stublackett Posted March 14, 2008 Share Posted March 14, 2008 Hi, I've got 3 userlevels setup in a Database they are as follows UserLevel 1 : Student UserLevel 2 : Teacher UserLevel 3 : Superuser I have a news page, I'd like the Students to be able to "Read More" and obviously read the news item. But I'd also like the Teacher & Superuser to be able to Edit and Delete the News Item as and when they wish to do so Here is my PHP Code, I'm using }if($userlevel == "2"){ }else if ($userlevel == "3"){ in the code, But its actually blocking the Edit & Delete options for the Teachers' and Superusers' aswell Any ideas on what I can do? Heres my code <?php #news-index.php By Stuart Blackett include("dbconnect.php"); $result = mysql_query("SELECT *, DATE_FORMAT( time, '%D %M %Y @ %H:%i' )AS uk_date FROM $db_table ORDER BY time DESC LIMIT 2",$connect); //Limit news items to 3 while($myrow = mysql_fetch_assoc($result)) {//begin of loop //now print the results: echo "<hr>"; echo "<br>"; echo "<b> News Title:</b> "; echo $myrow['title']; echo "<br><br><b>News Posted On :</b> "; echo $myrow['uk_date']; echo "<br> <br>"; echo "<b><td>News Description :</b><br><br></td>"; echo $myrow['description']; echo "<br>"; echo "<hr>"; // Now print the options to (Read,Edit & Delete the news) echo "<br><a href=\"read_more.php?newsid=$myrow[newsid]\">Read More </a>"; }if($userlevel == "2"){ }else if ($userlevel == "3"){ echo "|| <a href=\"add_news.php\">Add News </a>"; echo "|| <a href=\"edit_news.php?newsid=$myrow[newsid]\">Edit </a>"; echo "|| <a href=\"delete_news.php?newsid=$myrow[newsid]\">Delete </a><br><br>"; } ?> Quote Link to comment Share on other sites More sharing options...
jkewlo Posted March 14, 2008 Share Posted March 14, 2008 }if($userlevel == "2"){ echo (<a href=links.php); etc... Quote Link to comment Share on other sites More sharing options...
AdRock Posted March 14, 2008 Share Posted March 14, 2008 Are you storing the user level in a session? Quote Link to comment Share on other sites More sharing options...
stublackett Posted March 14, 2008 Author Share Posted March 14, 2008 Yeah, The userlevel is stored in a session }if($userlevel == "2"){ That works for a teacher, They can now see the Edit & Delete options I just need it to work for both Teacher and Superuser Quote Link to comment Share on other sites More sharing options...
mainewoods Posted March 14, 2008 Share Posted March 14, 2008 use the php logical or (||) operator: if ($userlevel == "2" || $userlevel == "3"){ echo "|| <a href=\"add_news.php\">Add News </a>"; echo "|| <a href=\"edit_news.php?newsid=$myrow[newsid]\">Edit </a>"; echo "|| <a href=\"delete_news.php?newsid=$myrow[newsid]\">Delete </a><br><br>"; } Quote Link to comment Share on other sites More sharing options...
AdRock Posted March 14, 2008 Share Posted March 14, 2008 You could have a function like this function is_authed_admin() { if (isset($_SESSION['user_level'])) { return true; } else { return false; } } and at the top of the page have something like this if (!is_authed_admin()) { header('Location: index.php'); } This makes sure the user has a sufficient user level otherwise it will redirect the user Quote Link to comment Share on other sites More sharing options...
OkBoy Posted March 14, 2008 Share Posted March 14, 2008 Could also do something like: if ($userlevel >="2"){ echo "|| <a href=\"add_news.php\">Add News </a>"; echo "|| <a href=\"edit_news.php?newsid=$myrow[newsid]\">Edit </a>"; echo "|| <a href=\"delete_news.php?newsid=$myrow[newsid]\">Delete </a><br><br>"; } Just make sure your higher level accounts do get all the rights of lower level accounts and you are set! Quote Link to comment Share on other sites More sharing options...
stublackett Posted March 14, 2008 Author Share Posted March 14, 2008 Thanks for your help gents! The >= I should have used, As a programmer I should have followed those principles I've used the PHP Operators of || and that works fine and dandy, Thanks again Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.