captain_scarlet87 Posted February 16, 2010 Share Posted February 16, 2010 Hi, I need a bit of help with some code determining whether a user that logs in is an admin or just a normal user. The admin will need to have specific links in the menu related to just them and then obviously different links available when a normal user is logged in or when no one is logged in at all. So far I have a SQL table which has a field for the role of the user with the value of 1 = admin and 0 = normal user. Below is the code i've got so far, now just need to retrieve the role value from the table and display the appropriate links. Any help will be appreciated. Thanks. <!-- End of Content --> </div> <div id="Menu"> <a href="index.php">Home</a><br /> <?php # Script 13.2 - footer.html // This page completes the HTML template. // Display links based upon the login status. // Show LOGIN links if this is the LOGOUT page. if (isset($_SESSION['username']) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) { echo '<a href="logout.php">Logout</a><br /> <a href="change_password.php">Change Password</a><br /> <a href="upload_instructions.php">Upload Instructions</a><br /> <a href="upload.html">Upload Video Tutorial</a><br /> '; } else { // Not logged in. echo ' <a href="register.php">Create User</a><br /> <a href="login.php">Login</a><br /> <a href="forgot_password.php">Forgot Password</a><br /> '; } ?> </div> </body> </html> <?php // Flush the buffered output. ob_flush(); ?> Quote Link to comment Share on other sites More sharing options...
gizmola Posted February 16, 2010 Share Posted February 16, 2010 Please use php tags around your code. Hopefully you actually indent your code blocks. Your existing code assumes a $_SESSION variable 'username' being set. Wherever that code is set, you should also be setting a variable like 'userlevel'. From there, it would be easy enough to modify this script to offer admin links. if (isset($_SESSION['userLevel']) && ($_SESSION['userLevel'] === 1)) { // This is an admin } Just remember that your admin functions should also check this variable. Just because you don't display someone a link, doesn't mean that they might not find out the url to it. Showing or hiding the links is only one part of the problem. For that reason it would probably be good to move this code into a function called isAdmin() or something like that, which you can easily check wherever you need to test whether the person is an admin or not. Quote Link to comment Share on other sites More sharing options...
captain_scarlet87 Posted February 21, 2010 Author Share Posted February 21, 2010 Sorry for the late reply i've had limited access to my computer over the last few days. Anyways i've tried to replace the username session with the admin session: if (isset($_SESSION['admin']) && ($_SESSION['admin'] === 1) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) { echo '<a href="logout.php">Logout</a><br /> <a href="change_password.php">Change Password</a><br /> <a href="upload_instructions.php">Upload Instructions</a><br /> '; } else { // Not logged in. echo ' <a href="register.php">Create User</a><br /> <a href="login.php">Login</a><br /> <a href="forgot_password.php">Forgot Password</a><br /> '; } However when logging in with a user with admin set to 1 it displays the logged out links. Here is my login.php which i'm guessing is where the admin session is obtained from: <?php # Script 13.8 - login.php // This is the login page for the site. // Include the configuration file for error management and such. require_once ('./includes/config.inc.php'); // Set the page title and include the HTML header. $page_title = 'Login'; include ('./includes/header.html'); if (isset($_POST['submitted'])) { // Check if the form has been submitted. require_once ('../mysql_connect.php'); // Connect to the database. // Validate the username. if (!empty($_POST['username'])) { $fn = escape_data($_POST['username']); } else { echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>'; $fn = FALSE; } // Validate the password. if (!empty($_POST['pass'])) { $p = escape_data($_POST['pass']); } else { $p = FALSE; echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>'; } if ($fn && $p) { // If everything's OK. // Query the database. $query = "SELECT username, admin FROM users WHERE (username='$fn' AND pass=SHA('$p'))"; $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error()); if (@mysql_num_rows($result) == 1) { // A match was made. // Register the values & redirect. $row = mysql_fetch_array ($result, MYSQL_NUM); mysql_free_result($result); mysql_close(); // Close the database connection. $_SESSION['admin'] = $row [1]; $_SESSION['username'] = $row[0]; // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { // No match was made. echo '<p><font color="red" size="+1">The username and password entered do not match those on file.</font></p>'; } } else { // If everything wasn't OK. echo '<p><font color="red" size="+1">Please try again.</font></p>'; } mysql_close(); // Close the database connection. } // End of SUBMIT conditional. ?> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Username:</b> <input type="text" name="username" size="30" maxlength="30" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <?php // Include the HTML footer. include ('./includes/footer.html'); ?> I have a header file that starts the buffering of the sessions. Am I doing something wrong? Any suggestions are more than welcome, I am clueless! Thanks. Quote Link to comment Share on other sites More sharing options...
captain_scarlet87 Posted February 22, 2010 Author Share Posted February 22, 2010 bump Quote Link to comment Share on other sites More sharing options...
ignace Posted February 22, 2010 Share Posted February 22, 2010 I highly disadvice against the use of integer as an indicator for a user level it's just not readable. Any programmer that will have to maintain your work will have to write down which number stands for which role. A much easier approach is: class User { const ROLE_VISITOR = 1; const ROLE_MEMBER = 2; const ROLE_ADMINISTRATOR = 4; private $data = array(); public function __construct($data) { $this->data = $data; } public function isVisitor() { return $this->_getRole() & self::ROLE_VISITOR; } public function isMember() { return $this->_getRole() & self::ROLE_MEMBER; } public function isAdministrator() { return $this->_getRole() & self::ROLE_ADMINISTRATOR; } private function _getRole() { return (isset($data['role']) && is_integer($data['role'])) ? $data['role'] : self::ROLE_VISITOR; } } // in your script if ($user->isAdministrator()) { Something like that is readable Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.