metalhead41 Posted January 17, 2008 Share Posted January 17, 2008 Hi guys, I'm fairly new to php so please be gentle I'm currently building a site thats going to have a staff only area. Now hears the where it gets a bot confusing, I only want one or 2 people when they login to be able to upload files and see the download files as well. (The upload script appends files to the download script). the people uploading are going to be the ones in charge of this area. I've got an idea how to do the if statement side of things to show different bits, I'm just confused as to how to give user's certain access rights... I'm assuming this will be acheived with a relational database. The other thing as well, is I don't want the user's registering the accounts, I will be adding them in (it's a school site, so don't want the kids getting access ). How would I go about this? Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/ Share on other sites More sharing options...
drummer101 Posted January 17, 2008 Share Posted January 17, 2008 user_level 1 = user user_level 2 = admin where user_level is a table on your database Check user_level on login, if they have auth level 2 give them the admin links else give them the standard user links. MAKE SURE you check auth level on all your "restricted pages" if they don't meet the auth level required, either direct them to login if they haven't or tell them they aren't authorized to access that page. Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-442245 Share on other sites More sharing options...
Aureole Posted January 17, 2008 Share Posted January 17, 2008 You could have a field in the members table called mem_admin or maybe mem_can_upload or whatever you need. Then set it to "1" for people you want to have access and "0" otherwise. Then when they log in assign that value to the $_SESSION array... then just check the value of it on any page with restricted access. That's a very basic way of doing it but it will work. Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-442246 Share on other sites More sharing options...
tinker Posted January 17, 2008 Share Posted January 17, 2008 Have a user_level field as drummer101 say's. At install allocate a superadmin account and set the user_level to 3. Then when others register or are added this user gets to set the user_level for others. Maybe the admin's get to set certain features of registered user accounts. But say admin's can't do full backup's of your database, but are allowed to upload files, but maybe not delete other admin's files only their own, etc, etc... 0 = no rights 1 = registered user 2 = admin 3 = superadmin Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-442253 Share on other sites More sharing options...
metalhead41 Posted January 17, 2008 Author Share Posted January 17, 2008 user_level 1 = user user_level 2 = admin where user_level is a table on your database Check user_level on login, if they have auth level 2 give them the admin links else give them the standard user links. MAKE SURE you check auth level on all your "restricted pages" if they don't meet the auth level required, either direct them to login if they haven't or tell them they aren't authorized to access that page. If I made a table called user_level and had another table called staff, how would I go about making it a relational database? Does it need to be in a relational database for that matter? Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-442255 Share on other sites More sharing options...
Aureole Posted January 17, 2008 Share Posted January 17, 2008 It doesn't need to be... Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-442259 Share on other sites More sharing options...
tinker Posted January 17, 2008 Share Posted January 17, 2008 depends how you want to access it, if you were using groups and you can be a member of multiple groups i'd definitely say yes, but here I might not. Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-442260 Share on other sites More sharing options...
metalhead41 Posted January 19, 2008 Author Share Posted January 19, 2008 Cheers for the advise, I've managed to get it working with a register page now :-). What I'm trying to do is have a staff area on a school website that only teachers can access. I will be registering the accounts as I don't want the kids to register and get unauthorised access. Inside the staff area, depending on account level, staff will be able to upload weekly bulitins and other files, and will also be able to download them again. Other members of staff will only be able to download the uploaded files (so will not be able to see the upload part of the page). I have the upload/download scripts working already, I just need to work out how to make a query to get the user to see what I want them to. I'm assuming it's going to be an if/else statement... ??? Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-443131 Share on other sites More sharing options...
awpti Posted January 19, 2008 Share Posted January 19, 2008 CREATE TABLE `school_users` ( `id` int not null primary key auto_increment, `username` varchar(32), `password` varchar(40), `user_level` int default 1, ); So, simple table. No need for Relationships. In code: if($db_data['user_level'] >= 1) { //show user menu } if($db_data['user_level'] >= 2) { //show admin menu } Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-443161 Share on other sites More sharing options...
metalhead41 Posted January 19, 2008 Author Share Posted January 19, 2008 YAY it's almost working, only bit I'm having problems with, is querying the table to include the username and user level. At the moment I'm using: <? $query="SELECT username AND account FROM users"; $result=mysql_query($query); if($query = '1'){ ?> <?php include ("upload.php"); ?> <?php include ("download.php"); ?> <? } if($query = '2'){ include 'download.php'; } ?> Maybe I'm over complicating things... Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-443643 Share on other sites More sharing options...
metalhead41 Posted January 20, 2008 Author Share Posted January 20, 2008 Right, I'm trying this: <?php // like i said, we must never forget to start the session session_start(); // is the one accessing this page logged in or not? if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) { // not logged in, move to login page header('Location: login2.php'); exit; } $errorMessage = ''; include 'library/config.php'; include 'library/opendb.php'; // check if the user id and password combination exist in database $admin = "SELECT account FROM users WHERE account = 1"; $result = mysql_query($admin) or die('Query failed. ' . mysql_error()); if($_SESSION['account'] = $admin['account']){ echo "I am ADMIN"; } else{ echo "I am NOT ADMIN"; } include 'library/closedb.php'; ?> It prints "I am ADMIN" for everyone, not just the admins. I'm assuming I'm missing something. Any help? Quote Link to comment https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-444358 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.