peranha Posted October 21, 2007 Share Posted October 21, 2007 I am woundering if anyone can help me. I am trying to secure a page to only admins, no all registered users. I have a login script in place, and all other pages. I am using PHP 5, Apache 2.2.3, MySQL 5. Here is the table CREATE TABLE `rel_users` ( `userid` int(15) NOT NULL auto_increment COMMENT 'Unique id for user', `username` varchar(50) NOT NULL COMMENT 'Unique Username for user', `password` varchar(50) NOT NULL COMMENT 'Password for user', `firstname` varchar(50) NOT NULL COMMENT 'User First Name', `lastname` varchar(50) NOT NULL COMMENT 'User Last Name', `address` varchar(150) NOT NULL COMMENT 'User Address', `city` varchar(50) NOT NULL COMMENT 'User City', `state` varchar(2) NOT NULL COMMENT 'User State Abbreviation', `zip` varchar(10) NOT NULL COMMENT 'User Zip Code', `phone` varchar(10) NOT NULL COMMENT 'User Phone Number', `date` date NOT NULL COMMENT 'Date User was added', `userlevel` int(10) NOT NULL default '1' COMMENT 'User Level Access', PRIMARY KEY (`userid`) ) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1; I want a user at userlevel 10 to access all pages, and user at userlevel below 10 to not have access to this page. If anyone is willing to help, that would be appreciated. Not sure how to do this in anyway, tried many things, but to no avail. Thanks in advance Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/ Share on other sites More sharing options...
fenway Posted October 22, 2007 Share Posted October 22, 2007 What kinds of things? Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375190 Share on other sites More sharing options...
peranha Posted October 22, 2007 Author Share Posted October 22, 2007 I have an administrator page to see users logged in, block users, change passwords, that sort of thing, and want only administrators with level 10 access to access the page, all other users get an error message. They have their own information page to update info, and dont need to access everyone else's info. I am wounder if there is a way to put something into a session, or cookie such as 10, or admin, and have the page look for that when someone looks at the page, and if that isnt there, to give them an error, or redirect them to another page. As in my database, I have a user level field that admins are level 10, and users are level 1. I did this so I can set different user levels later if needed. Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375486 Share on other sites More sharing options...
fenway Posted October 22, 2007 Share Posted October 22, 2007 Why not check this on the page for the currently loggedin usre? Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375507 Share on other sites More sharing options...
peranha Posted October 22, 2007 Author Share Posted October 22, 2007 That is what I want to do is check to see if the user is level 10 or higher on this page, if level 10, continue, if less level, give error message, but not sure as to how to do this. I am woundering if there is a session, or cookie that i need to add with the value of 10 or something, and how to check for that. Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375566 Share on other sites More sharing options...
peranha Posted October 23, 2007 Author Share Posted October 23, 2007 Got this figured out, had to add // open connection $connection = mysql_connect($server, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); $sql_pass_get = "SELECT * FROM rel_users WHERE username = '$_REQUEST[username]'"; $user_info = mysql_fetch_array(mysql_query($sql_pass_get)); $_SESSION['userlevel'] = $user_info['userlevel']; if ($_SESSION['userlevel'] == 10) { echo "<font color=RED>You are an administrator and have access to this page.</font><br />"; }else { echo die ("<font color=RED>You do not have access to this page, Return to the <a href=home.php>Home</a> Page.</font>"); } To the top of the page. Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375859 Share on other sites More sharing options...
kratsg Posted October 23, 2007 Share Posted October 23, 2007 Why not put this in a class? This way, you can just call up the class, plug in the session info, let the class handle the rest (will cut down a bit on coding). Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-375866 Share on other sites More sharing options...
peranha Posted October 24, 2007 Author Share Posted October 24, 2007 I am new to PHP, and am learning as I go, so that is why I am doing it this way, if you could give me an example of it different, and with shorter code, that would be great. Thanks for the advice as well, I will look into that. Link to comment https://forums.phpfreaks.com/topic/74160-solved-user-access-pages-by-user-level-from-my-sql-database/#findComment-376792 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.