Check status script

[iarp]

Hey, It's been one of those days where i just can't think straight.

 

I'm after a function that will check 2 things, userlevel and the minimum userlevel needed to view the page. I currently have :

 

<?php
function checkstatus($url, $level='1') { # This is the function i'm trying to build onto.
if ($url == 'lhome')
	if ($_SESSION['loggedin'])
		reloc('home');
elseif ($url == '404')
	reloc('404');
elseif ($url == 'home')
	reloc('home');
else
	if (!$_SESSION['user_id'])
		reloc('login', '?' . $url); 
}

function reloc($url, $from='') {
switch ($url) {
	case 'uri':
		$url = $_SERVER['REQUEST_URI'];
	break;
	case 'home':
		$url = "http://" . $_SERVER['HTTP_HOST'];
	break;
	case 'login':
		$url = "http://" . $_SERVER['HTTP_HOST'] . "/?login&redir=" . $from;
	break;
	case 'place':
		$url = "http://" . $_SERVER['HTTP_HOST'] . "/" . $from;
	break;
	case '404':
		$url = "http://" . $_SERVER['HTTP_HOST'] . "/404/";
	break;
}
header("Location: $url");
}
#This next function is one i've made while trying to come up with a solution, it basically pulls the users level from the table.
function rank() {
if ($_SESSION['loggedin']) {
	$r = mysql_query("SELECT userlevel FROM " . USERS . " WHERE uid = '" . $_SESSION['user_id'] . "'");
	$row = mysql_fetch_array($r, MYSQL_ASSOC);
	return $row['userlevel'];
}
}

?>

 

The levels that i currently work with:

1 = User

10 = Admin

d = disabled (need to check for d first and call reloc('404') if true)

 

Everything i've tried turns into a script so long and confusing i get lost and frustrated i just revert everything back and the try again. Try #6 landed me here. Any help is great. Thanks

[WolfRage]

Does your database catagorize the pages based on the needed level to veiw those pages? I think if it did then prior to allowing access to a page you can retrieve the pages access level, then see if the user meets the minimum user level, if they do they can veiw it else, they are redirected. Does this help at all?

[iarp]

The pages i'm trying to restrict access to are actully located in an if statement. It's 500 lines long ut it goes like this:

 <?php
} elseif (isset($_GET['profile'])) {
	checkstatus('profile','10'); # Only allow users of rank 10+
	$content->pagename = 'My Profile';
	require('themes/' . $cms->theme() . '/includes/header.php');

	$q = "SELECT * FROM " . USERS . " WHERE uid = '" . $_SESSION['user_id'] . "'";
	$r = mysql_query($q);
	$row = mysql_fetch_array($r, MYSQL_ASSOC);
	?>
	<form method="post">
		<label>Name:</label> <input type="text" value="<?php echo $row['fullname'] ?>" /><br />
		<label>Email:</label> <input type="text" value="<?php echo $row['useremail'] ?>" /><br />
	</form>
	<?php
	$cms->endEarly = TRUE;
	require('themes/' . $cms->theme() . '/includes/footer.php');
} elseif (isset($_GET['messages'])) {				# Internal messages form		# NOT IN USE/DISABLED
	checkstatus('mesages','d'); # d for disabled and i want it to show /404/ page
..... continues on furthur.. 
?>

[ngreenwood6]

Try this:

 

function checkstatus($url, $level) { # This is the function i'm trying to build onto.
if($level == '1')
{	
if ($url == 'lhome')
	if ($_SESSION['loggedin'])
		reloc('home');
elseif ($url == '404')
	reloc('404');
elseif ($url == 'home')
	reloc('home');
else
	if (!$_SESSION['user_id'])
		reloc('login', '?' . $url); 
}
}

[iarp]

Ya i had something like that, just i thought having 3 sets of reloc if statements was a waste of time and hoped their was a simplier way.

[ngreenwood6]

You could do an OR statement in there like this:

 

if($level == '1' || level == '10')

 

Then you could just add a new statement for level 10 to add onto what is already there like this:

 

if($level == '10')
{
//code here
}