BennyDoesIt Posted September 30, 2013 Share Posted September 30, 2013 Hi, I am having trouble with this code and would like to see if anyone can help me. I have been trying to write a bit of code that would check in the database if the users role is either admin or something else. and then allow them to view the page or show a message stating "they are not the admin" Heres is the code. <?php require("head.php"); include("navbar.php"); require("common.php"); { $query = " SELECT id, username, password, salt, email, role FROM users WHERE username = :username "; $query_params = array( 'role' => $_POST['role'] ); $row = $stmt->fetch(); $_SESSION['role'] = $row; if($_SESSION["role"]=='admin'){ echo "<h1 class='container well'>YOU ARE IN!</h1>"; } else { echo "<h1 class='container well'>you need the admin role!!!!</h1>"; } } include("footer.php"); ?> I think I have mucked this up completely and might be writing the wrong thing? or I am missing a big chunk. Any help would be much appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/282555-user-control-viewing-certain-pages-by-checking-role-against-database/ Share on other sites More sharing options...
mac_gyver Posted September 30, 2013 Share Posted September 30, 2013 (edited) where to begin.... you need to start with the stated goal for that block of code - check in the database if the users role is either admin or something else. i would restate this as - retrieve the currently logged in user's role in a php variable for use on the current page. and why do i suggest that. a user's role could be changed at any time. you would want that change to take effect on the next page request after the change. next you need to define what (relevant) inputs you have available - i recommend using the user id (it will result in the fastest query, since you will be running this query on any page that needs to check the user's role.) also, you appear to be trying to use a PDO prepared query. i recommend you study the documentation or some tutorials first, as you will need to know how to prepare a query, bind the input data, run the query, and fetch the result, at all, before you can do these things with your data. the code you posted isn't close. then, you can write and test the code needed to accomplish just the state goal. once you have retrieve the currently logged in user's role in a php variable, you can test it's value it in the remainder of the code on the page. Edited September 30, 2013 by mac_gyver Quote Link to comment https://forums.phpfreaks.com/topic/282555-user-control-viewing-certain-pages-by-checking-role-against-database/#findComment-1451836 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.