Would an array do the trick?

[penguin0]

I am once again trying to hide a row of mysql output if a variable is false.

 

$result = mysql_query( "SELECT number, name, link, view, isparent, private FROM menu WHERE private = 1 ORDER BY position" );
$num_rows = mysql_num_rows( $result );

print "<table width=\"156\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"ptable\">";
while ( $row = mysql_fetch_array( $result ) ) {

$mnumber = $row['number'];
$mname = $row['name'];
$mlink = $row['link'];
$misparent = $row['isparent'];
$mprivate = $row['private'];
$mview = $row['view'];

if ($misparent == "0") {
$starttag = "<td class=\"off\" onmouseover=\"this.className=\" onmouseout=\"this.className=\" height=\"30\" align=\"left\" valign=\"middle\"><a href=\"/romac$mlink\" class=\"left_menu_text\">";
$endtag = "</a></td></tr>";
} else {

$starttag = "<th><br />";
$endtag = "<br /><br /></th></tr>";
}

$menu_block .= "
<tr>$starttag$mname$endtag";

 

mview = the word "admin" lets say, and the check if the current user has the perm admin would be $admin, returning a 0 or 1.

 

I need to hide a whole table row if the user does not have the correct view perm.  How is the best way to do this?

 

the perms are:

 

$admin

$pageman

$menuman

$userman

$rateman

$users

 

the view columns for the menu are the var without the $...

 

please help!

 

[btherl]

How do you know if a particular view permission allows viewing of a given row?  Or are you asking how to implement that?

[Barand]

The best way to hide them is not to select them in the first place. Select those rows where the user has permission.

[penguin0]

what would the mysql statement look like then?  SELECT * from menu WHERE view =?

 

the problem is I have to hide certain menu items, not rows.  I have the menus entered into the database.

 

Hers is the mysql dump (some of it) maybe this will help you understand how I am doing it?

Table structure for table `menu`

CREATE TABLE `menu` (
  `number` mediumint(4) NOT NULL auto_increment,
  `name` varchar(15) NOT NULL default '',
  `link` varchar(40) default NULL,
  `position` tinyint(2) NOT NULL default '0',
  `isparent` tinyint(1) NOT NULL default '0',
  `private` tinyint(1) NOT NULL default '0',
  `view` varchar(15) NOT NULL default 'users',
  `modified` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
  PRIMARY KEY  (`number`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=22 ;


-- Dumping data for table `menu`


INSERT INTO `menu` VALUES (1, 'Romac Express', '', 1, 1, 1, 'users', '2007-05-20 20:28:00');
INSERT INTO `menu` VALUES (2, 'Welcome', '/index2.php', 2, 0, 1, 'users', '2007-05-20 12:21:31');
INSERT INTO `menu` VALUES (20, 'Profile', '/profile.php', 3, 0, 1, 'users', '2007-05-20 15:12:41');

[trq]

Depending on how your table is setup soemthing like...

 

SELECT * from menu WHERE view = 'admin';

 

Should select all the menu items an admin can view. If not, your table seems to be incorrectly desinged. can we see your table structure?

[penguin0]

also $admin has to be a 1 value if the mysql would be WHERE view = admin

[trq]

also $admin has to be a 1 value if the mysql would be WHERE view = admin

 

Sorry... I'm not sure what that meens. What is wrong with the query I have posted?

[penguin0]

$admin is the variable which will be 0 or 1 depending on if a user viewing the menu has the perm to view that menu where in the database it will say view and  have a value of admin

[trq]

Sorry, but that kind of logic makes no sense especially with your code (I dont see that variable anywhere).

 

I'll ask again, what is wrong with the query I provided? It selects only the records that someone with a view value equal to admin would be allowed to view.

[penguin0]

the query you provided would show every menu item with a view of admin, but I want people that are not admins to not be able to see that.

 

here is the code for selecting the current logged in user's permissions:

 

 

$result = mysql_query( "SELECT * FROM users WHERE session = '$userssession'" );
$num_rows = mysql_num_rows( $result );

while ( $a_row = mysql_fetch_array( $result ) ) {
$usersid = $a_row['id'];
$usersname = $a_row['name'];
$usersposition = $a_row['position'];
$usersusername = $a_row['username'];
$usersemail = $a_row['email'];
$userscreated = $a_row['created'];
$usersidle = $a_row['idle'];
$online = $a_row['online'];
$admin = $a_row['admin'];
$pageman = $a_row['pageman'];
$userman = $a_row['userman'];
$rateman = $a_row['rateman'];
$menuman = $a_row['menuman'];
$users = $a_row['users'];

}

 

[trq]

So which field is the users permissions? And is this then stored in a session?

 

The query should simply be something like....

 

$sql = "SELECT * FROM menu WHERE view = '{$_SESSION['perms']}'";

 

Thats the logic I would use anyway.

[penguin0]

I store the bool value of these:

 

$admin

$users

$pageman

$userman

$menuman

$rateman

 

in the database, how do I convert all those into a session?

