Jump to content

navigation based off of user access level

CincoPistolero

By CincoPistolero
in PHP Coding Help

Recommended Posts

CincoPistolero Member

CincoPistolero

Posted
Posted

I have a two navigation menus. One for super users(accessLevel=1) in users table and one for regular users (accessLevel=2) in users table. It all works fine except for when I try to do modifications to users. When I do this, my next call to the users table resets the accessLevel to whomever I am editing, so when I log in as super user and select a regular user to edit, it changes my menu, and who it thinks I am. I then tried using $_SESSION, but that also changes to the new uses accessLevel when I select him.

 

I would like to be able to have two different levels of users login and yet maintain the different navigations based on the accessLevel for each. This all works fine until I try to edit users.

 

This code is what I have in the header

<?php if ($_SESSION["accessLevel"] == 1){?>
    <script type="text/javascript" src="../data.js"></script>
  <?php } else { ?>
    <script type="text/javascript" src="../dataUser.js"></script> 
  <?php } ?>

 

This is my session_start() function

session_start();

if (!isset($_SESSION['userName']) || !isset($_SESSION['password'])) {
$logged_in = 0;
return;
} else {

// remember, $_SESSION['password'] will be encrypted.

if(!get_magic_quotes_gpc()) {
	$_SESSION['userName'] = addslashes($_SESSION['userName']);
}


// addslashes to session userName before using in a query.
$pass = $db_object->query("SELECT password FROM users WHERE userName = '".$_SESSION['userName']."'");

if(DB::isError($pass)) {
	$logged_in = 0;
	unset($_SESSION['userName']);
	unset($_SESSION['password']);
	// kill incorrect session variables.
}

$db_pass = $pass->fetchRow();

// now we have encrypted pass from DB in 
//$db_pass['password'], stripslashes() just incase:

$db_pass['password'] = stripslashes($db_pass['password']);
$_SESSION['password'] = stripslashes($_SESSION['password']);



//compare:



if($_SESSION['password'] == $db_pass['password']) { 
	// valid password for userName
	$logged_in = 1; // they have correct info
				// in session variables.
} else {
	$logged_in = 0;
	unset($_SESSION['userName']);
	unset($_SESSION['password']);
	// kill incorrect session variables.
}
}


// clean up
unset($db_pass['password']);

$_SESSION['userName'] = stripslashes($_SESSION['userName']);

?>

 

Here is sample code of where it changes from logged in user to selected user

<?php 
/* Player Specific Information Query =========================================================================*/
$queryusers = "SELECT * FROM users WHERE userID='$userID' ";
$usersresult = mysql_query($queryusers) or die ("Error in query: $queryusers. " . mysql_error());
$usersrow= mysql_fetch_array($usersresult);
extract($usersrow);
?>

<?php echo 'The content of the session is:' .$_SESSION['userName'].'<br />'; ?>
  <?php echo 'The access level of the session is: ' .$_SESSION['accessLevel']. '<br />'; ?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.