[SOLVED] User Access pages by user level from My SQL database

[peranha]

I am woundering if anyone can help me.  I am trying to secure a page to only admins, no all registered users.  I have a login script in place, and all other pages.  I am using PHP 5, Apache 2.2.3, MySQL 5.  Here is the table

 

CREATE TABLE `rel_users` (

  `userid` int(15) NOT NULL auto_increment COMMENT 'Unique id for user',

  `username` varchar(50) NOT NULL COMMENT 'Unique Username for user',

  `password` varchar(50) NOT NULL COMMENT 'Password for user',

  `firstname` varchar(50) NOT NULL COMMENT 'User First Name',

  `lastname` varchar(50) NOT NULL COMMENT 'User Last Name',

  `address` varchar(150) NOT NULL COMMENT 'User Address',

  `city` varchar(50) NOT NULL COMMENT 'User City',

  `state` varchar(2) NOT NULL COMMENT 'User State Abbreviation',

  `zip` varchar(10) NOT NULL COMMENT 'User Zip Code',

  `phone` varchar(10) NOT NULL COMMENT 'User Phone Number',

  `date` date NOT NULL COMMENT 'Date User was added',

  `userlevel` int(10) NOT NULL default '1' COMMENT 'User Level Access',

  PRIMARY KEY  (`userid`)

) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1;

 

I want a user at userlevel 10 to access all pages, and user at userlevel below 10 to not have access to this page.

 

If anyone is willing to help, that would be appreciated.  Not sure how to do this in anyway, tried many things, but to no avail.

 

Thanks in advance

[fenway]

What kinds of things?

[peranha]

I have an administrator page to see users logged in, block users, change passwords, that sort of thing, and want only administrators with level 10 access to access the page, all other users get an error message.  They have their own information page to update info, and dont need to access everyone else's info.  I am wounder if there is a way to put something into a session, or cookie such as 10, or admin, and have the page look for that when someone looks at the page, and if that isnt there, to give them an error, or redirect them to another page.  As in my database, I have a user level field that admins are level 10, and users are level 1.  I did this so I can set different user levels later if needed. 

[fenway]

Why not check this on the page for the currently loggedin usre?

[peranha]

That is what I want to do is check to see if the user is level 10 or higher on this page, if level 10, continue, if less level, give error message, but not sure as to how to do this.  I am woundering if there is a session, or cookie that i need to add with the value of 10 or something, and how to check for that.

[peranha]

Got this figured out, had to add

 

// open connection

$connection = mysql_connect($server, $user, $pass) or die ("Unable to connect!");

 

// select database

mysql_select_db($db) or die ("Unable to select database!");

 

$sql_pass_get = "SELECT * FROM rel_users WHERE username = '$_REQUEST[username]'";

$user_info = mysql_fetch_array(mysql_query($sql_pass_get));

 

$_SESSION['userlevel'] = $user_info['userlevel'];

 

if ($_SESSION['userlevel'] == 10) {

    echo "<font color=RED>You are an administrator and have access to this page.</font><br />";

}else {

echo die ("<font color=RED>You do not have access to this page, Return to the <a href=home.php>Home</a> Page.</font>");

}

 

To the top of the page.

[kratsg]

Why not put this in a class? This way, you can just call up the class, plug in the session info, let the class handle the rest (will cut down a bit on coding).

[peranha]

I am new to PHP, and am learning as I go, so that is why I am doing it this way, if you could give me an example of it different, and with shorter code, that would be great.  Thanks for the advice as well, I will look into that.