PDA

View Full Version : Restrict Access to certain users based on if a variable in the SQL database is set to 1


borlino
05-23-2011, 11:05 AM
Hey guys,
I am quite new to PHP and MySQL and I have a question concerning access restriction. For a website project I am experimenting with Dreamweaver's login and restrict access behavior, which works fine. However, on the website I would like to restrict access for users that only have a 1 set in the corresponding MySQL database. So it is quite similiar to the out-of-the-box restrict access to page based on user group, but just depending on another variable in the database. I could not figure out how to implement that.

Your help is highly appreciated!

Thanks in advance!

mangofreak
05-23-2011, 03:49 PM
I work mostly on ASP but the idea should be the same:

As part of your login access you have to pass a variable -- as per my example Accesslevel that will verify if the user has access to the next page.

SELECT Username, Password, AccessLevel, AccesslevelID
From tableUsers, tableAlevels
WHERE AccessLevel = AccessLevelID and AccessLevelID = param


Then create your param that would be more or less/ but check your Dreamweaver. In ASP the params are created by the application above the select statement but PHP I'm not sure

parameter = that is the name of you parameter
numeric = type i.e text, boolean, etc
$_POST["alevel"] = that is your value
0 = that is your default value


Also, you should create a session variable for the AccessLevel so you can apply it to all your other pages.

Hope that helps a little.

I'm pretty sure that may be other ways to do it but that should at least give you an idea.

borlino
05-23-2011, 04:57 PM
Hey mangofreak,
Thanks a lot for your answer. My understanding of PHP and MySQL is unfortunately no good enough to fully understand your proposition. But I will try anyway :)

mangofreak
05-23-2011, 06:55 PM
No worries, my understanding of PHP is not that great either but by some miracle things work from time to time ;)

The idea behind is quite simple. When you create your database, there are usually some tables that would hold all your...data.

I like the following structure
tblUsers: holds
intuserid, firstname, lastname, password, intaccesslevel and something to turn users on or off, say status

tblAccessLevels
AccesslevelID, intAccesslevel

as you can see tblUsers has a field that needs has a relationship with accesslevel.

In your Login page you have a recordset that with be used to compare all the username, password and accesslevel and see if that matches to let the user in.

What do you have so far? if you share your code many of the PHP gurus would be happy to help.

edbr
05-24-2011, 12:40 AM
I am quite new to PHP and MySQL and I have a question concerning access restriction. For a website project I am experimenting with Dreamweaver's login and restrict access behavior, which works fine. However, on the website I would like to restrict access for users that only have a 1 set in the corresponding MySQL database. So it is quite similiar to the out-of-the-box restrict access to page based on user group, but just depending on another variable in the database. I could not figure out how to implement that.

what criteria do you want? I believe dw uses a numeric user level,which is usual, so that could be any field you like to use in your select statement.

borlino
05-24-2011, 06:55 AM
Sorry, I guess I was not clear enough what I really want to achieve. Here is a more detailed explanation: Firstly, I will integrate the restrict access feature of DW. However, for my project I need a possibility to restrict access to each page individually. I though this can maybe be done by giving each page a unique variable that is preset to 0 and if a user gets access to this page I can change it to 1.
Do you think this is the way to give each page an individual access level? And how can I code the part where the webpage checks if the user has access to this page and otherwise redirect him to another page?

Hope it is a bit more clear now :-)

Thanks in advance for your help!

davidj
05-24-2011, 01:40 PM
i would query and store a user profile from the point of login. Store the profile as an Array in a session where you can query the session for an access flag.

I would dynamically display menu items based on the profile rather than presenting a link which when clicked produces an 'Accessed Denied' message.

borlino
05-24-2011, 03:18 PM
Hello davidj
Thanks a lot for your response. Your solution sounds very reasonable, however I have no idea how I could code this... :???:
I rethought my requirement and realized that it would be the easiest if I could just give a user multiple access levels at the same time. In this case I could just give every page another access-level and restrict the access only to users with this access level (So basically use the out-of-the box feature).

Does anyone know if and if yes how I can assign a user multiple access levels at the same time and store this data in MySQL database which Dreamweaver still understands....

Thanks a lot!!

mangofreak
05-24-2011, 03:56 PM
I found this on the tutorials database:

http://www.dreamweaverclub.com/vtm/php-login-script.php
Have a look it's a video tutorial on a login system.