Jump to content

hiding a menu option based on user role. Not WP


laflair13

Recommended Posts

I have searched for this but all I can find is an answer if the site is wordpress. I am trying to convert my site to MySQLi

I have 2 roles of users. Admin and SuperAdmin. In my database I have them as roles 1 & 2. I want to hide a menu item based on the role of the user.

LoginForm (On the top)

<?php
  session_start();
  include "includes/class.users.php";
  if(isset($_POST['login'])) {
    $email = $_POST['email'];
    $password = $_POST['password'];
    $users->login($email, $password);
  }
?>

Form Itself

<form method="POST" action="" name="login">
    <div id="wrappermiddle">
    <h2>Login</h2>
                <div id="username_input"> 
                <div id="username_inputleft"></div>
                    <div id="username_inputmiddle">
                    <input name="email" type="text" id="myusername" placeholder="Email Address">
                    <img id="url_user" src="./images/mailicon.png" alt="">      
                    </div><!--ends username_inputmiddle-->
                    <div id="username_inputright"></div>                   
                </div><!--ends username_input-->
                
               <div id="password_input">
                <div id="password_inputleft"></div>
                    <div id="password_inputmiddle">       
                    <input name="password" type="password" id="mypassword" placeholder="Password">
                    <img id="url_password" src="./images/passicon.png" alt="">        
                    </div><!--ends password_inputmiddle-->
                 <div id="password_inputright"></div>
                </div><!--ends password_input-->
    
            <div id="submit"> 
            <input type="image" src="./images/submit.png" name="login" value="Login">      
           </form>
class.users.php
<?php
  include "class.database.php";
  class Users extends Database {
    public function login($email, $password) {
      $stmt = $this->mysqli->prepare("SELECT email, password FROM members WHERE email = ? AND password = ? LIMIT 1");
      $stmt->bind_param('ss', $email, $password);
      $stmt->execute();
      $stmt->bind_result($email, $password);
      $stmt->store_result();
      if($stmt->num_rows == 1) {
        while($stmt->fetch()) {
          session_start();
    $_SESSION['loggedin'] = true;
          header("Location: dashboard.php");
        }
      } else {
          return false;
      }
      $stmt->close();
      $stmt->free_result();
    }
  }
  $users = new users();
?>

Then on my dashboard.php I have this

 

<?PHP
session_start();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
// User still logged
  $role = $row['role'];
// You can then use that variable later in page
// If $role == 1, Admin, show menu, prevent function access, ect
} else {
header ("Location: index.php");
}


if ($_SESSION['role'] == '2') {
       $showdiv = 'super';
    }
    else if ($_SESSION['role'] == '1') {
       $showdiv = 'admin';
    }
    echo "<script type=\"text/javascript\">document.getElementById('".$showdiv."').style.display = 'block';</script>";
?>
<div class="mainbar">
          <div id="super">
             <?php include("supernavbar.php"); ?>
            </div>
          <div id="admin">
             <?php include("navbar.php"); ?>
          </div>
        </div> <!-- /.mainbar -->

I am not understanding how to get the "User Role" into the session. I might not be doing it right in the first place. 

 

Any help would be appreciated.

Link to comment
Share on other sites

The easiest route I can see off hand is:

<?PHP
session_start();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) {
// User still logged
  $role = $row['role'];
// You can then use that variable later in page
// If $role == 1, Admin, show menu, prevent function access, ect
} else {
header ("Location: index.php");
}


if ($_SESSION['role'] == '2') {
       $showdiv = 'supernavbar';
    }
    else if ($_SESSION['role'] == '1') {
       $showdiv = 'navbar';
    }
    //echo "<script type=\"text/javascript\">document.getElementById('".$showdiv."').style.display = 'block';</script>";
?>
<div class="mainbar">
          <div id="menu">
             <?php include($showdiv . '.php'); ?>
          </div>          
</div> <!-- /.mainbar -->
Link to comment
Share on other sites

Something else to consider.  You're using your class like a glorified function.  The class should return an object, like a car or your user...  Then in your login script, you can assign values to the session.  Generally, speaking if you have "privileged" content, you would probably want to store a way of ID'ing the user.  Example: the public might be 1, admin 2, superadmin 3.  

Pseudo table:

user_name | user_cred

public         |  1

admin         |  2

sadmin       |  3

 

So the login script would change this way:

if(isset($_POST['login'])) {
    $email = filter_var($_POST['email'],FILTER_SANITIZE_EMAIL);
    $password = filter_var($_POST['password'],FILTER_SANITIZE_STRING);
    $userObj = new Users();
    $credentials = $userObj->login($email, $password);
  }
if($credentials) $_SESSION['loggedin'] = $credentials['user_cred'];

Then in your class:

if($stmt->num_rows == 1) {
   $credentials = $stmt->fetch_assoc();
}
return $credentials; //prototype Array([email]=>string, [password]=>string, [user_cred]=>int)

Now your have a means to evaluate conditions where users with different loggedin values can access different things.  Hope that help.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.