Jump to content

How do i check a users level?


Tom8001
Go to solution Solved by QuickOldCar,

Recommended Posts

i need to know how i can check a users level in my login.php page it works i have 

$sql = "SELECT * FROM $tbl_name WHERE username = '$username' AND password='$password'";
	$result = mysql_query($sql);
	$count = mysql_num_rows($result);
	$row = mysql_fetch_assoc($result);
	$user_level = $row['user_level'];

	if($count == 1) {

		$_SESSION['loggedIn'] = true;
		session_write_close();
		header("Location: index.php");

	} else {

		echo "The username or password you entered is incorrect!";
	} if($row['user_level'] == 1) {

		header("Location: admin.php");
		
	} else if($row['user_level'] == -1) {

		header("Location: banned.php");
	}

but i need to know how to check it in another file because it is not working i am trying to add it to admin.php to check the users level & if they are not admin then echo you are not admin.  <-- it says that although the user is an administrator it is saying they are not.

 

This is what i have in admin.php

<?php

require 'connect.php';

session_start();

$sql = "SELECT * FROM $tbl_name WHERE username = '$username' AND password='$password'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
$user_level = $row['user_level'];

if(!isset($_SESSION['loggedIn'])) {

	echo "You are not currently logged in and to view this page you must be logged in to have access. <a href='login.php'> You can login here </a>";
	die();

} if($row['user_level'] == 1) {

	//DO NOTHING
} else {

	echo "Your not an administrator so you are denied access to this page.";
	die();
}

?>
Edited by Tom8001
Link to comment
Share on other sites

  • Solution

I made some changes

$sql        = "SELECT * FROM $tbl_name WHERE username = '$username' AND password='$password'";
$result     = mysql_query($sql);
$count      = mysql_num_rows($result);
$row        = mysql_fetch_assoc($result);
$user_level = $row['user_level'];
if ($count == 1) {
   
    $_SESSION['loggedIn'] = true;
   
    if ($row['user_level'] == 1) {
       
        $_SESSION['user_level'] = 1;
       
        header("Location: admin.php");
       
        exit();
    } else if ($row['user_level'] == -1) {
       
        $_SESSION['user_level'] = -1;
       
        header("Location: banned.php");
        exit();
    }

//default user
//setting them a user level?
    header("Location: index.php");
    exit();

} else {
    header("Location: login.php");
    exit();
}

Then the checking session

<?php
session_start();
if (!isset($_SESSION['loggedIn'])) {
   
    echo "You are not currently logged in and to view this page you must be logged in to have access. <a href='login.php'> You can login here </a>";
    die();
}
if ($_SESSION['user_level'] == -1) {
    //banned
    die("You are banned");
}

if ($_SESSION['user_level'] == 1) {
    //admin
    //DO NOTHING
} else {
    //not admin
    echo "Your not an administrator so you are denied access to this page.";
    die();
}
?>
Edited by QuickOldCar
  • Like 1
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.