User Groups

spikechu

Hi everyone!

So i have been trying to figure this out all day.

what i am trying to do is allow different users different access to different parts of the backend of my site.

I have a users table in my DB that stores - Username-password-userlevel ( which stores a number based from the level row below)

i also have a table called user_level that stores - Level (1,2,3, ect) Title(admin, Mod, Reg, guest, ect) then i have Access_news, Access_articles (which stores a 1 for allowed 0 for not)

so if admin logs in he has access to all pages (as all are set to 1 in the user_level table)

i assume there needs to be a code on the top of each page that would read something like this

If user is accessing the news page (check in users table under User_level for a number) then check user_level table and allow access to all (access_x page) allowed...

make sense ?

i am lost on how i would write it.. ive created just about all the other pages to the backend of the site but i cant figure this one out, hehe.

Table Example:

Users Table

ID - Username - User_level
1 - Admin - 5
2 - Jon - 3
3 - bob - 1

User_online table

Level - Title - Access_Articles - Access_news - Access_images
5 - Admin - 1 - 1 - 1
3 - mod - 1 - 1 - 0

1 - reg - 1 - 0 - 0

Any help would be great.

Thanks

dewcansam

I do it like this.
First write a php script that holds standard lib functions. ie "stdlib.php" In that file we are going to code function "check_priv();". Then in every file in the site we include stdlib.php and do a call to "check_priv();" "check_priv();" should return true if approved and false otherwise.

stdlib.php

/**
 * @param string $usr the user id from users tbl
 * @param int $page_lvl the level of the page that is accessible
 *   1 = admin only
 *   2 = admin & editor .....
 *
 * @return bool true if able to access page otherwise false
 */
function check_priv($usr, $page_lvl){
  $qry = "select 'priv_lvl' where `id` = $usr";
  $qid = mysql_query($qry);
  $row = mysql_fetch_object($qid); // since i SHOULD only get 1 row back
  return ($page_lvl <= $row['priv_lvl']) ? true : false; // i am sure this can be shortened but i like leaving the full thing in for clarity 
}

every page:

require_once("stdlib.php");
// this kicks anyone out who is not a lvl 2 or higher
if(check_priv($_SESSION['uid'], 2)) ? "" : header('Location: unauthorized.php');

note this is just an example and by no means working code. but you should be able to build on it