I'm making a login page well i've actually finished the login but how would i go about having the web page display diffren't things based on a users privileges and how would i set the privileges in my mysql database? and then use them in my php code?
I usually make a field in the users table called admin or in this case maybe privilege_level, then in your php, you define what values of that field correspond to what levels of privilege.
EDIT (example):
// start session on every page using $_SESSION array session_start(); session_name("Your Site Name"); header("Cache-control: private");
// in login file: $q = mysql_query("SELECT uid, privilege_level FROM users WHERE pw = 'escaped_and_preferrably_hashed_password' AND username = 'escaped_username' LIMIT 0,1");
// if row found: if($q && mysql_num_rows($q) > 0){
// get associative array $array = mysql_fetch_assoc($q);
// set session vars $_SESSION['privilege_level'] = $array['privilege_level'];
}
Then, on pages where you want to check the privilege level you can use a switch or other control structure/design pattern to load content dynamically, ie:
switch($_SESSION['privilege_level']){ default: echo 'you have no privileges'; break; case "1": echo 'you have some privileges'; break; case "2": echo 'you have lots of privileges'; break; }
When the user logs on they are giving a username/password. The database should store this username and a hash of the password. For Ex.md5($password). You first do a query like "SELECT privilege_level FROM table WHERE username = ".mysql_real_escape_string ($_POST["username"])." AND password=".md5($_POST["password"])
Then save that privilege_level to the session. $_SESSION["privilege_level"] = $privilege_level
Now when they load the next page, that page should refer to the privilege level in session variable to construct the page.
I have a HTML list of about 500 items and a "filter" box above it. I started by using jQuery to filter the list when I typed a letter (timing code added later): $('#filter').keyup( function() { var jqStart = (new Date).getTime(); var search = $(this).val().toLowerCase(); var $list = $('ul.ablist > li'); $list.each( function() { if ( $(this).text().toLowerCase().indexOf(search) === -1 ) $(this).hide(); else $(this).show(); } ); console.log('Time: ' + ((new Date).getTime() - jqStart)); } ); However, there was a couple of seconds delay after typing each letter (particularly the first letter). So I thought it may be slightly quicker if I used plain Javascript (I read recently that jQuery's each function is particularly slow). Here's my JS equivalent: document.getElementById('filter').addEventListener( 'keyup', function () { var jsStart = (new Date).getTime()...
I usually make a field in the users table called admin or in this case maybe privilege_level, then in your php, you define what values of that field correspond to what levels of privilege.
ReplyDeleteEDIT (example):
// start session on every page using $_SESSION array
session_start();
session_name("Your Site Name");
header("Cache-control: private");
// in login file:
$q = mysql_query("SELECT uid, privilege_level FROM users WHERE pw = 'escaped_and_preferrably_hashed_password' AND username = 'escaped_username' LIMIT 0,1");
// if row found:
if($q && mysql_num_rows($q) > 0){
// get associative array
$array = mysql_fetch_assoc($q);
// set session vars
$_SESSION['privilege_level'] = $array['privilege_level'];
}
Then, on pages where you want to check the privilege level you can use a switch or other control structure/design pattern to load content dynamically, ie:
switch($_SESSION['privilege_level']){
default:
echo 'you have no privileges';
break;
case "1":
echo 'you have some privileges';
break;
case "2":
echo 'you have lots of privileges';
break;
}
When the user logs on they are giving a username/password. The database should store this username and a hash of the password. For Ex.md5($password). You first do a query like "SELECT privilege_level FROM table WHERE username = ".mysql_real_escape_string ($_POST["username"])." AND password=".md5($_POST["password"])
ReplyDeleteThen save that privilege_level to the session. $_SESSION["privilege_level"] = $privilege_level
Now when they load the next page, that page should refer to the privilege level in session variable to construct the page.