MDanz Posted September 1, 2009 Share Posted September 1, 2009 how do i do.. if admin is logged in.. then show whatever e.g how do i make it only Admin? if ($_SESSION['username']) { //whatever } Link to comment https://forums.phpfreaks.com/topic/172712-solved-session-log-in-as-a-specific-user/ Share on other sites More sharing options...
JonnoTheDev Posted September 1, 2009 Share Posted September 1, 2009 Set a flag when an admin logs in. On all admin only sections check for the flag // login - check admin user $_SESSION['adminuser'] = ($row->admin == 1) ? true : false; // admin area if($_SESSION['adminuser']) { } Note you must check for admin privileges when a user logs in to set a flag. Link to comment https://forums.phpfreaks.com/topic/172712-solved-session-log-in-as-a-specific-user/#findComment-910374 Share on other sites More sharing options...
MDanz Posted September 1, 2009 Author Share Posted September 1, 2009 so i make a new field called admin, with type TINYINT right? Link to comment https://forums.phpfreaks.com/topic/172712-solved-session-log-in-as-a-specific-user/#findComment-910377 Share on other sites More sharing options...
JonnoTheDev Posted September 1, 2009 Share Posted September 1, 2009 Use whatever you want to flag a user as admin. i.e ENUM(0,1) Just use it in your condition when you check a user login from the database. Link to comment https://forums.phpfreaks.com/topic/172712-solved-session-log-in-as-a-specific-user/#findComment-910380 Share on other sites More sharing options...
MDanz Posted September 1, 2009 Author Share Posted September 1, 2009 ok i obviously did this wrong... <?php session_start(); mysql_connect("localhost", "Master", "password"); mysql_select_db("Login"); $admin = mysql_query("SELECT * FROM `Users`") or die("Error"); if ($_SESSION['username']($admin['admin'] == 0)) { how do i do, if the user is logged in check if the admin field is not equal to zero? Link to comment https://forums.phpfreaks.com/topic/172712-solved-session-log-in-as-a-specific-user/#findComment-910392 Share on other sites More sharing options...
JonnoTheDev Posted September 1, 2009 Share Posted September 1, 2009 no,no,no. what you should be doing is setting a flag in a session when you authenticate the user i.e. login. You should not be setting the username in a session (not needed after login). set another flag to say that the user is logged in. i.e. <?php // login.php if($_POST['action'] == 'login') { if(strlen(trim($_POST['username'])) && strlen(trim($_POST['password']))) { // check user $result = mysql_query("SELECT userId, admin FROM users WHERE username='".mysql_real_escape_string($_POST['username'])."' AND password='".mysql_real_escape_string($_POST['password'])."' LIMIT 1"); if(mysql_num_rows($result)) { // user valid $row = mysql_fetch_assoc($result); $_SESSION['userId'] = $row['userId']; // is this an admin user $_SESSION['admin'] = ($row['admin'] == 1) ? true : false; // redirect header("Location:welcome.php"); exit(); } } } ?> Now on page that needs authentication i.e welcome.php <?php // welcome.php // check user is authenticated if(!is_numeric($_SESSION['userId'])) { header("Location:login.php"); exit(); } // is the user an admin? if($_SESSION['admin']) { print "You are an admin"; } else { print "You are a standard user"; } ?> Link to comment https://forums.phpfreaks.com/topic/172712-solved-session-log-in-as-a-specific-user/#findComment-910504 Share on other sites More sharing options...
MDanz Posted September 2, 2009 Author Share Posted September 2, 2009 too complicated, don't know how to implement it into my code.. i want to check if the thats user logged in, has the admin field not equal to zero.. in the table, value 1 indicates your an admin, value 0 indicates your a normal user.. how do i check for this... this was my attempt <?php session_start(); mysql_connect("localhost", "Master", "password"); mysql_select_db("Login"); $admin = mysql_query("SELECT * FROM `Users`") or die("Error"); if ($_SESSION['username']($admin['admin'] == 0)) { Link to comment https://forums.phpfreaks.com/topic/172712-solved-session-log-in-as-a-specific-user/#findComment-910626 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.