Page 1 of 1

prventing from a person to enter to a certain page

Posted: Thu Jun 10, 2004 3:43 pm
by pelegk2
i have a db that tlls me each page by its name its user priviliges need to acces the page!
what is the best way to manage all of this?
to check on each page with the db?or any other way?
thanks in advance
peleg[/big_search]

Be more specific please

Posted: Thu Jun 10, 2004 5:35 pm
by tony_c
You will get better/more responses/help if you are more specific.

Here is a "shot in the dark" that may help you:

When the user logs in, give them a cookie specifying the user's access level...

Code: Select all

setcookie("access_level", $access_level, time() + 14400);
Then, at the top of each page verify the access level...

Code: Select all

$access_level = $HTTP_COOKIE_VARSї'access_level'];

if($access_level != "this_level") {
   echo "You do not have permission to view this page\n";
   exit;
}
For better security, the $access_level should be some random string like a password, instead of something obvious like 1,2,3,"low","medium","high" etc. Hope this helps.

Posted: Thu Jun 10, 2004 5:39 pm
by tim
sessions

cookies

run a query against the stored/logged-in username and make a list of if-statements to allow certain people

or, the more 'professional' way:

make a column in the sql table called admin, set the default to 0 (cant access the page) then when new users sign -up they are viewed as basic, change the value to 1 for they can access that pages.

again, use if-statements.

good luck

Posted: Sun Jun 13, 2004 12:02 am
by pelegk2
first thanks both of u !
second tony_c what do i do if the usercookies are disabled!!!!
and doing

Code: Select all

exit;
is not enough i need to redirect to another page how do i do that?

Posted: Sun Jun 13, 2004 8:59 am
by tim
you can redirect using header() function or Javascript.

if the user cookies are disabled, theres nothing you can do cept warn them that they need to enable cookies. If it dont set, it will act as if they never logged in.

Posted: Sun Jun 13, 2004 9:00 am
by tim
hence why you should use the MySQL to do the handling (as I suggested in my above post)

8)

Posted: Sun Jun 13, 2004 3:00 pm
by d3ad1ysp0rk
*nod*

whoops, im not malcolm ;) :P

tim's way + keep it in a session, then check it like:

Code: Select all

$page_rank = 3;
$user_rank = mysql_result(mysql_query("SELECT rank FROM users WHERE username = {$_SESSION['name']}"), 0,0);
if($user_rank >= $page_rank){
//print page
}
else {
header("Location: errorpage.php");
}

Posted: Tue Jun 15, 2004 4:52 pm
by tim
lol theres the code

:)