peranha Posted October 21, 2007 Share Posted October 21, 2007 I am woundering if anyone can help me. I am trying to secure a page to only admins, no all registered users. I have a login script in place, and all other pages. I am using PHP 5, Apache 2.2.3, MySQL 5. Here is the table CREATE TABLE `rel_users` ( `userid` int(15) NOT NULL auto_increment COMMENT 'Unique id for user', `username` varchar(50) NOT NULL COMMENT 'Unique Username for user', `password` varchar(50) NOT NULL COMMENT 'Password for user', `firstname` varchar(50) NOT NULL COMMENT 'User First Name', `lastname` varchar(50) NOT NULL COMMENT 'User Last Name', `address` varchar(150) NOT NULL COMMENT 'User Address', `city` varchar(50) NOT NULL COMMENT 'User City', `state` varchar(2) NOT NULL COMMENT 'User State Abbreviation', `zip` varchar(10) NOT NULL COMMENT 'User Zip Code', `phone` varchar(10) NOT NULL COMMENT 'User Phone Number', `date` date NOT NULL COMMENT 'Date User was added', `userlevel` int(10) NOT NULL default '1' COMMENT 'User Level Access', PRIMARY KEY (`userid`) ) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1; I want a user at userlevel 10 to access all pages, and user at userlevel below 10 to not have access to this page. If anyone is willing to help, that would be appreciated. Not sure how to do this in anyway, tried many things, but to no avail. Thanks in advance Quote Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/ Share on other sites More sharing options...
fenway Posted October 22, 2007 Share Posted October 22, 2007 What kinds of things? Quote Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375190 Share on other sites More sharing options...
peranha Posted October 22, 2007 Author Share Posted October 22, 2007 I have an administrator page to see users logged in, block users, change passwords, that sort of thing, and want only administrators with level 10 access to access the page, all other users get an error message. They have their own information page to update info, and dont need to access everyone else's info. I am wounder if there is a way to put something into a session, or cookie such as 10, or admin, and have the page look for that when someone looks at the page, and if that isnt there, to give them an error, or redirect them to another page. As in my database, I have a user level field that admins are level 10, and users are level 1. I did this so I can set different user levels later if needed. Quote Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375486 Share on other sites More sharing options...
fenway Posted October 22, 2007 Share Posted October 22, 2007 Why not check this on the page for the currently loggedin usre? Quote Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375507 Share on other sites More sharing options...
peranha Posted October 22, 2007 Author Share Posted October 22, 2007 That is what I want to do is check to see if the user is level 10 or higher on this page, if level 10, continue, if less level, give error message, but not sure as to how to do this. I am woundering if there is a session, or cookie that i need to add with the value of 10 or something, and how to check for that. Quote Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375566 Share on other sites More sharing options...
peranha Posted October 23, 2007 Author Share Posted October 23, 2007 Got this figured out, had to add // open connection $connection = mysql_connect($server, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); $sql_pass_get = "SELECT * FROM rel_users WHERE username = '$_REQUEST[username]'"; $user_info = mysql_fetch_array(mysql_query($sql_pass_get)); $_SESSION['userlevel'] = $user_info['userlevel']; if ($_SESSION['userlevel'] == 10) { echo "<font color=RED>You are an administrator and have access to this page.</font><br />"; }else { echo die ("<font color=RED>You do not have access to this page, Return to the <a href=home.php>Home</a> Page.</font>"); } To the top of the page. Quote Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375859 Share on other sites More sharing options...
kratsg Posted October 23, 2007 Share Posted October 23, 2007 Why not put this in a class? This way, you can just call up the class, plug in the session info, let the class handle the rest (will cut down a bit on coding). Quote Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375866 Share on other sites More sharing options...
peranha Posted October 24, 2007 Author Share Posted October 24, 2007 I am new to PHP, and am learning as I go, so that is why I am doing it this way, if you could give me an example of it different, and with shorter code, that would be great. Thanks for the advice as well, I will look into that. Quote Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-376792 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.