I have something like this
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="xxxx"; // Database name
$tbl_name="xxxxxx"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$res = mysql_query("SELECT * FROM members WHERE username = '$username' LIMIT 1");
if(mysql_num_rows($res)>0)
{
$d = mysql_fetch_array($res);
if($password == $d['password'])
{
session_regenerate_id(); //security for changing permissions
session_register['id'] = $d['id'];
session_register['access_level'] = $d['access_level'];
switch($d['access_level'])
{
case 1:
$loc = "home.php";
break;
case 2:
$loc = "paramedic.php";
break;
case 3:
$loc = "doctor.php";
break;
case 4:
$loc = "medprac.php";
break;
case 5:
$loc = "wardboss.php";
break;
case 6:
$loc = "consultant.php";
break;
}
header("Location: $loc");
}
}
?>
and this is verry correct I suppose.
But I am having problem locking the pages. I want doctors and admin to have access to all pages while other to their pages only
sparkles_links
0
Newbie Poster
Recommended Answers
Jump to PostIf you use bitwise operators on integers. In your DB or config file:
access_levels
paramedic = 1
wardboss = 2
webadmin = 4
consultant = 8
doctor = 16We can set these as constants in a config file:
define('P',1); define('WB',2); define('WA',4); //etc etcYour DB …
All 4 Replies
diafol
If you use bitwise operators on integers. In your DB or config file:
access_levels
paramedic = 1
wardboss = 2
webadmin = 4
consultant = 8
doctor = 16
We can set these as constants in a config file:
define('P',1);
define('WB',2);
define('WA',4); //etc etc
Your DB users table will just show the user's rights:
user_id |...|rights
3 |...|20
(webadmin + doctor - this user is both)
You can lock down pages by this:
session_start();
$page_protection = 22; //access to wardboss + doctor + webadmin or alternatively below:
//page_protection = WB + D + WA;
if(!isset($_SESSION['rights']) || ($page_protection & $_SESSION['rights']) == 0)header('Location: login.php');
This ideally would also be used with your navbar display script, so that only the pages available to the user would be displayed in the first place.
adam.adamski.96155
commented:
I like this way of separating access levels. I never knew about the bitwise operators, so I went and read about them and learnt a load of stuff.
+1
sparkles_links
0
Newbie Poster
diafol can you please according my codes, I just find out am using some old code in the session
diafol
No. The problem with your code is that it won't allow easy ingress or restriction to pages. That's why I suggested the above. Feel free to ignore by post. Anybody else?
sparkles_links
0
Newbie Poster
Now someone know what I want can I get hel plese
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.