Page 1 of 1
prventing from a person to enter to a certain page
Posted: Thu Jun 10, 2004 3:43 pm
by pelegk2
i have a db that tlls me each page by its name its user priviliges need to acces the page!
what is the best way to manage all of this?
to check on each page with the db?or any other way?
thanks in advance
peleg[/big_search]
Be more specific please
Posted: Thu Jun 10, 2004 5:35 pm
by tony_c
You will get better/more responses/help if you are more specific.
Here is a "shot in the dark" that may help you:
When the user logs in, give them a cookie specifying the user's access level...
Code: Select all
setcookie("access_level", $access_level, time() + 14400);
Then, at the top of each page verify the access level...
Code: Select all
$access_level = $HTTP_COOKIE_VARSї'access_level'];
if($access_level != "this_level") {
echo "You do not have permission to view this page\n";
exit;
}
For better security, the $access_level should be some random string like a password, instead of something obvious like 1,2,3,"low","medium","high" etc. Hope this helps.
Posted: Thu Jun 10, 2004 5:39 pm
by tim
sessions
cookies
run a query against the stored/logged-in username and make a list of if-statements to allow certain people
or, the more 'professional' way:
make a column in the sql table called admin, set the default to 0 (cant access the page) then when new users sign -up they are viewed as basic, change the value to 1 for they can access that pages.
again, use if-statements.
good luck
Posted: Sun Jun 13, 2004 12:02 am
by pelegk2
first thanks both of u !
second tony_c what do i do if the usercookies are disabled!!!!
and doing
is not enough i need to redirect to another page how do i do that?
Posted: Sun Jun 13, 2004 8:59 am
by tim
you can redirect using header() function or Javascript.
if the user cookies are disabled, theres nothing you can do cept warn them that they need to enable cookies. If it dont set, it will act as if they never logged in.
Posted: Sun Jun 13, 2004 9:00 am
by tim
hence why you should use the MySQL to do the handling (as I suggested in my above post)

Posted: Sun Jun 13, 2004 3:00 pm
by d3ad1ysp0rk
*nod*
whoops, im not malcolm
tim's way + keep it in a session, then check it like:
Code: Select all
$page_rank = 3;
$user_rank = mysql_result(mysql_query("SELECT rank FROM users WHERE username = {$_SESSION['name']}"), 0,0);
if($user_rank >= $page_rank){
//print page
}
else {
header("Location: errorpage.php");
}
Posted: Tue Jun 15, 2004 4:52 pm
by tim
lol theres the code
