Hi all,

Firstly i would like to say hi to everyone as i am a newbee to this forum and going by the discussions i know i have come to the right place to resolve my problem.

I have just started using PHP, MYSQL, Databases etc and through someone elses hard work using their PHP script for a login with Admin features. Sadly the author last helped back in 2004 so i am looking for some help to update some of the code to get the function i require. Everything works fine but i would like to amend the code so that Users with Level 2 access can only access pages with Level 2 etc and Level 9 (admin) can access all levels from 0 to 9. Below is my code in my page........

<?
include("include/session.php");
?>

<html>
<title>Protected Page</title>

<?
/* User is not logged in */
if(!$session->logged_in){
?>

<body>
Insert HTML code here that says "You are not allowed to view this page"
</body>

<?
}
/* User is logged in */
else{
?>

<body>
Insert HTML code here that says "This is the protected page"
</body>

<?
}
?>

</html>

This works fine but will allow anyone who is logged in to access protected pages. I came accross this script....

if(!$session->userlevel == 2){<br>
&nbsp;&nbsp;echo "You are not allowed to view this page";<br>

I am unable to include this script as i keep getting errors.

Any help would be appreciated

Stuarty:queasy:

    First of all, how do you store user_data? In an sql-table? Check the file session.php You need to add some info about access level. Then you'll be able to check users access level and hide parts of a file or whole files to dfferent users.

      &#252;berfuzz wrote:

      First of all, how do you store user_data? In an sql-table? Check the file session.php You need to add some info about access level. Then you'll be able to check users access level and hide parts of a file or whole files to dfferent users.

      Yes, one way you would do
      is to create a new table in database with 2-3 fields
      it would take UserID number from Users table
      and add a user LEVEL for each user.

      Banned IP-numbersshould have Level=0 ... you do not want them at your pages, at all
      Guests could have a default level of 1
      Normal User = Level 2
      Special users Groups, level = 3-8
      Admin level= 9
      and so on

      CREATE TABLE user_level {
ItemID integer AUTO_INCREMENT,
UserID integer UNIQUE, (this is the UserID, taken from UserTable)
ULevel  integer ( range from 0-9 )
----------
BannedIP string ( this is probably only makingcomplications, but an Idea )
.. it is much better to make a new special 'TABLE banned_ips' ... for this!
}

      ===========================

      I want to know if you have access to a web interface called phpMyAdmin.
      With this you should be able to login and CREATE new table, very easy 🙂

      This is the start.
      Then, like told, have a look where user BECOMES 'logged_in',
      most probably in file: includes/session.php

      If we are very lucky 🙂 it could be enough if you add a new function, method in this file. this class.
      A function to get level from user_level TABLE, each time somebody Login.

      The default visitor would get the default Level = 1, ( or 0 ), without Logging in.
      This could also be set in same file: session.php

      Inside session.php you would probably see this or something like it:

      <?php

class session {

function check_login (){
    //code
}

// this one function we need to add
function set_user_level(){

// code for this operation
// get 'level' from TABLE user_level
// for UserID #nn
return $level
}

?>

      regars 🙂
      halojoy

        Hi, thanks for your reply but i am getting more confused now. I think what you are trying to say but i have already have thoes scripts in place. The users are defined, userlevels are defined, have the option for banlists of users & ip addresses as my pic shows attached.

        I have everything working as the database tables for temp users, guest, active etc are all in place, please try out...http://www.sam-grahame.co.uk/newlogin/main.php. if you click on the level2 page link then i want script so that only level 2 users can access it but level 9 can access all levels as this is defined as admin.

        You can see the code for this login at http://www.evolt.org/PHP-Login-System-with-Admin-Features

        Sorry for all the confusion.

        Stuarty

          My apologies, please read later post first.....

          enter to access

          username :- username
          password:- password

          userlevel = 4

          when you login and access level2 page you are given access as you are logged in due to the

          <?
/* User is not logged in */
if(!$session->logged_in){
?>

          cheers, stuarty

            Hi, thanks for your reply but i am getting more confused now. I think what you are trying to say but i have already have thoes scripts in place. The users are defined, userlevels are defined, have the option for banlists of users & ip addresses as.

            I have everything working as the database tables for temp users, guest, active etc are all in place, please try out...http://www.sam-grahame.co.uk/newlogin/main.php. if you click on the level2 page link then i want script so that only level 2 users can access it but level 9 can access all levels as this is defined as admin.

            You can see the code for this login at http://www.evolt.org/PHP-Login-System-with-Admin-Features

            Sorry for all the confusion.

            Stuarty

              This works fine but will allow anyone who is logged in to access protected pages. I came accross this script....

              PHP Code:
              if(!$session->userlevel == 2){<br>
              &nbsp;&nbsp;echo "You are not allowed to view this page";<br>

              I am unable to include this script as i keep getting errors.

              It is not enough to say: I am getting ERROR.
              You should post the Error Message.
              Without a more specific description of youjr error AND the code that causes this error
              we can only make guesses into the blue sky.

              Like going to doctor and say:
              Can you help me, I am not well.

              No, you really should to say:
              I have this terrible pain in my stomach.
              Especially after dinner. It is a pain in this side (left or right) of my stomach.
              Please help me, doctor please

              Welcome with some good info 🙂
              Will keep me from speculate and post scripts and suggestion ... out into the blue.

              By the way, the Login Script, you mention
              I know very well. It is one of the most used Free PHP login applications.
              Even if it is a bit 'old code', by now.
              http://www.evolt.org/PHP-Login-System-with-Admin-Features
              From the PHP 4 period.

              regars 🙂
              halojoy

                Ok.... firstly i applogise for not explaining myself clearly and to stop speculation. Having sat down and going through the script i have managed to get half way there as i have managed to restrict users to certain pages by using the following script....

                <?
include("include/session.php");


if($session->userlevel == 2){
   echo "You are allowed to view this page";
}
else{
   echo "You are NOT allowed to view this page";
}

?>

                The errors were unexpected "{" or "Else" errors but when sorted correctlt it worked. My only other problem is how do you input additional $session that will allow userlevel 9 to view all pages as this is my admin level. I can now give userlevel to members so that they are only able to view pages on what level they are allocated. I myself however require access to all pages and with my userlevel at 9 it won't allow me to access say a level 2 restricted page.

                Stuarty

                  My only other problem is how do you input additional $session that will allow userlevel 9 to view all pages as this is my admin level. I can now give userlevel to members so that they are only able to view pages on what level they are allocated. I myself however require access to all pages and with my userlevel at 9 it won't allow me to access say a level 2 restricted page.

                  You could write:

                  if($session->userlevel == 2 || $session->userlevel == 9){

                  However, for better readability and maintenance you could declare a class constant and then write:

                  if($session->userlevel == 2 || $session->userlevel == session::ADMIN_LEVEL){
                    Write a Reply...