php - User permissions custom cms -
looking advice on current setup , if there better approach (this first attempt @ building app this) @ point need user roles, 2 user , admin.
i have users table , groups table , join table takes id users table , id groups table , can allocate group user belongs too.
i wanting set way couple of things, prevent 'users' accessing admin area typing in url /admin/index.php , show link on index page if admin , not see it if normal user.
here code demonstrate can show users role title struggling @ point:
<?php $user = $_session['user']; try{ $results = $dbh->query("select * groups inner join user_group_link_table on groups.id = user_group_link_table.group_id user_group_link_table.user_id = $user"); }catch(exception $e) { echo $e->getmessage(); die(); } $group = $results->fetchall(pdo::fetch_assoc); foreach($group $groups){ echo $groups["name"] // show link admins user not see? ;} ?>
i wondering if approach totally wrong?
update
<? include('session.php'); if (!isset($_session['user'])) { header("location: index.php"); } if(!ini_get('date.timezone')) { date_default_timezone_set('gmt'); } // include file admin pages $isadmin = false; foreach($group $groups){ if($groups['name'] === 'admin'){ $isadmin = true; break; } } if(!$isadmin){ header('location: index.php'); // or other arbitrary location die(); } ?>
and error:
notice: undefined variable: group in /applications/mamp/htdocs/dashboardr v3.2.3/admin/header.php on line 12
warning: invalid argument supplied foreach() in /applications/mamp/htdocs/dashboardr v3.2.3/admin/header.php on line 12
i wanting set way couple of things, prevent 'users' accessing admin area typing in url /admin/index.php , show link on index page if admin , not see it if normal user.
i'll give solution that'll work in current setup; it's not the way go, i'll job done now. if you're worried user being in specific role, you're better off specifying role in query rather iterating through potential roles.
// include file admin pages $isadmin = false; foreach($group $groups){ if($groups['name'] === 'admin'){ $isadmin = true; break; } } if(!$isadmin){ header('location: index.php'); // or other arbitrary location die; }
you'll want place @ top of page, before spit out kind of html.
Comments
Post a Comment