andy_b_1502 Posted April 7, 2012 Share Posted April 7, 2012 Hi, I have an admin area to update users detials etc.. I want this area to be secure so only admins can access it, Currently anyone and everyone can access the page. <?PHP session_start(); /* really need to use a session variable to insure authorized to be here */ include ('db.php'); /* ======================================== 99% of the time it is better to put your query in a string. It makes debugging much easier ======================================== */ $query = "SELECT * FROM companies"; $result = mysql_query($query ) or die("SELECT Error: ".mysql_error()); $num_rows = mysql_num_rows($result); /* ======================================== I find it easier to locate problems if I indent code properly and drop out of PHP if there are large sections of html ======================================== */ ?> <br><br><br>There are <?PHP echo $num_rows; ?> removalspace users so far.<P> <table width="819" height="114"> <tr> <th>Company Name</th> <th>Contact Name</th> <th>Contact Number</th> <th>Email</th> <th>Address Line 1</th> <th>Address Line 2</th> <th>Location</th> <th>Postcode</th> <th>Basic Members</th> <th>Upgraded Users</th> <th>Company Logo</th> <th>Approved</th> </tr> <tr> <td colspan="6"></td> </tr> <?PHP while ( $row = mysql_fetch_array($result, MYSQL_ASSOC )) { ?> <tr> <td><?PHP echo $row['company_name']; ?></td> <td><?PHP echo $row['contact_name']; ?></td> <td><?PHP echo $row['phone']; ?></td> <td><?PHP echo $row['email']; ?></td> <td><?PHP echo $row['street1']; ?></td> <td><?PHP echo $row['street2']; ?></td> <td><?PHP echo $row['location']; ?></td> <td><?PHP echo $row['postcode']; ?></td> <td><?PHP echo $row['basicpackage_description']; ?></td> <td><?PHP echo $row['premiumuser_description']; ?></td> <?PHP /* ======================================== I presume you want to show the thumb version here ======================================== */ ?> <td><img src="images/thumbs/<?PHP echo $row['upload']; ?>" alt="logo"/></td> </tr> <tr> <td colspan="10"> <table> <tr> <td>Current level = <?PHP echo $row['approved']; ?></td> <td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=1">Level 1 - Free</a></td> <td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=2">Level 2 - Basic</a></td> <td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=3">Level 3 - Premium</a></td> <td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=0">Level 0 - Do Not Display</a></td> </tr> </table> </tr> <?PHP } echo "</table>"; ?></table> i know it's something like: <?php session_start(); if(isset($_SESSION " but dont know how to finish it correctly? " ?> Link to comment https://forums.phpfreaks.com/topic/260510-sessions/ Share on other sites More sharing options...
NLT Posted April 7, 2012 Share Posted April 7, 2012 You should have a column in a users table or something, to show which level/rank they are. You can then create a SESSION for the user, check the session with the database to see if the user is a level to access administrative things. Link to comment https://forums.phpfreaks.com/topic/260510-sessions/#findComment-1335210 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.