Jump to content

Recommended Posts

Yeahh it's really that simple. Best way is to set the field to integer, probs with a length of just 1 - unless you plan on making more than 10 levels of users?

 

Then have another table setup to define the user levels, something like:

 

user_lvl / name

--------------

1 / Basic user

2 / Moderator

3 / Admin

 

.. or something similar so you can have a descriptive name for the user level you can lookup to display on the website. You can obviouslly make it much more advanced if you wished...

 

When the user logs in simply check their user level against whatever you want to set for that particular page.. and there you go basic user permissions..

 

Adam

well database is also safer than flat file. if you do flat file anyone can just open the file and view user, email, password(if your not encrypting it.)

Also if you aren't good with DB it is worth taking the time to learn because it really opens up a world new things you can do with PHP or any other Serverside script.

So I would basically have to do it by using like if statements to show what will show/what they can do depending on their level id? like..

 

(1 = admin)

--

 

if($id == "1"){

can do something

} else {

can't

}

 

That's the 'correct' way of doing it? Or is there a more professional way?

The way I usedto do it for a mafia game I coded was have a seperate table called staff,

 

Staff ----

 

id INT

username VARCHAR

level INT(1)

Staff_IP

Last_IP VARCHAR

pin INT

 

Then I would check if their username session was stored in that table

 

ie.

 


$query = "SELECT pin, level FROM staff WHERE username = " . mysql_real_escape_string($username) . " LIMIT 1";
$result = @mysql_query($query);
$n = mysql_num_rows($result);

if ($n == 1){

$row = mysql_fetch_row($result);

$pin   = $row[0];
$level = $row[1];

$required_level = 1 // 1 for help desk // 2 for mod // 2 for admin
if ($level < $required_level){

die("Access denied.");

}else{

//code

//check if they enter correct 4 digit staff pin...

}

}else{

die("Restricted access.");

}

 

I would also log the IP of the last person who made an action on that account and check it against the staff members IP

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.