Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End How to get admin_level of logged in user!?

  • This topic is empty.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • June 6, 2016 at 3:35 am #242536
    cscodismith
    Participant

    I am currently trying to get it so it shows one thing when someones admin_level is greater then 0 and another when ones admin_level < 1 (equals 0) which it seems to be doing right now with my ONE USER in my database. Not sure if it is getting the information from the cookies in the browser or what but my current ‘script’ looks like this:

    <?php
$connStr = 'mysql:host=localhost;dbname=heartfx-registration';
$user = 'root';
$pass = '';
// Create the connection object
$conn = new PDO($connStr, $user, $pass);
$sth = $conn->prepare("SELECT admin_level FROM users");
$sth->execute();

print("fetch the first column from the first row in the result set:\n");
$result = $sth->fetchColumn();
print("level = $result\n");

if ($result > 0) {
        print("you're an admin!");
} else {
    print("you are not an admin!");
}
?>

    Somehow this echos what the MOST RECENT registered user’s admin_level is but would like to make it user specific so user has to be logged in and it echos the logged in users admin level but not exactly sure how to accomplish this?

    June 6, 2016 at 4:07 am #242539
    cscodismith
    Participant

    I just solved my own question. If you are interested in knowing the solution you can check the github project/file associated with it here. If there is something that I can do better to accomplish this – maybe it’s not as secure as it is supposed to be? I’m not sure – feel free to critique it so I can make it better!

    June 6, 2016 at 4:13 am #242540
    Ilan Firsov
    Participant

    Your current script selects the first column (which is admin_level since you select only this one column) of the first row of the result set.
    You should modify your query to select the admin_level of a specific user by targeting it with a WHERE clause.
    Might be something like the following though it is dependent on your database structure:

    <?php
$conn->prepare("SELECT admin_level FROM users WHERE email = ? ");
$sth->execute(array(
    '[email protected]'
));

    Also I’d suggest not trying to create your own user authentication system. It is quite hard and very prone to security issues.

    June 6, 2016 at 4:25 am #242543
    cscodismith
    Participant

    My current code looks quite similar to look this now. My working live code now looks like the following where it selects the session’s username to capture the admin_level from the current logged in users column:

    $connStr = 'mysql:host=localhost;dbname=heartfx-registration';
$user = 'root';
$pass = '';
// only use $dbuser if logged in:
if (isset($_SESSION['username'])) {
    $dbuser = $_SESSION['username'];
}
// Create the connection object
$conn = new PDO($connStr, $user, $pass);
$sth = $conn->prepare("SELECT admin_level FROM users WHERE username = :username");
$sth->bindParam(':username', $dbuser);
$sth->execute();
$result = $sth->fetchColumn();
  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • The forum ‘Back End’ is closed to new topics and replies.