0

This is my user table

CREATE TABLE `users` (
  `id` INT(11) NOT NULL AUTO_INCREMENT,
  `firstname` VARCHAR(255) NOT NULL,
  `lastname` VARCHAR(255) NOT NULL,
  `email` VARCHAR(255) NOT NULL,
  `username` VARCHAR(255) NOT NULL,
  `password` VARCHAR(100) NOT NULL,
  `level` ENUM('0','1') NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)

So lets say I am on index.php

I want that if user level = 1, then he can see a link appear on the page. Other wise if level = 0, he will never see that link.

How can I do that?

Improve this question
9
  • and where is your php code? Commented Jun 19, 2015 at 3:42
  • which part do you require? Commented Jun 19, 2015 at 3:44
  • I just want to add like if (level =1){ <a href=...><a> }. isnt it something like that? Commented Jun 19, 2015 at 3:45
  • anything in your index.php did you try anything so far? Commented Jun 19, 2015 at 3:45
  • Yes my index file is got other stuff. its a forum script. categories, topics etc. What I want to do is add a link that goes to users.php where you can see the list of users. users.php works fine. I just want to hide that link from everyone, just the people who have level = 1 can see it, in other words only admins. But I dont have an admin system, I just made a level attribute Commented Jun 19, 2015 at 3:48

4 Answers 4

Reset to default
1

I think you want something like this.

in your login module do something like this

session_start();
$_SESSION['level'] = 1; // passed the level from you database.

and in your pages.

session_start();
if (isset($_SESSION['level']) && (int) $_SESSION['level'] === 1) {
    echo '<a>Link for admin</a>';
}
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

login module you mean in my login.php?
what value did you passed to $_SESSION['level']?
this is my index.php pastebin.com/bA1tTq5c, and this is my login.php pastebin.com/5k4xsAxs before adding the level stuff. Parts of the code
one more thing!! I see you still using mysql_query() it's now deprecated and vulnerable to sql injection you should use mysqli or pdo
how hard is it to change my whole script to mysqli? is there a converter tool?
|
0

You should use session codes. Set a session code value to the value of level, and depending on that value display the link or not.

Improve this answer

3 Comments

like this? if(isset($_SESSION['level = 1'])){ echo "Link"; }
@Mista Josh above illustrates the idea fairly well. You need to set level in your database first, and then set the session value based on the level database entry as he does.
@KyleBooth he mentioned he was unsure how to write the code, by just giving him the theory you are not really answering the question 100% hence my answer (not like it matters now anyway).
0

You could use $_SESSION. So for example when your user logs in, you can set the session variable for level such as:

When your user logs in:

session_start(); // You must use this at the beginning of every page you use $_SESSION on
// Query here to select your user
$mysqli = new mysqli(HOST_NAME, DB_USER, DB_PASSWORD, DB_NAME);
//$username is the username of the user who is logging in.
$sql = "SELECT * FROM users WHERE username = '$username'";
$mysqli->query($sql);

if ($result && $result->num_rows > 0)
{
    while ($row = $result->fetch_assoc())
    {
        $_SESSION['level'] = $row['level'];
    }
}

On your index.php page (or any other page you want to check the user level):

session_start(); // This is reqd once on any page you use $_SESSION
// Then on your page you can use 
if (!empty($_SESSION['level']) && $_SESSION['level'] == 1)
{
    echo '<a href="">Your Link</a>';
}
Improve this answer

1 Comment

this is my index.php pastebin.com/bA1tTq5c, and this is my login.php pastebin.com/5k4xsAxs
0 
<?php
try {
    $dbh = new PDO("mysql:host=localhost;dbname=dbName", 'dbUser', 'dbPassword');

    //Check username and password
    /*** The SQL SELECT statement ***/
    $sth = $dbh->prepare("SELECT level FROM user WHERE username = ? and password = ?");
    $sth->execute(array('[email protected]', '2222')); // these values are passed via SESSION, POST, etc
                                                     //make sure to encrypt password
    $user = $sth->fetch(PDO::FETCH_ASSOC);

    if(!empty($user) && $user['level'] == 1) {
        echo "link";
    }  else {
        echo "no-link";
    }

    /*** close the database connection ***/
    $dbh = null;
} catch (PDOException $e) {
    echo $e->getMessage();
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.