Sunday, January 29, 2012

User privileges with mysql database and php


I'm making a login page well i've actually finished the login but how would i go about having the web page display diffren't things based on a users privileges and how would i set the privileges in my mysql database? and then use them in my php code?


Post by On
Tags , , ,

2 comments:

  1. UserJanuary 29, 2012 at 7:06 PM

    I usually make a field in the users table called admin or in this case maybe privilege_level, then in your php, you define what values of that field correspond to what levels of privilege.

    EDIT (example):

    // start session on every page using $_SESSION array
    session_start();
    session_name("Your Site Name");
    header("Cache-control: private");

    // in login file:
    $q = mysql_query("SELECT uid, privilege_level FROM users WHERE pw = 'escaped_and_preferrably_hashed_password' AND username = 'escaped_username' LIMIT 0,1");

    // if row found:
    if($q && mysql_num_rows($q) > 0){

    // get associative array
    $array = mysql_fetch_assoc($q);

    // set session vars
    $_SESSION['privilege_level'] = $array['privilege_level'];

    }


    Then, on pages where you want to check the privilege level you can use a switch or other control structure/design pattern to load content dynamically, ie:

    switch($_SESSION['privilege_level']){
    default:
    echo 'you have no privileges';
    break;
    case "1":
    echo 'you have some privileges';
    break;
    case "2":
    echo 'you have lots of privileges';
    break;
    }

    ReplyDelete
  2. UserJanuary 29, 2012 at 7:06 PM

    When the user logs on they are giving a username/password. The database should store this username and a hash of the password. For Ex.md5($password). You first do a query like "SELECT privilege_level FROM table WHERE username = ".mysql_real_escape_string ($_POST["username"])." AND password=".md5($_POST["password"])

    Then save that privilege_level to the session. $_SESSION["privilege_level"] = $privilege_level

    Now when they load the next page, that page should refer to the privilege level in session variable to construct the page.

    ReplyDelete

Subscribe to: Post Comments (Atom)