laflair13 Posted March 9, 2015 Share Posted March 9, 2015 (edited) I have searched for this but all I can find is an answer if the site is wordpress. I am trying to convert my site to MySQLi I have 2 roles of users. Admin and SuperAdmin. In my database I have them as roles 1 & 2. I want to hide a menu item based on the role of the user. LoginForm (On the top) <?php session_start(); include "includes/class.users.php"; if(isset($_POST['login'])) { $email = $_POST['email']; $password = $_POST['password']; $users->login($email, $password); } ?> Form Itself <form method="POST" action="" name="login"> <div id="wrappermiddle"> <h2>Login</h2> <div id="username_input"> <div id="username_inputleft"></div> <div id="username_inputmiddle"> <input name="email" type="text" id="myusername" placeholder="Email Address"> <img id="url_user" src="./images/mailicon.png" alt=""> </div><!--ends username_inputmiddle--> <div id="username_inputright"></div> </div><!--ends username_input--> <div id="password_input"> <div id="password_inputleft"></div> <div id="password_inputmiddle"> <input name="password" type="password" id="mypassword" placeholder="Password"> <img id="url_password" src="./images/passicon.png" alt=""> </div><!--ends password_inputmiddle--> <div id="password_inputright"></div> </div><!--ends password_input--> <div id="submit"> <input type="image" src="./images/submit.png" name="login" value="Login"> </form> class.users.php <?php include "class.database.php"; class Users extends Database { public function login($email, $password) { $stmt = $this->mysqli->prepare("SELECT email, password FROM members WHERE email = ? AND password = ? LIMIT 1"); $stmt->bind_param('ss', $email, $password); $stmt->execute(); $stmt->bind_result($email, $password); $stmt->store_result(); if($stmt->num_rows == 1) { while($stmt->fetch()) { session_start(); $_SESSION['loggedin'] = true; header("Location: dashboard.php"); } } else { return false; } $stmt->close(); $stmt->free_result(); } } $users = new users(); ?> Then on my dashboard.php I have this <?PHP session_start(); if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) { // User still logged $role = $row['role']; // You can then use that variable later in page // If $role == 1, Admin, show menu, prevent function access, ect } else { header ("Location: index.php"); } if ($_SESSION['role'] == '2') { $showdiv = 'super'; } else if ($_SESSION['role'] == '1') { $showdiv = 'admin'; } echo "<script type=\"text/javascript\">document.getElementById('".$showdiv."').style.display = 'block';</script>"; ?> <div class="mainbar"> <div id="super"> <?php include("supernavbar.php"); ?> </div> <div id="admin"> <?php include("navbar.php"); ?> </div> </div> <!-- /.mainbar --> I am not understanding how to get the "User Role" into the session. I might not be doing it right in the first place. Any help would be appreciated. Edited March 9, 2015 by laflair13 Quote Link to comment https://forums.phpfreaks.com/topic/295200-hiding-a-menu-option-based-on-user-role-not-wp/ Share on other sites More sharing options...
jcbones Posted March 9, 2015 Share Posted March 9, 2015 The easiest route I can see off hand is: <?PHP session_start(); if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) { // User still logged $role = $row['role']; // You can then use that variable later in page // If $role == 1, Admin, show menu, prevent function access, ect } else { header ("Location: index.php"); } if ($_SESSION['role'] == '2') { $showdiv = 'supernavbar'; } else if ($_SESSION['role'] == '1') { $showdiv = 'navbar'; } //echo "<script type=\"text/javascript\">document.getElementById('".$showdiv."').style.display = 'block';</script>"; ?> <div class="mainbar"> <div id="menu"> <?php include($showdiv . '.php'); ?> </div> </div> <!-- /.mainbar --> Quote Link to comment https://forums.phpfreaks.com/topic/295200-hiding-a-menu-option-based-on-user-role-not-wp/#findComment-1507975 Share on other sites More sharing options...
rwhite35 Posted March 10, 2015 Share Posted March 10, 2015 (edited) Something else to consider. You're using your class like a glorified function. The class should return an object, like a car or your user... Then in your login script, you can assign values to the session. Generally, speaking if you have "privileged" content, you would probably want to store a way of ID'ing the user. Example: the public might be 1, admin 2, superadmin 3. Pseudo table: user_name | user_cred public | 1 admin | 2 sadmin | 3 So the login script would change this way: if(isset($_POST['login'])) { $email = filter_var($_POST['email'],FILTER_SANITIZE_EMAIL); $password = filter_var($_POST['password'],FILTER_SANITIZE_STRING); $userObj = new Users(); $credentials = $userObj->login($email, $password); } if($credentials) $_SESSION['loggedin'] = $credentials['user_cred']; Then in your class: if($stmt->num_rows == 1) { $credentials = $stmt->fetch_assoc(); } return $credentials; //prototype Array([email]=>string, [password]=>string, [user_cred]=>int) Now your have a means to evaluate conditions where users with different loggedin values can access different things. Hope that help. Edited March 10, 2015 by rwhite35 Quote Link to comment https://forums.phpfreaks.com/topic/295200-hiding-a-menu-option-based-on-user-role-not-wp/#findComment-1507983 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.