Jump to content

How do i check a users level?


Tom8001

Recommended Posts

i need to know how i can check a users level in my login.php page it works i have 

$sql = "SELECT * FROM $tbl_name WHERE username = '$username' AND password='$password'";
	$result = mysql_query($sql);
	$count = mysql_num_rows($result);
	$row = mysql_fetch_assoc($result);
	$user_level = $row['user_level'];

	if($count == 1) {

		$_SESSION['loggedIn'] = true;
		session_write_close();
		header("Location: index.php");

	} else {

		echo "The username or password you entered is incorrect!";
	} if($row['user_level'] == 1) {

		header("Location: admin.php");
		
	} else if($row['user_level'] == -1) {

		header("Location: banned.php");
	}

but i need to know how to check it in another file because it is not working i am trying to add it to admin.php to check the users level & if they are not admin then echo you are not admin.  <-- it says that although the user is an administrator it is saying they are not.

 

This is what i have in admin.php

<?php

require 'connect.php';

session_start();

$sql = "SELECT * FROM $tbl_name WHERE username = '$username' AND password='$password'";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
$user_level = $row['user_level'];

if(!isset($_SESSION['loggedIn'])) {

	echo "You are not currently logged in and to view this page you must be logged in to have access. <a href='login.php'> You can login here </a>";
	die();

} if($row['user_level'] == 1) {

	//DO NOTHING
} else {

	echo "Your not an administrator so you are denied access to this page.";
	die();
}

?>
Link to comment
https://forums.phpfreaks.com/topic/292692-how-do-i-check-a-users-level/
Share on other sites

I made some changes

$sql        = "SELECT * FROM $tbl_name WHERE username = '$username' AND password='$password'";
$result     = mysql_query($sql);
$count      = mysql_num_rows($result);
$row        = mysql_fetch_assoc($result);
$user_level = $row['user_level'];
if ($count == 1) {
   
    $_SESSION['loggedIn'] = true;
   
    if ($row['user_level'] == 1) {
       
        $_SESSION['user_level'] = 1;
       
        header("Location: admin.php");
       
        exit();
    } else if ($row['user_level'] == -1) {
       
        $_SESSION['user_level'] = -1;
       
        header("Location: banned.php");
        exit();
    }

//default user
//setting them a user level?
    header("Location: index.php");
    exit();

} else {
    header("Location: login.php");
    exit();
}

Then the checking session

<?php
session_start();
if (!isset($_SESSION['loggedIn'])) {
   
    echo "You are not currently logged in and to view this page you must be logged in to have access. <a href='login.php'> You can login here </a>";
    die();
}
if ($_SESSION['user_level'] == -1) {
    //banned
    die("You are banned");
}

if ($_SESSION['user_level'] == 1) {
    //admin
    //DO NOTHING
} else {
    //not admin
    echo "Your not an administrator so you are denied access to this page.";
    die();
}
?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.