z4z07 Posted October 29, 2014 Share Posted October 29, 2014 Hi guys, in my database i have the table called users, where i have 5 fields (id, username, email, password, user_level) - for the user_level field i have 2 options administrator and editor. What i want to do is that when the user who is logged in have administrator in the user_level field to see all the pages from backend, and the user who have in the user_level field editor to see only some of the pages from the backend such as newsletter, or messages. I hope you understand what i'm asking if not fell free to ask me if you need more specific details. I tried to make a php page called access.php wher i put the following code, but not working <?php session_start(); $sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id"); $user_level = $mysqli->query($sql); echo $user_level; if ($user_level !="administrator") { echo "You are not the proper user type to view this page"; die(); } ?> Hope you can help me. Thx in advance for help. Quote Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/ Share on other sites More sharing options...
Gaab Posted October 29, 2014 Share Posted October 29, 2014 Hey, <?php session_start(); $sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id"); $user_level = $mysqli->query($sql); echo $user_level; if ($user_level !="administrator" || $user_level !="editor") { die("You are not the proper user type to view this page"); } if ($user_level =="administrator"){ echo"See all of the Page"; exit; } if ($user_level =="editor"){ echo"See only newsletter in this Page"; exit; } ?> Is this what you mean? Quote Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495164 Share on other sites More sharing options...
z4z07 Posted October 29, 2014 Author Share Posted October 29, 2014 Hey, <?php session_start(); $sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id"); $user_level = $mysqli->query($sql); echo $user_level; if ($user_level !="administrator" || $user_level !="editor") { die("You are not the proper user type to view this page"); } if ($user_level =="administrator"){ echo"See all of the Page"; exit; } if ($user_level =="editor"){ echo"See only newsletter in this Page"; exit; } ?> Is this what you mean? Something like that, but except administrator part. Forget the adminsitrator part because he can see al the pages. What i want to do is to put the code into a .php page called access.php and include this page in the pages that i want to protect from the user who have user_level = editor. So i want that the users who have user_level = editor to see only the pages that i've not included the script - the pages that are accesible for every one. For example: i have pages admin.php, pages.php, newsletter.php and messages.php - the admin can view all the pages, but the editor can view online admin.php and newsletter.php, so for that i must include the script in the rest of the pages messages.php and pages.php to restrict access for users that are logged in with user_level = editor. Quote Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495167 Share on other sites More sharing options...
Gaab Posted October 29, 2014 Share Posted October 29, 2014 (edited) Okay, This is access.php: <?php // Include here your Database session_start(); $sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id"); $user_level = $mysqli->query($sql); echo $user_level; if ($user_level =="editor") {$user_wert = "1";} if ($user_level =="admin") {$user_wert = "2";} ?> You take in the .php Files: <?php include 'access.php'; // only Admin: if($user_wert == "2") // This is the Query for the Admin { echo "This Looks only the Admin"; exit; } else { die("No Admin"); } // only Editor: if($user_wert == "1") // This is the Query for the Editor { echo "This Looks only the Editors"; exit; } else { die("No Editor"); } // If you want a Page for Admin and Editor say: if($user_wert >= "1") // This is the Query for the Editor and Admins ( All Ranks over the Number "1") { echo "This Looks only the Editors or Admins"; exit; } else { die("You a normal User."); } ?> I use for If Query's only numbers. You can say, the "normal" User is number 0. Edited October 29, 2014 by Gaab Quote Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495169 Share on other sites More sharing options...
z4z07 Posted October 29, 2014 Author Share Posted October 29, 2014 Not working ... If i logged in with a user who have user_level = admin or user_level = editor shows only No Admin. In the pages.php file i've put the following code: <?php include '_inc/access.php'; ?> <?php // only Admin: if($user_wert == "2") // This is the Query for the Admin { echo "This Looks only the Admin"; exit; } else { die("No Admin"); } ?> In this page i want only the admin to see it. Quote Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495172 Share on other sites More sharing options...
z4z07 Posted October 30, 2014 Author Share Posted October 30, 2014 Any help... please... Quote Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495218 Share on other sites More sharing options...
tryingtolearn Posted October 30, 2014 Share Posted October 30, 2014 Are you sure the path to access.php is correct? <?php include '_inc/access.php'; ?> Quote Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495220 Share on other sites More sharing options...
z4z07 Posted October 30, 2014 Author Share Posted October 30, 2014 Are you sure the path to access.php is correct? <?php include '_inc/access.php'; ?> Yes. Why? You say that may be the problem??? Quote Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495223 Share on other sites More sharing options...
tryingtolearn Posted October 30, 2014 Share Posted October 30, 2014 Maybe, it should at least echo $user_level if its being included. not just No Admin Quote Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495224 Share on other sites More sharing options...
jazzman1 Posted October 30, 2014 Share Posted October 30, 2014 Go back to your first posting code: <?php session_start(); $sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id"); $user_level = $mysqli->query($sql); echo $user_level; if ($user_level !="administrator") { echo "You are not the proper user type to view this page"; die(); } Have you tried to foreach the values for every row, before using some if / else statement block? Quote Link to comment https://forums.phpfreaks.com/topic/292140-restrict-user-access-in-backend-for-specific-pages/#findComment-1495226 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.