z4z07 Posted October 29, 2014 Share Posted October 29, 2014 Hi guys, in my database i have the table called users, where i have 5 fields (id, username, email, password, user_level) - for the user_level field i have 2 options administrator and editor. What i want to do is that when the user who is logged in have administrator in the user_level field to see all the pages from backend, and the user who have in the user_level field editor to see only some of the pages from the backend such as newsletter, or messages. I hope you understand what i'm asking if not fell free to ask me if you need more specific details. I tried to make a php page called access.php wher i put the following code, but not working <?php session_start(); $sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id"); $user_level = $mysqli->query($sql); echo $user_level; if ($user_level !="administrator") { echo "You are not the proper user type to view this page"; die(); } ?> Hope you can help me. Thx in advance for help. Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/ Share on other sites More sharing options...
Gaab Posted October 29, 2014 Share Posted October 29, 2014 Hey, <?php session_start(); $sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id"); $user_level = $mysqli->query($sql); echo $user_level; if ($user_level !="administrator" || $user_level !="editor") { die("You are not the proper user type to view this page"); } if ($user_level =="administrator"){ echo"See all of the Page"; exit; } if ($user_level =="editor"){ echo"See only newsletter in this Page"; exit; } ?> Is this what you mean? Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495164 Share on other sites More sharing options...
z4z07 Posted October 29, 2014 Author Share Posted October 29, 2014 Hey, <?php session_start(); $sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id"); $user_level = $mysqli->query($sql); echo $user_level; if ($user_level !="administrator" || $user_level !="editor") { die("You are not the proper user type to view this page"); } if ($user_level =="administrator"){ echo"See all of the Page"; exit; } if ($user_level =="editor"){ echo"See only newsletter in this Page"; exit; } ?> Is this what you mean? Something like that, but except administrator part. Forget the adminsitrator part because he can see al the pages. What i want to do is to put the code into a .php page called access.php and include this page in the pages that i want to protect from the user who have user_level = editor. So i want that the users who have user_level = editor to see only the pages that i've not included the script - the pages that are accesible for every one. For example: i have pages admin.php, pages.php, newsletter.php and messages.php - the admin can view all the pages, but the editor can view online admin.php and newsletter.php, so for that i must include the script in the rest of the pages messages.php and pages.php to restrict access for users that are logged in with user_level = editor. Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495167 Share on other sites More sharing options...
Gaab Posted October 29, 2014 Share Posted October 29, 2014 Okay, This is access.php: <?php // Include here your Database session_start(); $sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id"); $user_level = $mysqli->query($sql); echo $user_level; if ($user_level =="editor") {$user_wert = "1";} if ($user_level =="admin") {$user_wert = "2";} ?> You take in the .php Files: <?php include 'access.php'; // only Admin: if($user_wert == "2") // This is the Query for the Admin { echo "This Looks only the Admin"; exit; } else { die("No Admin"); } // only Editor: if($user_wert == "1") // This is the Query for the Editor { echo "This Looks only the Editors"; exit; } else { die("No Editor"); } // If you want a Page for Admin and Editor say: if($user_wert >= "1") // This is the Query for the Editor and Admins ( All Ranks over the Number "1") { echo "This Looks only the Editors or Admins"; exit; } else { die("You a normal User."); } ?> I use for If Query's only numbers. You can say, the "normal" User is number 0. Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495169 Share on other sites More sharing options...
z4z07 Posted October 29, 2014 Author Share Posted October 29, 2014 Not working ... If i logged in with a user who have user_level = admin or user_level = editor shows only No Admin. In the pages.php file i've put the following code: <?php include '_inc/access.php'; ?> <?php // only Admin: if($user_wert == "2") // This is the Query for the Admin { echo "This Looks only the Admin"; exit; } else { die("No Admin"); } ?> In this page i want only the admin to see it. Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495172 Share on other sites More sharing options...
z4z07 Posted October 30, 2014 Author Share Posted October 30, 2014 Any help... please... Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495218 Share on other sites More sharing options...
tryingtolearn Posted October 30, 2014 Share Posted October 30, 2014 Are you sure the path to access.php is correct? <?php include '_inc/access.php'; ?> Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495220 Share on other sites More sharing options...
z4z07 Posted October 30, 2014 Author Share Posted October 30, 2014 Are you sure the path to access.php is correct? <?php include '_inc/access.php'; ?> Yes. Why? You say that may be the problem??? Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495223 Share on other sites More sharing options...
tryingtolearn Posted October 30, 2014 Share Posted October 30, 2014 Maybe, it should at least echo $user_level if its being included. not just No Admin Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495224 Share on other sites More sharing options...
jazzman1 Posted October 30, 2014 Share Posted October 30, 2014 Go back to your first posting code: <?php session_start(); $sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id"); $user_level = $mysqli->query($sql); echo $user_level; if ($user_level !="administrator") { echo "You are not the proper user type to view this page"; die(); } Have you tried to foreach the values for every row, before using some if / else statement block? Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495226 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.