Need some advice

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
User avatar
Rob
Forum Commoner
Posts: 33
Joined: Fri Oct 03, 2003 3:18 pm

Need some advice

Post by Rob »

Ok im gonna code a new user system (I have bandwidth limits now :( )

So I need some advice on the best way to do this. I need to have different level users and all but I can take care of all that. So whats the best way to:

Allow admins to post news
Allow admins to post tutorials
Allow admins to post in other catagorys.

My old method of doing this was a different editor for every catagory (i have a lot of catagorys for them to post in) That included 1 php file to post, 2 files to edit a post, and 1 file to delete a post. I tryed this on my new server and realized it ate all my bandwidth up. So..my question is how can I do this easily with the minimum ammount of files..

1 to post
2 to edit
and 1 to delete.

Each file should work with every catagory instead of having a file for every one..Im not sure if this makes sense to anyone but if somehow you could understand my horrible way of putting it..please help me out. Thanks in advance.
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Without seeing the big picture (the code so far) I think you should be able to manage using only one page. For example, if you use <form>'s and $_POST (preferred) or $_GET you can easely use buttons as;

Code: Select all

<pre>
<?php
    print_r($_POST);
?>
<form method="post">
    <input type="submit" name="what" value="Detete" />
    <input type="submit" name="what" value="Edit" />
    <input type="submit" name="what" value="Add" />
</form>
...just to show a very simple example. The script acts upon what button is pressed.

Hope I was clear enough, and hope I didn't misunderstodd you completely.
User avatar
Rob
Forum Commoner
Posts: 33
Joined: Fri Oct 03, 2003 3:18 pm

Post by Rob »

I kind of understand that, but i was wondering, If I use $GET and then use a simple switch I would be able to specify what table the form goes in right?
mwong
Forum Commoner
Posts: 34
Joined: Sun Dec 28, 2003 2:58 am

Post by mwong »

..Or you could have a hidden field with each form that tells a function which table to use....if you have the name of your forms in an array......yeh..I think you get the point.

--hmm I'm sure a switch would work as well.


:wink:
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Or you could have a hidden field with each form that tells a function which table to use....if you have the name of your forms in an array......yeh..I think you get the point.
That does have security implications - it's easy to edit the content of hidden input fields, hence altering the access rights.

Why not simply have the admin-priviledges stored in a column in the user-database. If a user logs in, his/her priviledges are checked automatically and stored in a $_SESSION variable.

That would make things easier and definitely more secure.
mwong
Forum Commoner
Posts: 34
Joined: Sun Dec 28, 2003 2:58 am

Post by mwong »

True.....but if it had the value of "process1" and went through a function that only took certain inputs...I'm not sure how that would be a security problem........but yeh...you're right =0)
Post Reply