I've done this kind of thing with a number of web apps.
What I usually do is create a user table in MySQL with a user-name,
password and access level, which has an integer value.
When a user logs in successfully, a session is created (see
session_start() in php documentation), the access level is pulled from
the user table and saved as a session variable. Then it is a simple
matter of using bits of code like...
if ($_SESSION['access_level'] > 7){
echo "some stuff";
}
In your example, you will also want to check the user's access level on
each restricted page - it is not enough to hide menu options. Users
could simply type the URL in.
I hope that's clear.
Good luck,
Jeffrey
Jeff Broomall wrote:
Good morning everyone.
I'm building a very simple content management site that tracks "tasks."
The options available are:
1. Add Task
2. Edit Task
3. View Task
4. Print Task
I need to restrict some users to only View and Print and I'm trying to find a way to tell the page not to load the menu options (the text) for those not having access to the Add and Edit functions.
IOW, they would only see View and Print.
I have three basic users:
1. System Admin
2. Subject Matter Expert (SME)
3. Viewers
Obviously the System Admin and SME will have full access so it's the Viewers that are to have access to only View and Print.
I have a users table but haven't set it up for the distinction. What I was thinking was creating a field labeled users_group and assign a numeric value for each user using the numbering system above.
I have my page load the menu options:
<a href="home.php" class="navlink">Home</a><br />
<a href="view_tasks.php" class="navlink">View Tasks</a><br />
<a href="edit_task.php" class="navlink">Edit Task</a><br />
<a href="add_task.php" class="navlink">Add Task</a><br />
into here...
<BODY>
<table width="90%" border="1" cellspacing="10" cellpadding="0" align="center">
<tr><td colspan="2"><h1 id="mainhead">ICAO Tasks — WAFS</h1></td></tr>
<tr>
<td align= "center" valign="top" nowrap="nowrap" width="10%">
Menu<br />
<?php include ('./includes/menu.html'); ?> <--The menu above inserted here.
</td>
<td valign="top" class="content">
How can I tell the system not to load the last two lines unless they are a System Admin or SME?
I read a chapter on Cookies/Sessions...but it wasn't that helpful for this case.
Can I setcookie('user_group', '3') and use that somehow???
Am I in the ballpark with this solution?
Thanks.
Jeff
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php