Access level question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
scitrenbaum
Forum Newbie
Posts: 1
Joined: Sun Aug 19, 2007 6:19 pm

Access level question

Post by scitrenbaum »

I am producing a password-protected directory for a condo association using PHP/MySQL. Basically I have it set up so the residents can login/edit their info/and view directory. I have an access level set for them as "member". This all works nice and dandy and I am able to pass the user ID. My main issue is for the administrator:

He/she needs to login, add user, delete user, edit all users and view the directory. I am having an issue logging this individual in. So my main issues are as follows:

1) assigning this access level
2) get access level (so the admin can login and view those php files)

Does this make sense? Let me know what code you will need to help me remedy this issue. I would really appreciate any help you could provide me!
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Post by iknownothing »

add a field into your database with "access level". Assign an access level from within your Admin Control Panel or similar for each user (generally, an Admin is created before an install of sorts, to allow them immediate access to the Admin Section, if you create one directly into the database, your hashing will most likely be wrong, and if you leave the admin section 'unlocked' temporarily to create an admin, you leave yourself open to attack.).

get access level of a user upon login. Use cookie or session to hold it, along with the logged in status. Then:

Code: Select all

if ($access_level == 'whateverAdmin'){
//SHOW ADMIN STUFF
}
elseif ($access_level == 'whateverUser'){
//SHOW USER STUFF
}
else{
//LOGIN
}
or something of that nature...
RhapX
Forum Commoner
Posts: 30
Joined: Mon Dec 05, 2005 5:24 pm
Location: Seattle, Washington

Post by RhapX »

Using numbers as access levels instead of text is a better way to go. Also, use the isset() feature for better security.[/url]
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Post by iknownothing »

RhapX wrote:Using numbers as access levels instead of text is a better way to go. Also, use the isset() feature for better security.[/url]
If its Cookies or Session, I think a hashed code would be better actually, a simple number could be easily replicated.
Post Reply