Sessions and admin/users

[kiwis]

Hi,

I'm using sessions for a members area of the website but when a users has logged in how do i work out if the user is a admin or a user???



I'm using a mysql database!!

[Sgt-Peppa]

Why dont you just store the permission along with the user name in a table? Create a table permissions, for example with 1 Administrator, 2 User, 3 Superuser whatever diffrences you make, and assign every user the matching permision.

Dont know if thats the correct way but it works.

HTH, Stephan

[kiwis]

yip i have that but when a page loads after they log on how does it work out with the sessions if the person is an admin or user??

[mendhak]

Originally posted by kiwis
yip i have that but when a page loads after they log on how does it work out with the sessions if the person is an admin or user??

You can have another session variable that contains the administration level of the user. Then, depeding upon the value of that, you perform different actions, show/hide different links.

[The Hobo]

Maybe I'm not understanding the problem...but can't you use the session username to search the table and find the permission field for that user?

Code:

$users = mysql_query("SELECT * FROM userTable WHERE username='" . $_SESSION['username'] . "'") or die(mysql_error());

if ($user = mysql_fetch_array($users)) {
    //validate user (password and such)
    //get user permission ($user['permission'] or something)
} else {
    //invalid session information
}

That's how I'd do it.