Login/user levels

[Albatross]

Greetings once again all.

Some background info first...

I've setup a table on my database called afbb_users and I've added fields for a primary key, user level, user name, password, and comments. I also have a webpage se up using html.

What I would like to do it have a register/login option so that authorised people can login and based on a user level (Member, Mod, and Admin are the only levels), make edits to certain pages.

The problem is, I know how to get a form to send data to a table and check logins but I dont know how to set it so that what a person sees is dependant on thier user level.

Could someone assist with this?

[CornedBee]

On the simplest level, it's like this:

Code:

<?php if($userlevel == ADMIN) { ?>
<a href="special.php">Control Panel</a>
<?php } ?>

[chthong]

Have you ever consider adding another field call roll level and difference roll level might able to enter difference area lets say you have 5 areas
A,B,C,D,E

A only allowed roll level 30 - 500 - Maybe only for register user
B only allowed roll level 50 - 500 - Maybe only for moderator
C only allowed roll level 70 - 500 - Maybe only for admin moderator
D only allowed roll level 90 - 500 - Maybe only for admin
E only allowed roll level 0 aboved - Allowed for everyone
F only allowed roll level 999 - Maybe for certain user that only able to access one area

The roll level will determine what the user can do.

[kows]

why would you do that? what CornedBee said is basically exactly what you said, except a lot easier to implement. The table he has already has the user's level, so adding a new field to act as their level is a little pointless if you ask me.

[chthong]

Maybe i misunderstand the question. but then for the area that can enter by register user will it be

Code:

<?php if($userlevel == ADMIN || $userlevel == MODERATOR || $userlevel == ADMIN MODERATOR || $userlevel == ADMIN || $userlevel == REGISTERUSER) { ?>
<a href="special.php">Control Panel</a>
<?php } ?>

Then when new user level adding in, will it become more complicated? istead of

Code:

<?php if($rolllevel >=30 ) { ?>
<a href="special.php">Control Panel</a>
<?php } ?>

So, in future when you want to add another roll or another area. It will be a lots easier to control. We can also add a group table which will determine the roll level lets say

Name RollLevel
Super Admin 500
Admin 90
Admin Moderator 70
moderator 50
Register user 30
Unregister user 10

Inside the user table just add in the group field, let say user "chthong" is super admin then automatically it will have roll level 500.

When we need to add another level let say "superior admin" then we just add it into the group table and set the group field in the user table.

This will required minimum changes on the existing code.

Thats what i want to point out. Please correct me if i am wrong. Thanks

[PlaGuE]

???

Why make the numbers so high?

a simple table such as "access_levels" would do.IE:

Table Name: user_levels
accessID | accessName
0 | Guest
1 | Member
2 | Special Member
3 | Global Moderator
4 | Administrator
Then all you would have to do is refrence the access_level in the users table
IE:
Table Name: users
id | username | password | access_level
1 | PlaGuE | wookie | 5

Then just create an array with the access levels from the access_levels...

This isnt perfect nor have i tested it.

PHP Code:

  $USER_ACCESS = array();
  $result = mysql_query("SELECT * FROM access_levels") or die('Could not run access_level array Query');

 while($row_access = mysql_fetch_assoc($result)){

      $USER_ACCESS[$row_access['accessName']] = $row_access['accessID'];

} 


then when you want to check the user access level before showing the page/code

do:

PHP Code:

if($SESSION['access'] >= $USER_ACCESS['Administrator']){
echo("Hello Admin.");
}else{
echo("You are not Admin.");
} 


See my point? However the last code snippet is a lil.. iffy.

[chthong]

My point is when i add another level of user, I did not need to touched the exsisting users setting. In your cases, when we add in another user level for example junior member, you have to readjust all the access_level. Thats why I keep some distance between the numbers. By the way the access level and the roll level is the same thing. correct me if i am wrong

[chthong]

This is much more better compare to mine one.

Code:

if ($SESSION['access'] >= $USER_ACCESS['Administrator'])

Code:

if($rolllevel >=30 )

[penagate]

In your cases, when we add in another user level for example junior member, you have to readjust all the access_level. Thats why I keep some distance between the numbers.

Sorry but that method just smacks of amateurism, if you use constants you only need to adjust values in one place anyway so your complaint is moot. Spacing numbers out is just clumsy, not a fail safe method.

[chthong]

if you use constants you only need to adjust values in one place

Can you please explain?

[penagate]

Well, constant values are only ever defined once, that's the point of a constant.

PHP Code:

define('POO', 58874);
define('THE_MEANING_OF_LIFF', 42); 


If you need to change its value you only need to do so in one place without touching the rest of the code that uses POO rather than the numeric value 58874.

[PlaGuE]

idk... but i think this could work... however its useless in many ways...

I came up with this while thinking of a way to define the Access Level Variable and have it displayed looking like a define variable instead of just an array variable.

PHP Code:

<?php
$USER_ACCESS = array(); // Create User Access Array
// Create Access List Array
$access_levels = array("0" => "Guest",
                       "1" => "Member",
                       "2" => "Special Member",
                       "3" => "Global Moderator",
                       "4" => "Administrator");
// Insert Access List into the User Access Array
    foreach($access_levels as $key => $value){
        $USER_ACCESS[$value] = $key; 
    }

// Start Defining the access. To create  a new variable. EG: SPECIAL_MEMBER
    foreach($USER_ACCESS as $key => $value){
        $DEFINE_KEY = str_replace(" ","_", strtoupper($key));
        $DEFINE_VALUE = $value;
        define($DEFINE_KEY,$DEFINE_VALUE);
    }

//Now Check to see if User has correct permission
$myaccess = 4;
    if($myaccess == ADMINISTRATOR){ 
        echo("Hello Admin."); 
    }else{ 
        echo("You are not Admin."); 
    }   

?>

[CornedBee]

Code:

$USER_ACCESS = array(); // Create User Access Array
// Create Access List Array
$access_levels = array("0" => "Guest",
                       "1" => "Member",
                       "2" => "Special Member",
                       "3" => "Global Moderator",
                       "4" => "Administrator");
// Insert Access List into the User Access Array
    foreach($access_levels as $key => $value){
        $USER_ACCESS[$value] = $key; 
    }

--->

Code:

// Create Access List Array
$access_levels = array("0" => "Guest",
                       "1" => "Member",
                       "2" => "Special Member",
                       "3" => "Global Moderator",
                       "4" => "Administrator");
// Create User Access Array
$USER_ACCESS = array_flip($access_levels);

http://at.php.net/array_flip

Ph34r the power of built-in functions

[PlaGuE]

Ohhhh.. Koo
I never knew that..lol.
I havent had much to do with "array" functions.
infact the only array function ive ever touched is "array()". Guess i must learn.