Dealing with three groups of users: non-logged-in, non-admins, admins

[cgm225]

What is the best way to code a page to provide different options (i.e. links) to different types of users (like those outlined in the subject line)?  I want a flexible and reusable method I can use on different pages to provide different links on each page for the different user groups.

 

Related post: http://www.phpfreaks.com/forums/index.php/topic,181489.0.html

[revraz]

Have the different links setup in their own page, call them as a INCLUDE in an IF statement.

[cgm225]

That is a good idea.  But if I have many different pages I want to provide different options for, is there a better way to do that?

 

For example, if I have a "user panel," gallery, blog, etc, and I want different options on those different pages for each user group, how can that be done most easily?  Is there a better way with a class or functions that this can be done?

 

Thanks for your help!

[phpSensei]

That is a good idea.  But if I have many different pages I want to provide different options for, is there a better way to do that?

 

For example, if I have a "user panel," gallery, blog, etc, and I want different options on those different pages for each user group, how can that be done most easily?  Is there a better way with a class or functions that this can be done?

 

Thanks for your help!

 

 

You can use SESSIONS for the groups

 

<?php $admins = $_SESSION['group3']; $mods = $_SESSION['group2']; $user = $_SESSION['group1']; if (isset($admins)){ // options to echo } else { // options to echo } ?>

[cgm225]

Great idea. Thank you.

 

Follow-up.. is that what large site do when managing many different user groups?

 

Thanks again!

[phpSensei]

Great idea. Thank you.

 

Follow-up.. is that what large site do when managing many different user groups?

 

Thanks again!

 

Forget what i showed you, it was dumb lol. It works, but here is something easier.

 

You can also do

 

<?php
$user_group = $_SESSION['groupID'];

switch ($user_group){


case '1': // USER

    echo "You have USER rights";


  break;
case '2': // MOD

echo "You have MOD RIGHTS";

   break;

case '3': // ADMIN


  echo "You have ADMIN RIGHTS BABY!";

break;

default: 

echo "YOU HAVE USER RIGHTS BOOOOOOOOOOOOOO!";

}
?>

[cgm225]

Thank you so much. 

 

So, does the groupID variable then actually equal '1' '2' or '3' and that is how the switch function knows which case to select?

 

Thanks again!

[haku]

Just to let you know, storing user's security levels in one session variable is quite unsecure. Hacking session variables is one of the most common net hacks. A hacker hacks into the variable, sees they groupID=1  and just tries groupID=2 or other numbers until they find one that works for them.

 

Ideally, you should give each security level its own separate session variable. And don't call them 'user', 'mod' and 'admin', as anyone who sees they have a session variable name 'user' can probably guess the other two. Call them 'don', 'monkey' and 'pizza' or something. Set the variable equal to anything you want, and just check for its existence. That way if a user hacks into the session variable and sees the variable "don = 2" (2 is arbitrary), they will have no idea of what they need to set in order to get a level of mod or admin.