Jump to content

User control, viewing certain pages by checking role against database

BennyDoesIt

By BennyDoesIt
in PHP Coding Help

 Share

Recommended Posts

BennyDoesIt Newbie

BennyDoesIt

Posted
Posted

Hi, 

 

I am having trouble with this code and would like to see if anyone can help me. 

 

I have been trying to write a bit of code that would check in the database if the users role is either admin or something else. and then allow them to view the page or show a message stating "they are not the admin"

 

Heres is the code. 

<?php
require("head.php");
include("navbar.php");
require("common.php");
{
        $query = " 
            SELECT 
                id, 
                username, 
                password, 
                salt, 
                email,
		role
            FROM users 
            WHERE 
                username = :username
        "; 

		        $query_params = array( 
            'role' => $_POST['role'] 
        );

        $row = $stmt->fetch(); 
		
$_SESSION['role'] = $row;



if($_SESSION["role"]=='admin'){
  echo "<h1 class='container well'>YOU ARE IN!</h1>";
} else {
  echo "<h1 class='container well'>you need the admin role!!!!</h1>";
}

}




include("footer.php");
?>

I think I have mucked this up completely and might be writing the wrong thing? or I am missing a big chunk.

 

Any help would be much appreciated. 

mac_gyver Prolific Member

mac_gyver

Posted
Posted (edited)

where to begin....

 

you need to start with the stated goal for that block of code - check in the database if the users role is either admin or something else. i would restate this as - retrieve the currently logged in user's role in a php variable for use on the current page. and why do i suggest that. a user's role could be changed at any time. you would want that change to take effect on the next page request after the change.

 

next you need to define what (relevant) inputs you have available - i recommend using the user id (it will result in the fastest query, since you will be running this query on any page that needs to check the user's role.)

 

also, you appear to be trying to use a PDO prepared query. i recommend you study the documentation or some tutorials first, as you will need to know how to prepare a query, bind the input data, run the query, and fetch the result, at all, before you can do these things with your data. the code you posted isn't close.

 

then, you can write and test the code needed to accomplish just the state goal. once you have retrieve the currently logged in user's role in a php variable, you can test it's value it in the remainder of the code on the page.

Edited by mac_gyver
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.