6 replies to this topic

[phil1208]

Hi everyone,

Im trying to make a news system for the company i work for which is proving to be simple enough, except for one little bit where im now stuck.

I have a user login system for the news script which allows a user to add a news article once they've logged in. I've managed this using the IF statement (example coming shortly)

Now, what i want to do is restrict what a user can do, this is because i want to have an administrator section where myself or someone within the company can review and authorise an article before it is displayed on the website itself.

I've decided to opt for defining user levels by numbers (1 - 5) 1 being a normal user and 5 being an admin.

at current the navigation within the side of the website is echoed like this;

<?php if (empty($email)) {?><a href="/index.php">Home</a>
   
	   <a href="/viewall.php">View Article</a>
   
		 <a href="/searcharticle.php">Search Article</a>
 
   <?php } else {?><a href="/index.php">Home</a>
   
	   <a href="/viewall.php">View Article</a>
   
		 <a href="/searcharticle.php">Search Article</a>
   <a href="/add.php">Add Article</a>
   
		 <?php } ?>

My original plan was to use a recordset to pull back the users 'user level' after they had logged into the website, however. Im templating the design we're using for ease of making the pages which means anything i put in a recordset at the top of the page, wouldnt nessecarily be output to the pages i create from the said template. I thought about adding the recordset in the body of the template but as far as i know the recordset needs to be above the HTML at the top of the document.


This is where the problem is, because if i put the recordset anywhere else it buggers my template.

I considered doing this using an include file, but im not sure as to whether this would be suitable. Or how i would go about doing this exactly.

As far as i can tell the only thing thats posing a problem is the fact im templating it using the dreamweaver template. but then again, i think its safe to say i just dont know anymore

Does anybody have any ideas on what i should/could do? or does anyone understand what im trying to do? because im beginning to think that i dont understand it myself .

Thank you to anyone who thinks they know what im on about, and anyone who might be able to help or at least point me in the right direction.

[Tyson D]

Hey there Phil,

I actually was just coding a news-posting system a few weeks ago and was working on a similar feature to yours. I found success in creating a little php include file that contained the user's information as retrieved from the database.

So if you make a new php file you can call it user.php or thisuser.php or whatever you'd like, have it query the database using the credentials either from a session or from $_POST and populate some variables like $username, $emailaddress, $userlevel from the query results.

Then on the pages that require access to these user details you just include the file (it can even be right above your if statement) and if you have 5 levels you could either have all your general links at the top like this:

<?php 
include 'user.php';
?>
<a href="/index.php">Home</a>
<a href="/viewall.php">View Article</a>
<a href="/searcharticle.php">Search Article</a>
 
<?php
if ($userlevel > 1) {
echo "<a href=\"/add.php\">Add Article</a>";
}

if ($userlevel == 5) {
echo "<a href=\"/managearticles.php\">Manage Articles</a>";
}
?>

This way you don't have to repeat all your links in each case and you can just add if statements around the links you want to only be seen by different user types.

So make sure you're storing a userlevel inside your user table!
Make sure that the links that you want to be hidden (in the above example this would be add.php and managearticles.php) that you are checking on these pages as well that users are authorized to view the pages. This is as simple as doing what we just did above for checking the userlevel to display a link, just include the user.php file, put all your page in an if ($userlevel > 1) or whatever the restriction is and then have an else block that has an access denied or equivalent type of message!

If you have any more questions about this just post 'em and hopefully I can help!

Cheers!

[phil1208]

Thanks TysonD,

Il give this a try now, and see how it goes. If this works you might have just stopped me going mental

If theres anything else i post in here.

Thanks again TysonD

[Tyson D]

No problem, keep me posted on how it's going!

[phil1208]

Completely destroyed my template something about editable regions and code. fixed it now though. gonna have another crack at it

[Tyson D]

Hey Phil,
Did you manage to get your code working?

[phil1208]

Not as of yet, I've been too busy tweaking the new phone system we just got put in and testing that out.

Im starting to develope a nervous twitch whenever 'soft phones' are mentioned.