Search the Community
Showing results for tags 'role'.
-
here is a code of sign in page I want to add a role access for the student, teacher, and admin I have table name student in the database and a column role see image attached for database include("dbconfig.php"); session_start(); if($_SERVER["REQUEST_METHOD"] == "POST") { // username and password sent from form $name = mysqli_real_escape_string($con,$_POST['name']); $password = mysqli_real_escape_string($con,$_POST['password']); $sql = "SELECT user_id FROM student WHERE name = '$name' and password = '$password'"; $result = mysqli_query($con,$sql); $row = mysqli_fetch_array($result,MYSQLI_ASSOC); // $active = $row['active']; $count = mysqli_num_rows($result); if($count == 1) { //session_register("name"); $_SESSION['login_user'] = $name; header("location: allstudents1.php"); }else { $error = "Your Login Name or Password is invalid"; } } ?>
-
Code what i made so far. Your comments at what should i do differently. My configs.php <?php $userQuery = 'SELECT * FROM users WHERE id = :id'; $user = $db->prepare($userQuery); $user->bindParam(':id', $_SESSION['userId'], PDO::PARAM_INT); $user->execute(); $userInfo = $user->fetch(PDO::FETCH_ASSOC); ?> functions.php <?php function loginCheck(){ global $db; if(isset($_SESSION['userId'], $_SESSION['loginString'])){ $query = 'SELECT username FROM users WHERE id = :id'; $user = $db->prepare($query); $user->bindParam(':id', $_SESSION['userId'], PDO::PARAM_INT); $user->execute(); $row = $user->fetch(PDO::FETCH_ASSOC); if($user->rowCount() == 1){ if(hash('sha512', $row['username'].$_SERVER['HTTP_USER_AGENT']) == $_SESSION['loginString']){ return true; }else{ return false; } }else{ return false; } }else{ return false; } } function checkUserRole(){//can be user, admin and moderator global $userInfo; if($userInfo['userRole'] == 'admin' or $userInfo['userRole'] == 'moderator'){ return true; }else{ return false; } } ?> shoutbox.php Can this be done with one query? global $db, $userInfo; $sbQuery = 'SELECT * FROM shoutbox ORDER BY dateCreated DESC LIMIT 30'; $sb = $db->query($sbQuery); $usersQuery = 'SELECT * FROM users WHERE shoutBoxBan = "yes"'; $users= $db->query($usersQuery); $usersRow = $users->fetch(PDO::FETCH_ASSOC); $hiddenAction = ''; while($sbRow = $sb->fetch(PDO::FETCH_ASSOC)){ if(loginCheck() and checkUserRole()){ $hiddenAction = " <a href=\"javascript:;\" onClick=\"deleteMessage('".$sbRow['id']."')\" class=\"shoutBoxDelete\" title=\"Delete\">x</a>"; if($usersRow['username'] == $sbRow['username']){ $hiddenAction .= " <a href=\"javascript:;\" onClick=\"unBan('".$sbRow['username']."')\" class=\"shoutBoxBan\" title=\"Unban\">u</a>"; }else{ if($userInfo['username'] != $sbRow['username']){//admin and moderator cant ban themselves. $hiddenAction .= " <a href=\"javascript:;\" onClick=\"banUser('".$sbRow['username']."')\" class=\"shoutBoxBan\" title=\"Ban\">o</a>"; $hiddenAction .= " <a href=\"javascript:;\" onClick=\"tempBanUser('".$sbRow['username']."')\" class=\"shoutBoxBan\" title=\"Temp Ban\">ΓΈ</a>"; } } } ....................................