My forum system uses numbers for it's permissions: 1-Admin 2-Mod (3-9)-Unassigned 10-Regular User
Here is the code to determine access to post a topic:
Code: Select all
$board_id = $_GET['board_id'];
$page_title = "Post Topic";
$sql_accessquery = mysql_query("SELECT UserLevels_Auth FROM post_board WHERE BoardID = '".$board_id."'");
$sql_accessrow = mysql_fetch_assoc($sql_accessquery);
$page_access = $sql_accessrow["UserLevels_Auth"];Code: Select all
checkLogin($page_access);Code: Select all
function checkLogin($levels) {
if ($levels == 0) {$access = TRUE;}
else {
if($user_loggedin = FALSE) {$access = FALSE; echo "test2";}
else {
$user_accessid = $_SESSION['user_id'];
$kt = split(' ', $levels);
$query_pageaccess = mysql_query("SELECT UserLevel FROM user_db WHERE UserName = '".$user_accessid."'");
$row_pageaccess = mysql_fetch_assoc($query_pageaccess);
$access = FALSE;
while(list($key, $val)=each($kt)) {
if($val = $row_pageaccess[1]) {$access = TRUE;} }
}
}
}Edit: Another problem I might have is the session storing on my login page. Is this the correct way to assign session variables?
Code: Select all
$_SESSION['user_id'] = $login_row['UserName'];
$_SESSION['logged_in'] = TRUE;
echo "<tr><td align='center'>You have logged in sucesfully.</td></tr>";
redirect("index.php");