I have a site where users can login with a username and password based on sessions. How would I get it so that out of those users that are logged in, they need to have sufficient permission to view the next directory? I am thinking that in the MySQL database you would put a '1' if they have permission, and a '0' if they dont, but I don't know the php code. Any tuturials for something like this or any help?
Thanks
User permissions
Moderator: General Moderators
When the user logs in have a session variable created that is either a number or name rank ("1, 2, 3 or 4" or "Admin, Mod, Regular") that is taken from the database with the username. Then on the page you want protected, have it check if the user is allowed to access the page.
Code: Select all
<?php
if ($_SESSION['rank'] != "Admin") //if user is not Admin
{
die ("Permission Denied. You are not allowed to access this page.");
}
//or
if ($_SESSION['rank'] <= 2) //if user is not level 3 or 4
{
die ("Permission Denied. You are not allowed to access this page.");
}
?>