Using IF's to restrict users from seeing certain things...?

[stublackett]

Hi,

 

I've got 3 userlevels setup in a Database they are as follows

• UserLevel 1 : Student
  
• UserLevel 2 : Teacher
  
• UserLevel 3 : Superuser
  

 

I have a news page, I'd like the Students to be able to "Read More" and obviously read the news item. But I'd also like the Teacher & Superuser to be able to Edit and Delete the News Item as and when they wish to do so

 

Here is my PHP Code, I'm using

}if($userlevel == "2"){             

}else if ($userlevel == "3"){

 

in the code, But its actually blocking the Edit & Delete options for the Teachers' and Superusers' aswell

 

Any ideas on what I can do?

 

Heres my code

<?php #news-index.php By Stuart Blackett

include("dbconnect.php");

        $result = mysql_query("SELECT *, DATE_FORMAT( time, '%D %M %Y @ %H:%i' )AS uk_date FROM $db_table ORDER BY time DESC LIMIT 2",$connect);
                //Limit news items to 3

        while($myrow = mysql_fetch_assoc($result))
              
             {//begin of loop

               //now print the results:
              echo "<hr>";
              
              echo "<br>";
        
               echo "<b> News Title:</b> ";

               echo $myrow['title'];

               echo "<br><br><b>News Posted On :</b> ";

               echo $myrow['uk_date'];
		         
               echo "<br> <br>";
		         
		         echo "<b><td>News Description :</b><br><br></td>";
		         
               echo $myrow['description'];
   			       
                echo "<br>";
                
                echo "<hr>";

               // Now print the options to (Read,Edit & Delete the news)

               echo "<br><a href=\"read_more.php?newsid=$myrow[newsid]\">Read More </a>";
               
}if($userlevel == "2"){               
}else if ($userlevel == "3"){
                            
			        echo "|| <a href=\"add_news.php\">Add News </a>";
			   
                echo "|| <a href=\"edit_news.php?newsid=$myrow[newsid]\">Edit </a>";

                echo "|| <a href=\"delete_news.php?newsid=$myrow[newsid]\">Delete </a><br><br>";
			 				  
             }
?>  

[jkewlo]

 

}if($userlevel == "2"){               
echo (<a href=links.php);
etc...

[AdRock]

Are you storing the user level in a session?

[stublackett]

Yeah, The userlevel is stored in a session

 

}if($userlevel == "2"){

 

That works for a teacher, They can now see the Edit & Delete options

 

I just need it to work for both Teacher and Superuser

[mainewoods]

use the php logical or (||) operator:

if ($userlevel == "2" ||  $userlevel == "3"){               
    echo "|| <a href=\"add_news.php\">Add News </a>";
     echo "|| <a href=\"edit_news.php?newsid=$myrow[newsid]\">Edit </a>";
    echo "|| <a href=\"delete_news.php?newsid=$myrow[newsid]\">Delete </a><br><br>";
			 				  
}

[AdRock]

You could have a function like this

 

function is_authed_admin()
{
     if (isset($_SESSION['user_level']))
     {
          return true;
     }
     else
     {
          return false;
     }
}

 

and at the top of the page have something like this

if (!is_authed_admin())
    {
header('Location: index.php');
    }

 

This makes sure the user has a sufficient user level otherwise it will redirect the user

[OkBoy]

Could also do something like:

 

if ($userlevel >="2"){               
    echo "|| <a href=\"add_news.php\">Add News </a>";
     echo "|| <a href=\"edit_news.php?newsid=$myrow[newsid]\">Edit </a>";
    echo "|| <a href=\"delete_news.php?newsid=$myrow[newsid]\">Delete </a><br><br>";
							  
}

 

Just make sure your higher level accounts do get all the rights of lower level accounts and you are set!

[stublackett]

Thanks for your help gents!

 

The >= I should have used, As a programmer I should have followed those principles

 

I've used the PHP Operators of || and that works fine and dandy, Thanks again