V Posted July 25, 2010 Share Posted July 25, 2010 Hey all, I will really appreciate any sort of advice! I'm making a site that will have users. I created some setting pages for administrating the site, like adding new entries, updating, deleting.. and I'm also making a page where users with "writer" privileges can just post entries. I'm not sure what's the standard way to protect those pages or use permissions. What sort of solutions do you use for something like this using php and mysql? Link to comment https://forums.phpfreaks.com/topic/208846-protecting-pages-made-for-site-administrators/ Share on other sites More sharing options...
rascle Posted July 25, 2010 Share Posted July 25, 2010 Its probably not that secure but personnally I would just you an if. So if(loggedusername['priviliges'] == "writer"){ //IF THE USER HAS THE WRITER PRIVILIGE //SHOW THE PAGE }else{ //IF THEY DONT THEN SHOW AN ERROR MESSAGE echo "Unfortunately you do not have the privilige to see this page!"; } Hope this helps Link to comment https://forums.phpfreaks.com/topic/208846-protecting-pages-made-for-site-administrators/#findComment-1090952 Share on other sites More sharing options...
msaz87 Posted July 25, 2010 Share Posted July 25, 2010 Using an if or a switch to figure out whether they have access is good, but then you might also turn that into a function and include it on all the pages so that someone can't directly access an admin page, or maybe have the successful login set a $_SESSION variable that other pages check to ensure they have permission to be there. Link to comment https://forums.phpfreaks.com/topic/208846-protecting-pages-made-for-site-administrators/#findComment-1091026 Share on other sites More sharing options...
smonkcaptain Posted July 25, 2010 Share Posted July 25, 2010 In my members table, i have a coloum called 'admin', or 'goldmember'...etc, which if they are a member of that group, they have a '1' in there row under that column. I then use a mysql query such as: <?php session_start(); $username=$_SESSION['username']; $admin=mysql_query("SELECT admin FROM `members` WHERE username='$username'"); $row=(mysql_fetch_row($admin)); if($row!='1'){ header("Location: notadmin.php"); }else { //*ADMIN INFORMATION*// } ?> You can then also save this as 'checkadmin.php' and include it on any page, but remove the else statement. Link to comment https://forums.phpfreaks.com/topic/208846-protecting-pages-made-for-site-administrators/#findComment-1091028 Share on other sites More sharing options...
V Posted July 26, 2010 Author Share Posted July 26, 2010 rascle, thanks for the suggestion! I was considering that as well, hopefully it will be secure. @msaz87, good point. @smonkcaptain,thanks for sharing the code. The header location seems like a good technique. Maybe I can also further protect the admin pages with another password in addition to the user password. Link to comment https://forums.phpfreaks.com/topic/208846-protecting-pages-made-for-site-administrators/#findComment-1091275 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.