I am producing a password-protected directory for a condo association using PHP/MySQL. Basically I have it set up so the residents can login/edit their info/and view directory. I have an access level set for them as "member". This all works nice and dandy and I am able to pass the user ID. My main issue is for the administrator:
He/she needs to login, add user, delete user, edit all users and view the directory. I am having an issue logging this individual in. So my main issues are as follows:
1) assigning this access level
2) get access level (so the admin can login and view those php files)
Does this make sense? Let me know what code you will need to help me remedy this issue. I would really appreciate any help you could provide me!
Access level question
Moderator: General Moderators
- iknownothing
- Forum Contributor
- Posts: 337
- Joined: Sun Dec 17, 2006 11:53 pm
- Location: Sunshine Coast, Australia
add a field into your database with "access level". Assign an access level from within your Admin Control Panel or similar for each user (generally, an Admin is created before an install of sorts, to allow them immediate access to the Admin Section, if you create one directly into the database, your hashing will most likely be wrong, and if you leave the admin section 'unlocked' temporarily to create an admin, you leave yourself open to attack.).
get access level of a user upon login. Use cookie or session to hold it, along with the logged in status. Then:
or something of that nature...
get access level of a user upon login. Use cookie or session to hold it, along with the logged in status. Then:
Code: Select all
if ($access_level == 'whateverAdmin'){
//SHOW ADMIN STUFF
}
elseif ($access_level == 'whateverUser'){
//SHOW USER STUFF
}
else{
//LOGIN
}- iknownothing
- Forum Contributor
- Posts: 337
- Joined: Sun Dec 17, 2006 11:53 pm
- Location: Sunshine Coast, Australia