Jump to content

Dealing with three groups of users: non-logged-in, non-admins, admins

cgm225

By cgm225
in PHP Coding Help

 Share

Recommended Posts

cgm225 Advanced Member

cgm225

Posted
Posted

What is the best way to code a page to provide different options (i.e. links) to different types of users (like those outlined in the subject line)?  I want a flexible and reusable method I can use on different pages to provide different links on each page for the different user groups.

 

Related post: http://www.phpfreaks.com/forums/index.php/topic,181489.0.html

cgm225 Advanced Member

cgm225

Posted
  • Author
Posted

That is a good idea.  But if I have many different pages I want to provide different options for, is there a better way to do that?

 

For example, if I have a "user panel," gallery, blog, etc, and I want different options on those different pages for each user group, how can that be done most easily?  Is there a better way with a class or functions that this can be done?

 

Thanks for your help!

phpSensei Advanced Member

phpSensei

Posted
Posted

That is a good idea.  But if I have many different pages I want to provide different options for, is there a better way to do that?

 

For example, if I have a "user panel," gallery, blog, etc, and I want different options on those different pages for each user group, how can that be done most easily?  Is there a better way with a class or functions that this can be done?

 

Thanks for your help!

 

 

You can use SESSIONS for the groups

 

<?php $admins = $_SESSION['group3']; $mods = $_SESSION['group2']; $user = $_SESSION['group1']; if (isset($admins)){ // options to echo } else { // options to echo } ?>

phpSensei Advanced Member

phpSensei

Posted
Posted

Great idea. Thank you.

 

Follow-up.. is that what large site do when managing many different user groups?

 

Thanks again!

 

Forget what i showed you, it was dumb lol. It works, but here is something easier.

 

You can also do

 

<?php
$user_group = $_SESSION['groupID'];

switch ($user_group){


case '1': // USER

    echo "You have USER rights";


  break;
case '2': // MOD

echo "You have MOD RIGHTS";

   break;

case '3': // ADMIN


  echo "You have ADMIN RIGHTS BABY!";

break;

default: 

echo "YOU HAVE USER RIGHTS BOOOOOOOOOOOOOO!";

}
?>

haku Regular Member

haku

Posted
Posted

Just to let you know, storing user's security levels in one session variable is quite unsecure. Hacking session variables is one of the most common net hacks. A hacker hacks into the variable, sees they groupID=1  and just tries groupID=2 or other numbers until they find one that works for them.

 

Ideally, you should give each security level its own separate session variable. And don't call them 'user', 'mod' and 'admin', as anyone who sees they have a session variable name 'user' can probably guess the other two. Call them 'don', 'monkey' and 'pizza' or something. Set the variable equal to anything you want, and just check for its existence. That way if a user hacks into the session variable and sees the variable "don = 2" (2 is arbitrary), they will have no idea of what they need to set in order to get a level of mod or admin.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.