I think showing you my code might help. I am actually trying to output the result.
[php]
class security_functions
{
var $conn;
var $lang;//language class object
var $tblprefix;
//defalt constructor which first checks if page is accessable.
function security_functions($dbf,$page_type,$language)
{
//pre: $dbf must be a db_functions object, $page_type must be a string, $language must be a language object
//post: denies access to page and stops php processing
//$page_type will be either: Public, Admin, Sales Clerk or Report Viewer.
//$usertype will be either: Admin, Sales Clerk or Report Viewer.
//Their must be a session present in order to execute authoization.
//sets class variables.
$this->conn=$dbf->conn;
$this->lang=$language;
$this->tblprefix=$dbf->tblprefix;
if(isset($_SESSION['session_user_id']))
{
$user_id=$_SESSION['session_user_id'];
$tablename="$this->tblprefix".'users';
$result = mysql_query ("SELECT * FROM $tablename WHERE id="$user_id"",$this->conn);
$row = mysql_fetch_assoc($result);
$usertype= $row['type'];
//If the page is not public or the user is not an Admin, investigation must continue.
if($page_type!='Public' or $usertype!='Admin')
{
if($usertype!='Admin' and $usertype!='Sales Clerk' and $usertype!='Report Viewer')
{
//makes sure $usertype is not anything but Admin, Sales Clerk, Report Viewer
echo "$this->lang->attemptedSecurityBreech";//problem
exit();
}
elseif($page_type!='Public' and $page_type!='Admin' and $page_type!='Sales Clerk' and $page_type!='Report Viewer')
{
//makes sure $page_type is not anything but Public, Admin, Sales Clerk or Report Viewer.
echo "$this->lang->attemptedSecurityBreech";//problem
exit();
}
elseif($usertype!='Admin' and $page_type=='Admin')
{
//if page is only intented for Admins but the user is not an admin, access is denied.
echo "$this->lang->mustBeAdmin";//problem
exit();
}
elseif(($usertype=='Sales Clerk') and $page_type =='Report Viewer')
{
//Page is only intented for Report Viewers and Admins.
echo "$this->lang->mustBeReportOrAdmin";//problem
exit();
}
elseif(($usertype=='Report Viewer') and $page_type =='Sales Clerk')
{
//Page is only intented for Sales Clerks and Admins.
echo "$this->lang->mustBeSalesClerkOrAdmin";//problem
exit();
}
}
}
}[/php]
Something like this is the output
Object id #1->mustBeAdmin
The variable mustBeAdmin is a string that shows an error message.