PDA

View Full Version : Limiting access to users


Mark_W
07-16-2007, 11:17 PM
Hi there, back again,

This is another user level question, as you may remember from the previous user level thread I have two types of users Admin and User (Admin is 1 and User is 2).

Anyway, on my Admin screen I realised I had forgotten to limit Users from accessing the admin section.

This is the code currently in use;

<?php
require_once("../connections/connection.php"); //Database Connection

session_start();

//Catch Field Data
$userid = $_POST['userid'];
$password = $_POST['password'];
$submitted = $_POST['submitted'];


if ($userid && $password) {
///////////////////////////////////////////////
$query = sprintf("SELECT * FROM members where user_name='$userid' and user_password='$password'");
$result = @mysql_query($query);
$rowAccount = @mysql_fetch_array($result);
///////////////////////////////////////////////
}

if ($rowAccount){
$_SESSION['id'] = $rowAccount['user_id'];

header("location:_admin_index.php");
exit;


} elseif($submitted){
$echostring = "You are not authorised to enter";
}

?>

What I want to say in theory is if ($userid && $password && userlevel=1) {
///////////////////////////////////////////////
$query = sprintf("SELECT * FROM members where user_name='$userid' and user_password='$password'");
$result = @mysql_query($query);
$rowAccount = @mysql_fetch_array($result);
///////////////////////////////////////////////
}

Now if that sounds correct, what I can't think how to do is how I would make sure the user trying to log in is level 1.

Thanks once again for your help.

Mark_W
07-17-2007, 12:13 AM
I was just laying in bed when it came to me what I needed to do, so I came back on the computer to check it worked before anyone replied to me.

Thanks anyway people, I will ask my other questions tomorrow.

davidj
07-18-2007, 09:01 AM
nice one mark

new you'd be on the ball