1 = mysql_num_rows($Recordset1); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Projeto: Portal de Not&iacute;cias [ &Aacute;rea Administrativa ]</title> <style type="text/css" media="screen"> <!-- @import url(../css/style_portal_admin.css); --> </style> </head> <body> <!-- Aproveite este simples modelo, e aprenda um pouco sobre Tableless --> <div id="global"> <div id="topo"> <h1>Portal de Notícias [ Admin ]</h1> </div> <!-- / Head --> <div id="menu"> <ul> <li><a href="index.php">Início do Admin</a></li> <li><a href="#">Log out</a></li> <li><a href="cadastro_usuario.php">Cadastrar usuário</a></li> <li><a href="noticia_inserir.php">Cadastrar notícias</a></li> <li><a href="adm.php">Editar Usuários</a></li> </ul> </div> <!-- / Menu --> <div id="conteudo_admin"> <h2>Relatório das notícias</h2> </div> <!-- / Conteudo Admin --> <div id="rodape"> <h4>Rodapé</h4> </div> <!-- / Rodapé --> </div> <!-- / Global --> Log out<a href="<?php echo $logoutAction ?>">Log out</a> </body> </html> <?php mysql_free_result($Recordset1); ?> Os níveis ded acesso no meu DB são: 1 e 2. no campo usu_nivel. Obrigado pela atenção.... Abraço