LOG-IN and LEVEL

cli · May 24th, 2005, 11:43 AM

Another help...i'm doing a login, and i want that if some one use a particular couple name-password,will be adressed to a page instead of another:

my table in DB is: id_admin, admin_name, admin_pass, admin_level.

Code:

$txtUser = $_POST['user'];
$txtPass = $_POST['feelpass'];
mysql_select_db($database_feeling);
$enter = "SELECT * FROM admin WHERE user = '$txtUser' AND pass = '$txtPass' ";
$enter_q = mysql_query($enter) or die('errore nella Q_login');
//$takeme = mysql_fetch_array($enter_q);
$takemerows = mysql_num_rows($enter_q);

if( $takemerows > 0){

$takeme = mysql_fetch_array($enter_q);

if( $takeme['admin_level'] == 1 ){ 
header( 'Location: adminclientimenu.php' ); 

}else{ 

header('Location: index.php');
}

header('Location: adminmenu.php');
}else{
header('Location: index.php');
}

as you can see, i've a if() statemnt into the first if() that if() is completely jump-off and go always to "adminmenu.php" even if i use a couple admin_pass and admin_pass where the level is 1 it goes always to "adminmenu.php" if the couple is wrong it goes as aspect to "index.php"

What you use to make differenced log-in???

anshul · May 25th, 2005, 07:56 AM

I've few ideas:
use switch ..case statements i.e., switch a admin level.

Secondly, adjust content of a Web page ( menus ) according to admin level rather than redirecting headers or using seperate Web page for a each member. You may ad more fields to db based on what can/can't be allowed to each admin user. Like using flags 'yes' or 'no', '1' or '0' etc. I hope, you'll do now. Ask us, if u've any question.
http://www.mediasworks.com/webstory/cghost/home.htm

nikolai · May 29th, 2005, 04:30 PM

What I think you're really asking is: What is the best way to handle users and permissions?

This is a difficult issue to tackle, because the more flexible you want to make your permissions levels, the more complicated it is to design the application. You need to create a database schema that efficiently stores these permissions and know where these permissions affect your application.

For this reason, many applications only have two or three real levels of permissions. This site, for example, only has three that I can figure. There's an administrative level, a moderator level, and a regular user level.

Each level gets more restrictive. In other words, a moderator can do everything a regular user can do plus some extra stuff. An administrator can do everything a moderator can do, plus extra stuff.

This style of permissions is fairly easy to implement. You can use a numeric ID for the permissions levels. If a user's permission level is >= some number, then they have permission to do something. If it's <, they don't.

If, on the other hand, you want permissions being assigned to specific bits of functionality, things get much more complex.

For example, if you want to have a lot of different "regular users" each have priveledges that other users don't, then you have to start dealing with creating groups. Permissions are assigned to a group of users. Users can belong to many different groups.

Suppose for example that I belonged to a group of "PHP moderators". I would ONLY have moderator priveldges on the PHP forums on this site. I would NOT have moderator priveledges in, say, the C++ forums.

As you can probably imagine, this is a much tougher nut to crack, so most people settle for the simpler style. I'm a "moderator" on this site, which means that I can muck with ANY of the forums, even though I only really post to the PHP ones.

Hope this helps,

Nik