Calgaryalberta Posted February 18, 2008 Share Posted February 18, 2008 I was just curious I have 4 different levels for members on my site. But I have pages that all 4 levels of members can get access too, then I have pages where only members with access levels 3 and 4 can get access too. I was just wondering if anyone knew of a code I could put in the header of each page that checks their if their logged in, and only allows them access to pages that corresponds with their access level. I know its something to do with session_start(), but if anyone knows of any websites that could help me with this, or has any suggestions for a code snippet I could put it, that would be much appreciated! - Thanks Quote Link to comment Share on other sites More sharing options...
Chris92 Posted February 18, 2008 Share Posted February 18, 2008 Erm, a simple if that checks if the loged in session variable is set? if( empty($_SESSION['logged']) ) { die("Please loggin"); } Quote Link to comment Share on other sites More sharing options...
Calgaryalberta Posted February 18, 2008 Author Share Posted February 18, 2008 Yep the login variable is set at 1 I believe, Ill have to confirm it. But yeah I do believe it is set at 1. So this will work to determine if they are logged in. Thank you very much!! What about a script to add on to this, that checks if they are allowed access to that page or not? Or is that more complex? If you know of any easier way to do this, let me know Im open to suggestions. I just figured it would be allot easier to try and get a script to check weather or not they were allowed access to that page as opposed to creating the page over again for 4 different access levels. Quote Link to comment Share on other sites More sharing options...
dave420 Posted February 18, 2008 Share Posted February 18, 2008 Personally, I'd suggest creating a tiny user object (either in a session or reading its data from the session), and then query that with the level of the current page. If the user is not logged in, it could redirect you to a login page, and if they are, it can determine whether to allow the user to view the current page or be given a polite message indicating they can't. Using a user object means you can keep all your authentication code in one place, which is a generally a good idea. <?php $level=3; $_USER=new User(); $_USER->canViewPageLevel($level); /* only executed if the $_USER->canViewPageLevel method didn't interrupt normal play */ ?> That would also make it far easier to automate the authentication process, using an auto_prepend_file or a mod_rewrite to a "base" php script, which could then include other files as needed. Quote Link to comment Share on other sites More sharing options...
Calgaryalberta Posted February 18, 2008 Author Share Posted February 18, 2008 Alright! Thanks, Im going to give that a shot! Ill post here if anything goes wrong! Thanks again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.