How to declare admin privileges?

[dyr]

I recently hired someone to code a fair amount of my site, the more experienced scripts that I just didn't have time for.  However it's extremely buggy, especially the admin options, and they didn't pay attention to how I represented an administrator in my other codes.  Naturally I'm a bit peeved, but hopefully you guys could help me out?

 

In my users table I have a field called 'level'.  Most users, upon signing up, are at level 0.  The basic members.  However I'd like to make it so that people who are level 1 have admin powers, level 2 have basic moderator powers, etc.  How would I go about implementing that via code?  I'd like it so I could just use the variable $admin in my codes, so like if ($admin) { and show the edit features here }. 

 

But how would I go about identifying if a user is an admin (by checking what level they are in the database)?  I tried this in my headers but I'm pretty sure it's wrong as it's not working:

 

$grab = mysql_query("SELECT `level` FROM users WHERE id='$userfinal' LIMIT 1") or die(mysql_error());
	$grab = mysql_fetch_array($grab);
                $grab['level'];
if ($grab['level'] == 1) { $grab['level'] = $admin; }

[silkfire]

Well if you know admin is level 1, why don't you just make a query: ...WHERE `level` = 1.

 

I don't see the difficulty in this?

[PFMaBiSmAd]

<?php

define('USER_LEVEL',0);
define('ADMIN_LEVEL',1);
define('MOD_LEVEL',2);

$level = USER_LEVEL; // default value

// query for the user's level
$result = mysql_query("SELECT `level` FROM users WHERE id='$userfinal'") or die(mysql_error());
if(mysql_num_rows($result)){
// matched a row
list($level) = mysql_fetch_array($result);
}

// you would test the value in $level to determine what to produce on the page.
if($level == ADMIN_LEVEL){
// produce content for an admin
}

// if you want to produce an $admin variable that is true if the $level == 1 -
$admin = $level == ADMIN_LEVEL ? true : false;

if($admin){
// produce content for an admin
}

[dyr]

The difficulty is... I totally forgot about the where clause, haha.

 

So would this work?:

 

$grab = mysql_query("SELECT `level` FROM users WHERE `level` = 1") or die(mysql_error());
	$grab = mysql_fetch_array($grab);
                $admin = $grab['level'];

// whenever I make admin function use below

if($admin) {
codes }

 

Or would I not need a mysql array since it's only one variable?

[silkfire]

Dunno but your logic seems a bit flawed.

 

1. "SELECT `level` FROM users WHERE `level` = 1" does not make sense. That will give you a bunch of 1's.

2. If you only pick those users with admin privileges, then why do you need "if ($admin)" in the first place?

[.josh]

you should be selecting the level by user name or id or whatever you have that uniquely identifies the user. 

 

..where user_name='$username'

..where user_id='$userid'

 

or however you have it setup. 

[dyr]

Dunno but your logic seems a bit flawed.

 

1. "SELECT `level` FROM users WHERE `level` = 1" does not make sense. That will give you a bunch of 1's.

2. If you only pick those users with admin privileges, then why do you need "if ($admin)" in the first place?

 

Well I'd want to define in my headers what the admin variable is, so then I can just use that variable always in other scripts/pages.

 

 

you should be selecting the level by user name or id or whatever you have that uniquely identifies the user. 

 

..where user_name='$username'

..where user_id='$userid'

 

or however you have it setup. 

 

Alright, thanks, I'll try and incorporate PFMaBiSmAd's suggestions instead then.  I guess I misread the purpose of the WHERE clause.

[dyr]

Thanks, this works like a charm!

[dyr]

Ok, one last question- I want to notify users the status of the users (if they are an admin or mod).  How would I be able to do this?  Since if($admin) shows the information only to admins, not the rest of the public users. 

 

I want it where, on the profile page if the user is an admin to show a public message to everyone on the site, "This user is an admin."

 

Any thoughts about this?  Would I use a $_GET function?