Jump to content

User control, viewing certain pages by checking role against database


BennyDoesIt

Recommended Posts

Hi, 

 

I am having trouble with this code and would like to see if anyone can help me. 

 

I have been trying to write a bit of code that would check in the database if the users role is either admin or something else. and then allow them to view the page or show a message stating "they are not the admin"

 

Heres is the code. 

<?php
require("head.php");
include("navbar.php");
require("common.php");
{
        $query = " 
            SELECT 
                id, 
                username, 
                password, 
                salt, 
                email,
		role
            FROM users 
            WHERE 
                username = :username
        "; 

		        $query_params = array( 
            'role' => $_POST['role'] 
        );

        $row = $stmt->fetch(); 
		
$_SESSION['role'] = $row;



if($_SESSION["role"]=='admin'){
  echo "<h1 class='container well'>YOU ARE IN!</h1>";
} else {
  echo "<h1 class='container well'>you need the admin role!!!!</h1>";
}

}




include("footer.php");
?>

I think I have mucked this up completely and might be writing the wrong thing? or I am missing a big chunk.

 

Any help would be much appreciated. 

Link to comment
Share on other sites

where to begin....

 

you need to start with the stated goal for that block of code - check in the database if the users role is either admin or something else. i would restate this as - retrieve the currently logged in user's role in a php variable for use on the current page. and why do i suggest that. a user's role could be changed at any time. you would want that change to take effect on the next page request after the change.

 

next you need to define what (relevant) inputs you have available - i recommend using the user id (it will result in the fastest query, since you will be running this query on any page that needs to check the user's role.)

 

also, you appear to be trying to use a PDO prepared query. i recommend you study the documentation or some tutorials first, as you will need to know how to prepare a query, bind the input data, run the query, and fetch the result, at all, before you can do these things with your data. the code you posted isn't close.

 

then, you can write and test the code needed to accomplish just the state goal. once you have retrieve the currently logged in user's role in a php variable, you can test it's value it in the remainder of the code on the page.

Edited by mac_gyver
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.