BetterPHP

Just wondering what the best way to do this would be.
ive had a look around, and ended up on code canyon looking at some things, and one of the best option seems to be a permission library, or a pre built admin system that i would build into my site.
Im looking at possibly the best way to get this working. ( as in admin can delete posts ect users can post.) So what should i do?

The more basic way im thinking of atm is adding an extra colum to my db that list two values, 1=admin and 0=normal user, is this another way i could possibly use?

Curia wrote:The more basic way im thinking of atm is adding an extra colum to my db that list two values, 1=admin and 0=normal user, is this another way i could possibly use?

That sounds like the perfect way !

You should try to avoid anything over bloated and for something so simple the most basic way is often the best

yeah i suppose, and it would be way easier to secure it as well.

ill take a crack at it and try set it a little like how phpbb does theirs, if your admin, a link appears and takes you to a page that has permissions set.

Would it be better to use a mysql_query that looks at the user and their permission and esnure they must equal one, or would it be better for a if else function?

ill try doing a mysql query a bit like the ones in the login tut, if i fail ill be back

EDIT;
well i finally got to a peice of code that has no errors, but it just seems to not work.

<?php
 
$user = $_SESSION['username'];
 
//user permissions for admin
$result = mysql_query("SELECT `permissions` FROM `members` WHERE `user_name`= '$user'");
$a = mysql_fetch_array($result);
if($a)
{
// has perms
} else
{
//doesn't
echo "<meta http-equiv=\"REFRESH\" content=\"3;url=index.php\">";
}

?>

user is not redirected even when they have the wrong permission.

EDIT, im such a douch, i didnt add the value that it must = 1........ how could i do so easily without screwing it over?

You could do somethign like

$result = mysql_query("SELECT `permissions` FROM `members` WHERE `user_name`= '$user'");

if(mysql_result($result) == 1)
{
    // has perms
} else {
    // doesn't
}

And for god sake do not use that meta redirect like that !

haha yeah, just didnt know a better way at the time to do a redirect thats delayed, but i can do that witj a 3 second sleep folowed by a header.

cheers

Applied one or two other bits and got it working as i wanted, thank you

<?php
 
$user = $_SESSION['username'];
 
//user permissions for admin
$result = mysql_query("SELECT `permissions` FROM `members` WHERE `user_name`= '$user'");

$a = mysql_fetch_array($result);
 
if ($a['permissions'] == 1) {
// give permission
echo ("Working");
} else {
// redirect them
echo("not working");
}



?>

Glad you got it working :D