how to make user access level using pdo?
Question
i have here the code for login and it works fine i also use session here but my problem now is that how can i suppose to make a user access level?.in my login database i have username, password and level, now admin=1 and guest=0. what i want to happen is that when i login as admin it will redirect me to signup.php and if i login as guest it will redirect me to index.php, please help me i'm working this for almost two weeks.. here is my code..
db.php
<?php
session_start();
$DB_host = "localhost";
$DB_user = "root";
$DB_pass = "";
$DB_name = "survey";
$charset = "utf8";
try
{
$DB_con = new PDO("mysql:host={$DB_host};dbname={$DB_name};charset={$charset}",$DB_user,$DB_pass);
$DB_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$DB_con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>
class.user.login.php
<?php
class crud
{
private $db;
function __construct($DB_con)
{
$this->db = $DB_con;
}
public function login($uname,$upass)
{
try
{
$stmt = $this->db->prepare("SELECT * FROM users WHERE user_name=:uname AND level=:level LIMIT 1");
$stmt->execute(array(':uname'=>$uname));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->rowCount() > 0)
{
if(password_verify($upass, $userRow['user_pass']))
{
$_SESSION['user_session'] = $userRow['user_id'];
return true;
}
else
{
return false;
}
}
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
public function is_loggedin()
{
if(isset($_SESSION['user_session']))
{
return true;
}
}
public function redirect($url)
{
header("Location: $url");
}
?>
****login.php****
<?php
include_once 'dbconfig.php';
if($crud->is_loggedin()!="")
{
$crud->redirect('insert.php');
}
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$uname = $_POST['user'];
$upass = $_POST['pass'];
if($crud->login($uname,$upass))
{
$crud->redirect('index.php');
}
else
{
echo "<script type='text/javascript'>alert('Invalid Username or Password');</script>";
}
}
?>
home.php
<?php
include_once 'dbconfig.php';
if(!$crud->is_loggedin())
{
$crud->redirect('home.php');
}
$ID = $_SESSION['user_session'];
$stmt = $DB_con->prepare("SELECT * FROM survey_section WHERE ID=:ID");
$stmt->execute(array(":ID"=>$ID));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
?>
1 answers
solution1
0 ACCPTED 2016-05-30 02:36:37
The term you're looking for is ACL (Access Control List)
This should help you gain an understanding :-)
For your current implementation, there is no checking what level the logged in user is, you only seem to $crud->redirect('index.php'); if the login is successful.
But before we get to that section; you're trying to bind :level yet not specifying it or implementing it anywhere...
In your login() method you have:
$stmt = $this->db->prepare("SELECT * FROM users WHERE user_name=:uname AND level=:level LIMIT 1");
$stmt->execute(array(':uname'=>$uname));
That is going to fail as you haven't specified what :level is, hence you'll be thrown an invalid parameter count error -> meaning this function will always return false.
You need to modify that query ( either removing AND level = :level or specifying what :level is in your execute() . )
From there, you'll need to modify your functions appropriately - in this case, setting level into a session variable would be more fitting:
//.....code above...
if(password_verify($upass, $userRow['user_pass']))
{
$_SESSION['user_session'] = $userRow['user_id'];
$_SESSION['user_level'] = $userRow['level'];
return true;
}
//.....cove below...
Now; from within your login.php , you can redirect accordingly:
if($crud->login($uname,$upass))
{
switch($_SESSION['user_level']) {
case "0": // regular user
$crud->redirect('index.php');
break;
case "1": // admin
$crud->redirect('signup.php');
break;
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.