exhaler Posted November 29, 2009 Share Posted November 29, 2009 hi all, i'm trying to figure out how i can create/control account with privileges, for instance an Administrator creates an account but gives it guest privileges (able to see data but not edit, or delete it, not able to create users). when a user logs in, i store his/her privileges is a session. $_SESSION['staff_privilege'] = $found_user['privilege']; i wrote this function to check for privileges and placed it in the create user page. (1 = admin, 2 = guest) function get_privilege() { if (logged_in() && isset($_SESSION['staff_privilege'])) { if ($_SESSION['staff_privilege'] == 2) { redirect_to("../staff/staff_browse.php?privilege=false"); } } else { redirect_to("../staff/index.php"); } } for instance if a user with guest privileges goes to create user page, he/she will get redirect to another page showing a message. the above code is working, but i'm wanted other ideas about how this could be accomplished in another way thx Link to comment https://forums.phpfreaks.com/topic/183323-controllingcreating-accounts-with-privileges/ Share on other sites More sharing options...
gerkintrigg Posted November 29, 2009 Share Posted November 29, 2009 Hmm not a bad stab at it. I use sessions too. I notice you're using other functions within the get_privilege() function... are you referencing / including those correctly? It may just be that you've forgotten to start the sessions correctly... not included a database connection or the functions are undefined / not included. I just use an include rather than a function and include it at the top of all pages that need member details to be checked. it looks like this: if ($_SESSION['admin']!='y'){ $go=$root.'errors/not_admin.php'; header("Location: ".$go); } I recently extended it to ensure that members of my staff who left would automatically inform me if they tried to access the admin section without authority (I thought they may try to nab my contacts)... if ($_SESSION['my_id']=='51'){ $go=$root.'errors/not_authorised.php?id='.$_SESSION['my_id']; header("Location: ".$go); }if ($_SESSION['my_id']=='59'){ $go=$root.'errors/not_authorised.php?id='.$_SESSION['my_id']; header("Location: ".$go); } if you had a lot of members of staff like that, you could always use a switch statement instead. What's the error you're getting (if at all)? Link to comment https://forums.phpfreaks.com/topic/183323-controllingcreating-accounts-with-privileges/#findComment-967720 Share on other sites More sharing options...
exhaler Posted November 30, 2009 Author Share Posted November 30, 2009 my code is working no errors at all, and i include the function get_privilege() in pages that need member details to be checked. i just wanted other opinions about how this could be done Link to comment https://forums.phpfreaks.com/topic/183323-controllingcreating-accounts-with-privileges/#findComment-968032 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.