access level in php

  • dheerhot
  • Novice
  • Novice
  • User avatar
  • Posts: 34

Post 3+ Months Ago

hello guys i m in a trouble of giving access level for my site....

i want two access levels one for user & 2nd for admin...

i think it will be done by using session but i m not getting how to do tht...
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

You can do that in SESSIONs or checking the access level everytime from your database.

Basically, it would be something like this.

Your database would have a column titled something like 'access_lvl' and in it, you would have a number representing the access level.

Let's say that 1 is admin and 2 is the regular user... everytime you need to show something if it's admin or not, you can do something like the following.
PHP Code: [ Select ]
<?php
$sql = "SELECT access_lvl FROM users WHERE UID = {$user_id}";
$result = mysql_query($sql) or die(mysql_error());
$access_lvl = (string) mysql_fetch_assoc($result);
mysql_free_result($result);
if(isset($_SESSION['logged']))
{
   if($access_lvl == 1)
   {
       // Admin
   }
   else
   {
       // Regular Member
   }
}
 
  1. <?php
  2. $sql = "SELECT access_lvl FROM users WHERE UID = {$user_id}";
  3. $result = mysql_query($sql) or die(mysql_error());
  4. $access_lvl = (string) mysql_fetch_assoc($result);
  5. mysql_free_result($result);
  6. if(isset($_SESSION['logged']))
  7. {
  8.    if($access_lvl == 1)
  9.    {
  10.        // Admin
  11.    }
  12.    else
  13.    {
  14.        // Regular Member
  15.    }
  16. }
  17.  


Hope you understood that :) Good luck.
  • dheerhot
  • Novice
  • Novice
  • User avatar
  • Posts: 34

Post 3+ Months Ago

actually wht, problem is tht i hd created 2 login forms 1st is for user & 2nd is for admin, when a user login thn i don't know how he get able to access the admin area..... & a restricted page of user part opens only when admin login, i think i hv to create 2 different session for user & another for admin... i m giving u a link where this problem is going on..

http://apnahome.in

u will be registered here by clicking below link

http://apnahome.in/home/register.php

this site is in under construction...
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

Can't you just do it the way I told you? That is way easier and requires you to need 1 log-in form... I don't see why you need to do it this way... they way I told you is easier...
  • dheerhot
  • Novice
  • Novice
  • User avatar
  • Posts: 34

Post 3+ Months Ago

thn the problem will not come with my admin section, we can enter there by typing just only "/admin" after the main domain..

so if i will create only one login form then how can i go to admin part, wait a min just try

http://isite.cgdarshan.com/admin //admin level

http://isite.cgdarshan.com/login.php //user level

as u login to user level u'll be able to access the admin part also

try my login username & passwrd tht are username:dheeraj & password:confusion

after u type this type below url tht one is of admin part..

http://isite.cgdarshan.com/admin/home.php
this is another site, but its only a dummy one not actual....
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

No you can't enter the admin section by just entering admin into the form... or after.

What I'm talking about is a regular member system with access level columns defining the access level, and at each page where there are admin stuff to be printed, it would check if the access level is '1', if it is, then echo that, if not, than don't echo that.

It would be a regular user... like as if you registered, except that it woulc have the access level set to one, the other users would have a 2. You can have it in the registration page to set the access level to 2 by default, and as the admin, you could change the access level of users. It's not that hard.

If you have it the way you want it, then any user would be able to get to the ADMIN login form, which wouldn't look too good.

This is one solution to what you want...
  • dark_lord
  • Graduate
  • Graduate
  • User avatar
  • Posts: 162
  • Loc: India-Kolkata

Post 3+ Months Ago

what bogey wants to say is to make a function like
Code: [ Select ]
 
function check_admin($user_id)
{
 $sql = "SELECT access_lvl FROM users WHERE UID = {$user_id}";
 $result = mysql_query($sql) or die(mysql_error());
 $access_lvl = (string) mysql_fetch_assoc($result);
 mysql_free_result($result);
 if(isset($_SESSION['logged']))
 {
     if($access_lvl == 1)
      {
           // Admin pass through
      }
      else
      {
           // Regular Member
           echo "You are not  an admin";//maybe a redirection to main page using <head>tags
           echo "</body>";
           echo "</html>";
           exit();
      }
 }
}
$uid = $_COOKIE["uid"]; //use cookies to store user id after successful authentication and then check for admin level.
check_admin($uid);
 
  1.  
  2. function check_admin($user_id)
  3. {
  4.  $sql = "SELECT access_lvl FROM users WHERE UID = {$user_id}";
  5.  $result = mysql_query($sql) or die(mysql_error());
  6.  $access_lvl = (string) mysql_fetch_assoc($result);
  7.  mysql_free_result($result);
  8.  if(isset($_SESSION['logged']))
  9.  {
  10.      if($access_lvl == 1)
  11.       {
  12.            // Admin pass through
  13.       }
  14.       else
  15.       {
  16.            // Regular Member
  17.            echo "You are not  an admin";//maybe a redirection to main page using <head>tags
  18.            echo "</body>";
  19.            echo "</html>";
  20.            exit();
  21.       }
  22.  }
  23. }
  24. $uid = $_COOKIE["uid"]; //use cookies to store user id after successful authentication and then check for admin level.
  25. check_admin($uid);
  26.  


and then put it globally on every admin pages, thus it will restrict the regular users in accessing the admin pages

////////SECOND METHOD USING SESSION
You may use session variables, but this is much insecure type checking.

In this case you have to associate a session variable like
Code: [ Select ]
$_SESSION["access"] = 1;
for admin and
Code: [ Select ]
$_SESSION["access"] = 0;
for regular member.

so you have to make two log-in forms, in one form after authentication you put session variable(access) as 0(for regular members) and for another form you set session variable(access) as 1(for admins)

again you must put the checking globally on those admin pages. In this case you check the session variables, code will be something like this

Code: [ Select ]
 
$check = $_SESSION["access"];
if($check=="1")
{
    //ADMIN pass
}else
{
    echo "You are not an admin";
    echo "</body></html>";
    exit();
}
 
  1.  
  2. $check = $_SESSION["access"];
  3. if($check=="1")
  4. {
  5.     //ADMIN pass
  6. }else
  7. {
  8.     echo "You are not an admin";
  9.     echo "</body></html>";
  10.     exit();
  11. }
  12.  

:D please take note that i am not that much familiar with session as so i also use bogey's method every time checking with the database. This is just a suggestion if you wanna use sessions instead of MySql database

Post Information

  • Total Posts in this topic: 7 posts
  • Users browsing this forum: No registered users and 65 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.