0

Heres the skinny:
I have created a site with user login that directs the user to a page that only shows thier information pulled from the database. What I want to do now is create an admin side that allows the site owner to be able to use 1 login but be able to administer all the users individually. Example would be to send an invoice for the client to download.

Thanks,
Tim

4
Contributors
7
Replies
9
Views
7 Years
Discussion Span
Last Post by foxwizzy
0

well if you asre using a mysql / sql data base for user auth you can have a feild that says if the user is a admin then you can just have a session that stores that data and use a if statment to display data or not

0
session_start();

if ($_SESSION["user_type"]) {
	Echo " i am a admin ";
}

All that will do is check if $_SESSION has been assigned a value..

If there are more user levels added in the future, this could possibly allow any logged in user to access the admin page. Assign a value to the session var and then check for that value.

0

Ok, so once I am logged in as admin, how does the mysql database know the difference.
I should have stated I am a mysql and asp rookie.

0

The database is not what matters here.

You will either need to make new scripts for the Admin and check within them if the user should have access (By querying the database for the users permissions) or add the code to the existing pages, and then check within them if the user should have access to the admin functions.

You also say that you are an ASP rookie... You are aware this is the PHP forum?

-1

Create the admin page and restrict access to the page based on the level of the loged in user,
some thing lk this

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "2";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>

you need to alter your users table and add a new field "userlevel' or what ever set it to int and default 1, then edit your user to have "userlevel" set to 2
hope it works

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.