Page 1 of 1

Access level question

Posted: Sun Aug 19, 2007 6:20 pm
by scitrenbaum
I am producing a password-protected directory for a condo association using PHP/MySQL. Basically I have it set up so the residents can login/edit their info/and view directory. I have an access level set for them as "member". This all works nice and dandy and I am able to pass the user ID. My main issue is for the administrator:

He/she needs to login, add user, delete user, edit all users and view the directory. I am having an issue logging this individual in. So my main issues are as follows:

1) assigning this access level
2) get access level (so the admin can login and view those php files)

Does this make sense? Let me know what code you will need to help me remedy this issue. I would really appreciate any help you could provide me!

Posted: Sun Aug 19, 2007 6:40 pm
by iknownothing
add a field into your database with "access level". Assign an access level from within your Admin Control Panel or similar for each user (generally, an Admin is created before an install of sorts, to allow them immediate access to the Admin Section, if you create one directly into the database, your hashing will most likely be wrong, and if you leave the admin section 'unlocked' temporarily to create an admin, you leave yourself open to attack.).

get access level of a user upon login. Use cookie or session to hold it, along with the logged in status. Then:

Code: Select all

if ($access_level == 'whateverAdmin'){
//SHOW ADMIN STUFF
}
elseif ($access_level == 'whateverUser'){
//SHOW USER STUFF
}
else{
//LOGIN
}
or something of that nature...

Posted: Sun Aug 19, 2007 9:08 pm
by RhapX
Using numbers as access levels instead of text is a better way to go. Also, use the isset() feature for better security.[/url]

Posted: Sun Aug 19, 2007 9:31 pm
by iknownothing
RhapX wrote:Using numbers as access levels instead of text is a better way to go. Also, use the isset() feature for better security.[/url]
If its Cookies or Session, I think a hashed code would be better actually, a simple number could be easily replicated.