[trq]

So you have a seperate field for each permission? Thats a real roundabout way of doing things and means a single simple query can not really be perfomed to bring up the desired menu.

 

Sessions are a whole other issue... how (if at all) are you logging your users in?

[penguin0]

yes I have a seperate field for each permission in the users table.

 

login process is like this:

 

<?
if ((!$_POST[username]) || (!$_POST[password])) {
echo "please enter both Username and Pass";
exit;

}

$time = time();			// not really constants, but stuff used for all pages
$datetime = date('r');
$cookie = $_COOKIE;

function randomize ()
{
mt_srand((double)microtime()*1000000);
}
$sql = "SELECT * FROM users WHERE username = \"$_POST[username]\" AND password = md5(\"$_POST[password]\")";
$result = @mysql_query($sql, $link) or die(mysql_error());
$num = mysql_num_rows($result);

if ($num != 0) {

setcookie("romacuser",$_POST[username],0);
$session = md5($time.$_POST[username].mt_rand());
setcookie("romacsession",$session,0);
$ssession = md5($session);

$sql = "UPDATE users SET session = '$ssession', online = 1, idle = '$time' WHERE username = '$_POST[username]'";
$result = @mysql_query($sql, $link) or die(mysql_error());

header("Location: index2.php");
} else {
$msg = "<font color=\"red\" size=\"4\">Invalid Username and/or Password!</font>";

}
?>

[trq]

yes I have a seperate field for each permission in the users table.

 

Thats a shame. It doesn't make alot of sense to do it htat way because now you need to check multiple fields instead of one.

[penguin0]

no problem, do you know of a better way?  If I call it $perms how would I store all the values in it?  (an array)?

[trq]

Sorry.. Im still a little lost as to how your doing this.

 

Do you mean to say the value of the field menuman hols the permissions for the menu?

 

If so.. all you would need to do is store this value in a session upon login (or even a cookie if you like). Then, when you need to query the database for the menu you would use...

 

$sql = "SELECT * FROM menu WHERE view = '{$_SESSION['menuman']}'";

 

or something simular.

[penguin0]

$menuman would be a 1 or 0 based on wether the current user has ther permission, so $menuman is the value for only 1 permission. 

 

They all are:

$admin

$users

$pageman

$userman

$menuman

$rateman

[trq]

Yes, but your question relates only to the menu.

[penguin0]

menu is a table in which certain rows will have a view of admin, menuman, userman and so on.  users is the table that has the perms as fields:  admin, userman, and so on.

 

$admin is the var from users

 

$mview will print the words users, or admin, or menuman based on what the "view" of that link is set to.

 

 

[trq]

Sorry, but that really is an ilogical way of doing it. It just makes no sense, or at least I can't follow how the data relates.

 

May I suggest finding some tutorials on database normalization techniques.

[penguin0]

What is a better way of doing it?  Could I get a better example than someone telling me it is illogical?

[penguin0]

Does no other moderator / PHP guru understand what I am doing?

 

I have all my links in a table, I am trying to hide one or more of the links by checking for the users permissions, which are stored in the variables:

 

$admin

$users

$pageman

$userman

$menuman

$rateman

[Barand]

Here's an alternative method

 

<?php 
$admin        = 32;
$pageman      = 16;
$menuman      = 8;
$userman      = 4;
$rateman      = 2;
$users        = 1;

/**
* Now, if an option is available to admin, pageman and menuman
*/
$perms = $admin + $pageman + $menuman;

/**
* if you are an admin, with userlevel 32
*/
$userlevel = $admin;
$can_view = $perms & $userlevel;
echo "<br>Admin : ";
echo $can_view ? 'Can view' : 'No can view';             // can view

/**
* but if you are a user
*/
$userlevel = $user;
$can_view = $perms & $userlevel;
echo "<br>User : " ;
echo $can_view ? 'Can view' : 'No can view';            // no can view
?>

[penguin0]

Thank you barand, I will try this when I get home.  I did not think of adding "permlevels" togather to get a userlevel.  So for the SQL it would be  WHERE view = "what?"  Could this work with my current menu database, or do I need to change something?

 

menu database:

 

Table structure for table `menu`

CREATE TABLE `menu` (
  `number` mediumint(4) NOT NULL auto_increment,
  `name` varchar(15) NOT NULL default '',
  `link` varchar(40) default NULL,
  `position` tinyint(2) NOT NULL default '0',
  `isparent` tinyint(1) NOT NULL default '0',
  `private` tinyint(1) NOT NULL default '0',
  `view` varchar(15) NOT NULL default 'users',
  `modified` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
  PRIMARY KEY  (`number`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=22 ;


-- Dumping data for table `menu`


INSERT INTO `menu` VALUES (1, 'Romac Express', '', 1, 1, 1, 'users', '2007-05-20 20:28:00');
INSERT INTO `menu` VALUES (2, 'Welcome', '/index2.php', 2, 0, 1, 'users', '2007-05-20 12:21:31');
INSERT INTO `menu` VALUES (20, 'Profile', '/profile.php', 3, 0, 1, 'users', '2007-05-20 15:12:41');