Jump to content

Restrict user access in backend for specific pages!

z4z07

By z4z07
in PHP Coding Help

 Share

Recommended Posts

z4z07 Member

z4z07

Posted
Posted

Hi guys, in my database i have the table called users, where i have 5 fields (id, username, email, password, user_level) - for the user_level field i have 2 options administrator and editor.

 

What i want to do is that when the user who is logged in have administrator in the user_level field to see all the pages from backend, and the user who have in the user_level field editor to see only some of the pages from the backend such as newsletter, or messages.

 

I hope you understand what i'm asking if not fell free to ask me if you need more specific details.

 

I tried to make a php page called access.php wher i put the following code, but not working

<?php
session_start();
$sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id");
$user_level = $mysqli->query($sql);
echo $user_level;
if ($user_level !="administrator") {
	echo "You are not the proper user type to view this page";
    die();
  }
?>

Hope you can help me. Thx in advance for help. :)

Link to comment
Share on other sites
Gaab Newbie

Gaab

Posted
Posted

Hey,

<?php
session_start();
$sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id");
$user_level = $mysqli->query($sql);
echo $user_level;
if ($user_level !="administrator" || $user_level !="editor") {
	die("You are not the proper user type to view this page");
  }
if ($user_level =="administrator"){ echo"See all of the Page"; exit; }
if ($user_level =="editor"){ echo"See only newsletter in this Page"; exit; }
?>

Is this what you mean?

Link to comment
Share on other sites
z4z07 Member

z4z07

Posted
  • Author
Posted

Hey,

<?php
session_start();
$sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id");
$user_level = $mysqli->query($sql);
echo $user_level;
if ($user_level !="administrator" || $user_level !="editor") {
	die("You are not the proper user type to view this page");
  }
if ($user_level =="administrator"){ echo"See all of the Page"; exit; }
if ($user_level =="editor"){ echo"See only newsletter in this Page"; exit; }
?>

Is this what you mean?

 

Something like that, but except administrator part.

 

Forget the adminsitrator part because he can see al the pages.

 

What i want to do is to put the code into a .php page called access.php and include this page in the pages that i want to protect from the user who have user_level = editor.

 

So i want that the users who have user_level = editor to see only the pages that i've not included the script - the pages that are accesible for every one.

 

For example: i have pages admin.php, pages.php, newsletter.php and messages.php - the admin can view all the pages, but the editor can view online admin.php and newsletter.php, so for that i must include the script in the rest of the pages messages.php and pages.php to restrict access for users that are logged in with user_level = editor.

Link to comment
Share on other sites
Gaab Newbie

Gaab

Posted
Posted (edited)

Okay,

 

This is access.php:

<?php

// Include here your Database

session_start();
$sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id");
$user_level = $mysqli->query($sql);
echo $user_level;
if ($user_level =="editor") {$user_wert = "1";}
if ($user_level =="admin") {$user_wert = "2";}
?>

You take in the .php Files:

<?php

include 'access.php';


// only Admin:
if($user_wert == "2") // This is the Query for the Admin
{ echo "This Looks only the Admin"; exit; } else { die("No Admin"); }

// only Editor:
if($user_wert == "1") // This is the Query for the Editor
{ echo "This Looks only the Editors"; exit; } else { die("No Editor"); }

// If you want a Page for Admin and Editor say:
if($user_wert >= "1") // This is the Query for the Editor and Admins ( All Ranks over the Number "1")
{ echo "This Looks only the Editors or Admins"; exit; } else { die("You a normal User."); }


?>

I use for If Query's only numbers.

 

You can say, the "normal" User is number 0.

Edited by Gaab
Link to comment
Share on other sites
z4z07 Member

z4z07

Posted
  • Author
Posted

Not working :(...

 

If i logged in with a user who have user_level = admin or user_level = editor shows only No Admin.

 

In the pages.php file i've put the following code:

<?php include '_inc/access.php'; ?>
<?php
// only Admin:
if($user_wert == "2") // This is the Query for the Admin
{ echo "This Looks only the Admin"; exit; } else { die("No Admin"); }
?>

In this page i want only the admin to see it. :)

Link to comment
Share on other sites
jazzman1 Member

jazzman1

Posted
Posted

Go back to your first posting code:

<?php
session_start();
$sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id");
$user_level = $mysqli->query($sql);
echo $user_level;
if ($user_level !="administrator") {
echo "You are not the proper user type to view this page";
die();
}

Have you tried to foreach the values for every row, before using some if / else statement block?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.