Admin permissions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Nay
Forum Regular
Posts: 951
Joined: Fri Jun 20, 2003 11:03 am
Location: Brisbane, Australia

Admin permissions

Post by Nay »

Hey,

how would I go about making two or three admin permissions for a portal admin. Say there's pages:

- Upload files (upload.php)
- Post news (news.php)
- Add/Remove Affiliates (affiliates.php)
- View/Delete Comments (comments.php)

They're all in a directory, protected from direct access using .htaccess (Thanks to Jason :D). Anyhow, there's a main.php which will include the panel required. The user logs in with a login.html. Username and Password is verified via MySQL. Then the username is registered into a session.

Now, let's say I make ranks. Full Admin, News Admin and Moderator.

The full admin gets access to everything. News, can add and remove news, and also comments. Moderator will just have control over news.

I'm thinkin if the user tries to go to main.php?panel=affiliates. Then it checks it gets the username from the session, then connects to mysql, then gets the rank. If the rank is Mod, or NewsAdmin, then you get redirected to a 403 (lol, Access denied page).

Is there a better way of going about it? How about if I only want the admin to be limited from certain things, not the whole panel.

Thanks,

-Nay
tsg
Forum Contributor
Posts: 142
Joined: Sun Jan 12, 2003 9:22 pm
Location: SE, Alabama
Contact:

Post by tsg »

I would suggest you have a different rank .. for example, when setting the session variables ... also set something like access_level=1 .. access_level=2 ... etc

In the admin area, use something like if($access_level < 3) { do whatever } .. depending on what you want them to have access to.

Make since?
Nay
Forum Regular
Posts: 951
Joined: Fri Jun 20, 2003 11:03 am
Location: Brisbane, Australia

Post by Nay »

Oh yeah, that's a solution. Wonder why I've not thought of it before :lol:. I'll register the admin rank in the session. Then I can check the variable and include the accessible page, if not it'll redirect to the 403 page.

I have a new questions. Anyhow, I want to make a customizable template kind of thing. The HTML are stored in .tpl files. Say comments.tpl has:

Code: Select all

<p>
&#123;comment&#125;
</p>
Okay, now I have the comments.php. It'll display the comments using the template from comments.tpl. How would I go about replacing the {comment} with the actual comment in a mysql_fetch_array loop?

Yes, I have tried str_replace.

-Nay
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Recent discussion on this viewtopic.php?t=12801.

I wouldn't recommend user_level > 3 type solutions since I don't think they are very flexible or maintainable.

Best way is to set up a fully normalised, relational database and get busy with some JOIN queries.

http://www.oreilly.de/catalog/javadtabp ... r/ch02.pdf
Aaron
Forum Commoner
Posts: 82
Joined: Sun May 12, 2002 2:51 pm

Post by Aaron »

index.php - a template with php_index.php where content displayed.

php_index.php has the following in it.

Code: Select all

if (!isset ($section))
	{include("pages/forumz/index.php");}


// LOGINS
	elseif
	($section == "login") 
	{include("pages/login/login.php");}
	elseif
	($section == "logging_in") 
	{include("pages/login/logging_in.php");}
Included in index.php is an access file which has the following.

Code: Select all

if(isset($_COOKIE['username']) && isset($_COOKIE['password'])) 
	{$query = mysql_query("SELECT uid, username, password, status FROM unz_users WHERE username = '" . $_COOKIE['username'] . "' AND password = '" . $_COOKIE['password'] . "'"); 
	$auth = mysql_fetch_object($query); 

	$user_properties['username'] = $auth->username; 
	$user_properties['uid'] = $auth->uid;
	$user_properties['status_id'] = $auth->status;}
Now you can either have the following in the php_index or in the page it calls up.

Code: Select all

if($user_properties['status_id'] >= 2)
	{if
	($section == "add_forum") 
	{include("pages/forumz/admin/add/index.php");}
	elseif
	($section == "adding_forum") 
	{include("pages/forumz/admin/add/adding.php");}
	elseif
	($section == "edit_forum") 
	{include("pages/forumz/admin/edit/index.php");}
	elseif
	($section == "editing_forum") 
	{include("pages/forumz/admin/edit/editing.php");}
	elseif
	($section == "delete_forum") 
	{include("pages/forumz/admin/delete/index.php");}
	elseif
	($section == "admin_forum") 
	{include("pages/forumz/admin/index.php");}
Post Reply