Hi All,
Hopefully a simple problme to resolve…(hopefully) I have a few lines of code which checks to see if the user has permissions to access the page and if not display an error. My question is how can I alter my code to allow for a range of permissions?
[php]
$user_perm = $_SESSION[‘type’];
if ($user_perm == “Admin” ){
[/php]
So I would like to have the option for “Contributer” added, I tried else is statement but it didnt work.
thanks
You need to put all the permission types for the user into a session array and then check if the proper one exists for the page. There are a couple different ways to check if the required permission level is set.
[php]foreach ($result as $row)
{
$_SESSION[‘user_level’][$row[‘permission’]] = $row[‘permission’];
}[/php]
This is how I go about doing it, in my utilities.inc.php (configuration file that I put on every page) I have this:
[php]/* Use $user for sessions variable */
$user = isset($_SESSION[‘user’]) ? $_SESSION[‘user’] : NULL;[/php]
When a User logs in I do this:
[php] public function read(array $data = NULL) {
$this->query = ‘SELECT id, username, password, security_level, first_name, last_name, email, home_phone, cell_phone, gender, birthday FROM users WHERE username=:username’;
$this->query_params = [’:username’ => $data[‘username’]];
try {
$this->stmt = $this->pdo->prepare($this->query);
$this->result = $this->stmt->execute($this->query_params);
} catch (Exception $ex) {
die("Failed to run query: " . $ex->getMessage());
}
$this->stmt->setFetchMode(PDO::FETCH_OBJ);
$this->user = $this->stmt->fetch();
if ($this->user) {
$this->loginStatus = password_verify($data['password'], $this->user->password);
unset($data['password']); // Unset the password:
unset($this->user->password);
}
if ($this->loginStatus) {
$_SESSION['user'] = $this->user; // Set the session variable of user:
return TRUE;
} else {
return FALSE;
}
}[/php]
Sorry, the above is written in OOP, but just think of it as a function and minus the $this-> part.
Then in my case I would just do something like the follow:
[php]if ($user && $user->security_level === “admin”) {
// Do something
} elseif ( $user && $user->“contributor”) {
// Do something else
}[/php]
If the if statements get unwieldy then you can just simply switch over to a switch statement. Just another way of doing it.
[member=57087]Strider64[/member], Your code does not allow for a user with multiple roles for “Page Access” which the OP is asking about.
As the OP said
I have a few lines of code which checks to see if the user has permissions to access the page
A single PAGE could allow multiple roles access to it (user levels). You would need to have available all the roles of a particular user to determine if one of them matches the page access.
By setting all the access levels of a particular user to a SESSION, you can then check if the required page access level is in the SESSION array.