Jump to content

Recommended Posts

Hi guys, I'm fairly new to php so please be gentle ;)

I'm currently building a site thats going to have a staff only area. Now hears the where it gets a bot confusing, I only want one or 2 people when they login to be able to upload files and see the download files as well. (The upload script appends files to the download script). the people uploading are going to be the ones in charge of this area. I've got an idea how to do the if statement side of things to show different bits, I'm just confused as to how to give user's certain access rights...

I'm assuming this will be acheived with a relational database. The other thing as well, is I don't want the user's registering the accounts, I will be adding them in (it's a school site, so don't want the kids getting access ;D).

How would I go about this?

Link to comment
https://forums.phpfreaks.com/topic/86552-user-account-types/
Share on other sites

user_level 1 = user

user_level 2 = admin

 

where user_level is a table on your database

 

Check user_level on login, if they have auth level 2 give them the admin links else give them the standard user links.

 

MAKE SURE you check auth level on all your "restricted pages" if they don't meet the auth level required, either direct them to login if they haven't or tell them they aren't authorized to access that page.

Link to comment
https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-442245
Share on other sites

You could have a field in the members table called mem_admin or maybe mem_can_upload or whatever you need. Then set it to "1" for people you want to have access and "0" otherwise. Then when they log in assign that value to the $_SESSION array... then just check the value of it on any page with restricted access.

 

That's a very basic way of doing it but it will work.

Link to comment
https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-442246
Share on other sites

Have a user_level field as drummer101 say's. At install allocate a superadmin account and set the user_level to 3. Then when others register or are added this user gets to set the user_level for others. Maybe the admin's get to set certain features of registered user accounts. But say admin's can't do full backup's of your database, but are allowed to upload files, but maybe not delete other admin's files only their own, etc, etc...

 

0 = no rights

1 = registered user

2 = admin

3 = superadmin

Link to comment
https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-442253
Share on other sites

user_level 1 = user

user_level 2 = admin

 

where user_level is a table on your database

 

Check user_level on login, if they have auth level 2 give them the admin links else give them the standard user links.

 

MAKE SURE you check auth level on all your "restricted pages" if they don't meet the auth level required, either direct them to login if they haven't or tell them they aren't authorized to access that page.

 

If I made a table called user_level and had another table called staff, how would I go about making it a relational database? Does it need to be in a relational database for that matter?

Link to comment
https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-442255
Share on other sites

Cheers for the advise, I've managed to get it working with a register page now :-).

What I'm trying to do is have a staff area on a school website that only teachers can access.

I will be registering the accounts as I don't want the kids to register and get unauthorised access.

 

Inside the staff area, depending on account level, staff will be able to upload weekly bulitins and other files, and will also be able to download them again.

Other members of staff will only be able to download the uploaded files (so will not be able to see the upload part of the page).

 

I have the upload/download scripts working already, I just need to work out how to make a query to get the user to see what I want them to.

I'm assuming it's going to be an if/else statement...  ???

Link to comment
https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-443131
Share on other sites

CREATE TABLE `school_users` (

   `id` int not null primary key auto_increment,
   `username` varchar(32),
   `password` varchar(40),
   `user_level` int default 1,
);

 

So, simple table. No need for Relationships.

 

In code:

if($db_data['user_level'] >= 1)
{
  //show user menu
}

if($db_data['user_level'] >= 2)
{
  //show admin menu
}

Link to comment
https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-443161
Share on other sites

YAY it's almost working, only bit I'm having problems with, is querying the table to include the username and user level. At the moment I'm using:

<?
  $query="SELECT username AND account FROM users";
  $result=mysql_query($query);
  
  if($query = '1'){
  ?>
   <?php include ("upload.php"); ?>
   <?php include ("download.php"); ?>
<?
   }
   if($query = '2'){
   include 'download.php';
   }
?>

Maybe I'm over complicating things...

Link to comment
https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-443643
Share on other sites

Right, I'm trying this:

<?php
// like i said, we must never forget to start the session
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in']) || $_SESSION['db_is_logged_in'] !== true) {
// not logged in, move to login page
header('Location: login2.php');
exit;
}

$errorMessage = '';
include 'library/config.php';
include 'library/opendb.php';

// check if the user id and password combination exist in database
$admin = "SELECT account FROM users WHERE account = 1";

$result = mysql_query($admin) or die('Query failed. ' . mysql_error());

if($_SESSION['account'] = $admin['account']){
	echo "I am ADMIN";
}
else{
	echo "I am NOT ADMIN";
}

include 'library/closedb.php';

?>

 

It prints "I am ADMIN" for everyone, not just the admins. I'm assuming I'm missing something.

Any help?

Link to comment
https://forums.phpfreaks.com/topic/86552-user-account-types/#findComment-444358
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.