Jump to content

Authenticating the user according to level set in the database.

iarp

By iarp
in PHP Coding Help

 Share

Recommended Posts

iarp Regular Member

iarp

Posted
Posted

Hey, this is my story.

 

In the header file i have this:

 

$userlevel = $_SESSION[‘userlevel’]

 

On my admin pages i've put:

 

include ('../includes/header.php'); 

if ($userlevel == "9"){
?>
                <div id="content">

                <!—Show admin content here à

                </div> <!-- END CONTENT -->
<?php
include ('../includes/footer.php');
} else {
                <!—if the person requesting the page is not the correct userlevel, redirect them to the home page. -->

                                                $url = 'http://' . $_SERVER['HTTP_HOST'];
                                                if ((substr($url, -1) =='/') OR (substr($url, -1) == '\\') ) {
                                                                $url = substr ($url, 0, -1); // Chop off the slash.
                                                }
                                                $url .= '/index.php';
                                                header("Location: $url");
                                                exit(); 
}
?>

 

Now what i’m worried that someone with better knowledge in this field will be able to get by this very easily.

p.s. i'm using

 if ($userlevel == "9") { echo '<a href="../admin/view_users.php">View Users</a><br />'; }

for my menu items.. should seem to be fine.

 

Any helps appreciated

--

Thanks

Iarp

Link to comment
Share on other sites
iarp Regular Member

iarp

Posted
  • Author
Posted

I've very new to this php & mysql integration, i just finish going through like 4 books on it... kind of a drag but it helped more then i thought.

 

As i have it admin is 9, guest is 1 and user is 2.

 

And i didn't know if there was a possible way for someone to forge the number and get by without my passwords and such, thanks though. Safer to ask then hope it doesn't happen to you.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.