I have a simple login script that has access levels (admin, full access, limited access, etc.).
If you log in as the user “rocker” you get two rock bands. If you log in as “hippie” you two hiippie bands. If you login as “fullaccess” you get to see all bands.
Working demo of it is here:
[url]http://www.psylicyde.com/_old/bandauth/login.php
Download source files here (4 PHP files + SQL file):
[url]http://www.psylicyde.com/_old/bandauth/bandauth.zip
1) What I need help with is how to handle the access levels so that it is perhaps a global function? Please inspect my get_access function. How can it be improved and implemented better?
2) is it possible to put the user access level, username and user id into an array WITHIN the session variable so that I can call any of the three variables ($access, $username, $u_id) from any page?
3) The login script itself is weak, and simple, please focus on the best methods for granting access levels.
[code=php]function get_access($username,$u_id){ // get access level and act according to permissions
dbConnect();
$result = mysql_query(“select * from user where username=’$username'”);
while($row = mysql_fetch_assoc($result)){
$access = $row[‘access’];
if($access == 0){
/*
* Admin access
*
*/
echo “<p>You are an admin.<p>”;
} else if($access == 1){
/*
* Full access – print all rows
*
*/
echo “<p>You have full access.<p>”;
$result = mysql_query(“SELECT * FROM band WHERE 1=1”);
echo “<ul>”;
while($row = mysql_fetch_assoc($result)){
$company = $row[‘company’];
$description = $row[‘description’];
echo “<li>$company – $description</li>”;
}
echo “</ul>”;
} else if($access == 2){
/*
* Limited Access – get permissions from permissions table, print rows they are allowed to see.
*
*/
echo “<p>You have limited access.<p>”;
$result = mysql_query(“SELECT b.company
, b.description
FROM user as u
INNER
JOIN permissions as p
ON p.u_id = u.u_id
INNER
JOIN band as b
ON b.b_id = p.b_id WHERE u.u_id=’$u_id'”);
echo “<ul>”;
while($row = mysql_fetch_assoc($result)){
$company = $row[‘company’];
$description = $row[‘description’];
echo “<li>$company – $description</li>”;
}
echo “</ul>”;
} else if($access == 3){
/*
* Registered user – no access, but allowed to log in.
*
*/
echo “<p>You are a registered user, but you have no access.<p>”;
}
}
}
Thanks and I hope this helps someone else too! I will repost the source code if I can get it tighter.