ccchan Posted March 14, 2009 Share Posted March 14, 2009 Hello all! Found your fourm, will probably be running here for help many times (such as now). Ok, so here's my dilemma: I have a user registration login stuffs set up on a site. In the VERY near future I'm going to need to be adding loads of new user levels to control access to certain content on my site. I'm trying to set up a system where I can just put a list of allowed user levels in a variable to specify who can get in and who is turned away. So far this is the function that I've made up: function isAllowed($id,$allow) { if(!$_SESSION['logged_in']) { return FALSE; } else { $cai = split(' ', $allow); $query = mysql_query("SELECT `Level_access` FROM `users` WHERE `ID` = '" . mysql_real_escape_string ( $id ) . "'"); $row = mysql_fetch_assoc($query); while(list($key,$val)=each($cai)) { if($val==$row['Level_access']) {//if the user level matches one of the allowed levels return TRUE; } else{ return FALSE; } } } } where "$id" will be the user id and "$allowed" is the list of user levels allowed to view the content in question. My "$allowed" variable will look a lot like this: $allowed = "1 2 3 5 6 12 15 28 56"; (delimited by spaces) Currently the function will only return the first user level listed as true and will deny access any user level after the first delimiter (if my variable contains "1 4 5 28 36" then it will only return true if user level is 1, my I have "47 32 1 5" it only returns true for 47). I'm guessing there's something wrong with "$cai = split(' ', $allow);" or "while(list($key,$val)=each($cai))". Any suggestions? Please help!! Thank you!!! -Chelsea Quote Link to comment Share on other sites More sharing options...
.josh Posted March 14, 2009 Share Posted March 14, 2009 $allowed = explode(' ',$allowed); if (in_array($row['Level_access'], $allowed)) { return TRUE; } else { return FALSE; } Quote Link to comment Share on other sites More sharing options...
ccchan Posted March 14, 2009 Author Share Posted March 14, 2009 It didn't work for me... :-\ After the change, it didn't allow any user level to return true. I probably screwed something up. this is what I changed it to: else { $query = mysql_query("SELECT `Level_access` FROM `users` WHERE `ID` = '" . mysql_real_escape_string ( $id ) . "'"); $row = mysql_fetch_assoc($query); $allowed = explode(' ',$allowed); if (in_array($row['Level_access'], $allowed)) { return TRUE; } else { return FALSE; } } -Chelsea Quote Link to comment Share on other sites More sharing options...
.josh Posted March 14, 2009 Share Posted March 14, 2009 Well, I notice in your posted code, you pass $allow to your function. I used $allowed. Since it looks like you copied the code verbatim, did you make the necessary alterations, elsewhere? Quote Link to comment Share on other sites More sharing options...
ccchan Posted March 14, 2009 Author Share Posted March 14, 2009 oh, duh. I get a little help and I forget to try and think for myself. You're awesome! Works perfectly now. Thanks a bunch!!! -Chelsea Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.