Display a link if admin

[Jamie_Garland]

Hello,

I'm trying to display alink if the person logged in is a user_level 1 if displays admin.php if not them it dosent show i have tryed this code but with not working.

This is my status.php page top code is if there are logged in thats where i want to show the link if they are admin other part is for if they are not logged in.

PHP Code:

<?php

if ($username){
    
    echo "<p>Hello, $username | </p>";
    
    require("scripts/connect.php"); 
    $query = mysql_query("SELECT user_level FROM users WHERE user_level='1'"); 
    $numrows = mysql_num_rows($query); 
     
        echo '<table><tbody>';
        while($row = mysql_fetch_assoc($query)){ 
            $id = $row['id']; 
            $user_level = $row['user_level'];
            
             
            echo "<tr><td><a href='admin.php'>Admin Center</a></td></tr>"; 
        } 
        echo '</tbody></table>';  
}
else
    echo "
    
    <p>
    Please Login Using The Form Below.
    <form action='login.php' method='post'>
    <table>
    <tr>
        <td>Username:</td>
        <td><input type='text' name='username'></td>
        <td><a href='register.php'>Register</a></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td><input type='password' name='password'></td>
        <td><input type='submit' name='loginbtn' value='Login'></td>
    </tr>
    </table>
    </form><br/>
    
    Forgot Password <a href='forgotpass.php'>Click Here</a>.

This is the login code if you need it.

<?php include('styles/top.php'); ?>

<div id="full">

<p> <?php

$form = "<form action='login.php' method='post'>
<center><table>
<tr>
<td>Username:</td>
<td><input type='text' name='username'></td>
<td><a href='register.php'>Register</a></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password'></td>
<td><input type='submit' name='loginbtn' value='Login'></td>
</tr>
</table></center>
</form>";

if ($_POST['loginbtn']){
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);

if($username && $password){

require("scripts/connect.php");
$pass = md5(md5($password));

$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$pass'");
$numrows = mysql_num_rows($query);

if ($numrows == 1){

$row = mysql_fetch_assoc($query);
$dbid = $row['id'];
$dbuser = $row['username'];
$type = $row['type'];


if ($type == 'd'){
echo "<p>Your account has been deactivated by the site administrator</p>";
} else {

$_SESSION['username'] = $row['username'];
$_SESSION['userid'] = $row['id'];

mysql_query("UPDATE users SET online='1' WHERE username='$username'");
echo "You have been logged in as <b>$dbuser</b> please wait. ";
echo "<meta http-equiv='refresh' content='5;url=index.php'>";
}

}
else
echo "Your login information was incorrect please try again. $form";

}
else
echo "You did not fill in the entire for please try again. $form";

}
else
echo "$form";

?> </p>

</div>

<?php include('styles/bottom.php'); ?>

it displays like this as 2 users are set to user_level 1

[akhileshbc]

In your code, you are fetching the rows from database, that has user_level set to 1. So it can return more than one rows. But I believe you are trying to fetch the user_level of the currently logged in user! But you have not included that in your query's condition! Apart from this, why you are using a WHILE loop if you are just expecting to get a single row from db? That loop of yours will iterate through all the rows that got fetched! I believe that's why you are getting the text displayed multiple times.

Untested code to give you an idea:

Code:

$query = mysql_query("SELECT COUNT(`user_level`) AS `num` FROM `users` WHERE `user_level`='1' AND `username`='$username' "); 
$row = mysql_fetch_assoc($query)
if( (int) $row['num'] > 0 )
{
    echo '<a href="admin.php">Admin Panel</a>';
}

What it does is, it will fetch the number of rows that matches user_level having the value 1 as well as username as the value from $username. If there are matches, then the number of rows is checked to see whether it is more than 0. If so, display the link.

[Jamie_Garland]

Hello,

I got it to show Admin Center now but i cant get it to show different links for user_level 1 and user_level 2?

Code:

<?php

if ($username){
    
    echo "<p>Hello, $username | <a href='logout.php'>Logout</a> </p>";
   
    require("scripts/connect.php"); 
    $query = mysql_query("SELECT user_level FROM users WHERE user_level='1' AND username='$username'"); 
    $numrows = mysql_num_rows($query); 
     
        
        while($row = mysql_fetch_assoc($query)){ 
            $username = $row['username']; 
            $user_level = $row['user_level'];
       
            
       
        } 
      
}
else
    echo "
    
    <p>
    Please Login Using The Form Below.
    <form action='login.php' method='post'>
    <table>
    <tr>
        <td>Username:</td>
        <td><input type='text' name='username'></td>
        <td><a href='register.php'>Register</a></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td><input type='password' name='password'></td>
        <td><input type='submit' name='loginbtn' value='Login'></td>
    </tr>
    </table>
    </form><br/>
    
    Forgot Password <a href='forgotpass.php'>Click Here</a>.
    
    </p>";

?>

[akhileshbc]

Fetch the user_level of the currently logged in user, from db. Then use IF..ELSE conditions to check which level this user belongs to, and echo the <a> link in the corresponding IF..ELSE condition's body.

[Jamie_Garland]

How would I do that can u provide a sample

[kfcSmitty]

How would I do that can u provide a sample

You would query the database the same way you're doing now, but omit part of the WHERE clause that has user_level = '1'. Then store the user object in the users session. You can then access it from the SESSION variable.

Why don't you give it a try yourself and see what you can learn, and then ask for help.