User permissions

MySQL database
#1

Hi Guys,

Starting to learn MySQL and PHP and currently building a bulletins portal. I want 3 user types:

User (1)
Admin (2)
Super Admin (3)

I have these set in ‘groupid’ in in my table. Now I want to check if a user has permissions to look at a page.

if ($groupid > 2) {

Content

} else {

Permission Denied

}

How do I pull this value for the current logged in user and set it as $groupid?

Any help would be much appreciated.

Kind Regards,

egghead0

#2

I would set a session at login time…
When querying the database for user details, pull the groupid also then set it in a session.
[php]$_SESSION[‘groupid’] = $groupid[/php]

and when checking:
[php]if ($_SESSION[‘groupid’] > 2) {

Content

} else {

Permission Denied

}
[/php]

Hope this helps,

Red. :wink:

#3

Hi Red,

Thank you for your help. I was initially using a cookie based login system. After your post I decided to read into the differences between session and cookies and session suits my needs more, so thank you for that.

So here is the code I have added to submit-login.php:

[php]// Retrieve username and password from database according to user’s input
$login = mysql_query(“SELECT * FROM users WHERE (username = '” . mysql_real_escape_string($_POST[‘username’]) . “’) and (password = '” . mysql_real_escape_string(md5($_POST[‘password’])) . “’)”);

// Check rows
if (mysql_num_rows($login) == 1) {

// Grab groupid
$groupid = mysql_query(“SELECT groupid FROM users WHERE (username = '” . mysql_real_escape_string($_POST[‘username’]) . “’)”);

// Set session variables
$_SESSION[‘username’] = $_POST[‘username’];
$_SESSION[‘groupid’] = $groupid;[/php]

Now the login session itself is working as I am logged in on all the pages. However it does not seem to grab the groupid so think I have the above code wrong as getting permission denied. No error logs in apache.

The code for checking is as you gave above.

When echoing out $_SESSION[‘groupid’] it gives me the value of ‘0’ (definitely set correctly in db).

I will keep trying a few things but any help would be much appreciated.

Kind Regards,

egghead0

#4

Silly me!

You can tell I am new to this

Got it working by changing code to:

[php]$getgroupid = mysql_fetch_array($login);

$groupid = $getgroupid[‘groupid’];[/php]

Thanks Red!

Sponsor our Newsletter | Privacy Policy | Terms of Service