Page 1 of 1

Need some advice

Posted: Tue Dec 30, 2003 6:20 pm
by Rob
Ok im gonna code a new user system (I have bandwidth limits now :( )

So I need some advice on the best way to do this. I need to have different level users and all but I can take care of all that. So whats the best way to:

Allow admins to post news
Allow admins to post tutorials
Allow admins to post in other catagorys.

My old method of doing this was a different editor for every catagory (i have a lot of catagorys for them to post in) That included 1 php file to post, 2 files to edit a post, and 1 file to delete a post. I tryed this on my new server and realized it ate all my bandwidth up. So..my question is how can I do this easily with the minimum ammount of files..

1 to post
2 to edit
and 1 to delete.

Each file should work with every catagory instead of having a file for every one..Im not sure if this makes sense to anyone but if somehow you could understand my horrible way of putting it..please help me out. Thanks in advance.

Posted: Thu Jan 01, 2004 4:28 am
by JAM
Without seeing the big picture (the code so far) I think you should be able to manage using only one page. For example, if you use <form>'s and $_POST (preferred) or $_GET you can easely use buttons as;

Code: Select all

<pre>
<?php
    print_r($_POST);
?>
<form method="post">
    <input type="submit" name="what" value="Detete" />
    <input type="submit" name="what" value="Edit" />
    <input type="submit" name="what" value="Add" />
</form>
...just to show a very simple example. The script acts upon what button is pressed.

Hope I was clear enough, and hope I didn't misunderstodd you completely.

Posted: Thu Jan 01, 2004 2:52 pm
by Rob
I kind of understand that, but i was wondering, If I use $GET and then use a simple switch I would be able to specify what table the form goes in right?

Posted: Mon Jan 05, 2004 2:22 am
by mwong
..Or you could have a hidden field with each form that tells a function which table to use....if you have the name of your forms in an array......yeh..I think you get the point.

--hmm I'm sure a switch would work as well.


:wink:

Posted: Mon Jan 05, 2004 3:42 am
by patrikG
Or you could have a hidden field with each form that tells a function which table to use....if you have the name of your forms in an array......yeh..I think you get the point.
That does have security implications - it's easy to edit the content of hidden input fields, hence altering the access rights.

Why not simply have the admin-priviledges stored in a column in the user-database. If a user logs in, his/her priviledges are checked automatically and stored in a $_SESSION variable.

That would make things easier and definitely more secure.

Posted: Mon Jan 05, 2004 5:24 pm
by mwong
True.....but if it had the value of "process1" and went through a function that only took certain inputs...I'm not sure how that would be a security problem........but yeh...you're right =0)