i got 3 users to be registered in the registration form through radio button admin,manager and employee... after registration of a admin the other 2 raadio buttons shud only enable in the registration form...

admin shud be disable............

how to implement this in php...........

do u have sample code..its very messy
i need the exact code........

Member Avatar

diafol

I don't understand why you're giving a registering user the choice of which level to enter - surely this is a security flaw?
If this is a publically viewable form, it could be easily spoofed in order to send data with 'admin' enabled/selected.

I was going to post the code, but then, I saw your reply. Try it yourself first - don't be lazy! :)

hmm....please can u send me the code..i tried but...

Member Avatar

diafol

If you tried, show us what you got. This is a help forum, not a free lunch forum.

If the form is only for an admin to fill out, I don't see why you need the admin radio option in the first place, as he/she will have registered as an admin SOMEHOW already.

//submit form get the data etc...
$buttons = array("button1" => 0, "button2" = 1);

foreach($buttons as $key => $but){
   if($but == 1){
      echo "<input type="radio" name='" . $key . "' disabled='disabled'/>"
   }else{
      echo "<input type="radio"  name='" . $key . "' /> &&"<input type="radio"  name='" . $key . "' />
   }
}

is this correct code????

i gave name as role and value as 1 for admin

Member Avatar

diafol

how about:

<?php
if(!admin_exists){
  echo '<input name="level" id="adminlevel" type="radio" value="2" /> <label for="adminlevel">admin</label>';
}
?>
<input name="level" id="manlevel" type="radio" value="1" /> <label for="manlevel">manager</label>
<input name="level" id="employeelevel" type="radio" value="0" /> <label for="employeelevel">employee</label>

That should work for a secured form (if only an admin can get at it). HOWEVER, using plaintext or integer values is dangerous if not, as anybody can spoof a form and send it as an admin (even if they're not).

One way to prevent this is to hash the values with something like this:

$adminhash = md5('thisisadmin97531');
// so then
if(!admin_exists){
  echo '<input name="level" id="adminlevel" type="radio" value="' . $adminhash . '" /> <label for="adminlevel">admin</label>';
}

You then need to check on form handling for $_POST - use a switch or if/elseif/else... to check for accepted values, which are:

eb9ef3335cf3726752e8008b5bbe9b74 (admin)
1 (manager)
0 (employee)

But this is pretty hypothetical as we don't know HOW this is being used. As I said, individuals should never be allowed to enter their level of access/rights/permissions.

I agree this is going to cause serious problems allowing users to be any level they wish!!!! The site will not last more than a week online with that security!!!

(wht i have to give for admin_exists for and $adminhash = md5('thisisadmin97531');

if(!admin_exists){
  echo '<input name="level" id="adminlevel" type="radio" value="2" /> <label for="adminlevel">admin</label>';
}
Member Avatar

diafol

Before you ask any more questions about the code. Answer my question - how is this going to be used and by whom? This will enable us to answer you correctly. At the moment I can only guess at what you wish to achieve.