Register and join over 40,000 other developers!
Recent Topics
-
Print specific values from dictionary with a specific key name
Siten0308 - Jun 20 2019 01:43 PM
-
Learn algorithms and programming concepts
johnnylo - Apr 23 2019 07:49 AM
-
Job Gig PHP Form Needed
PJohnson - Apr 18 2019 03:55 AM
-
How to make code run differently depending on the platform it is running on?
xarzu - Apr 05 2019 09:17 AM
-
How do I set a breakpoint in an attached process in visual studio
xarzu - Apr 04 2019 11:47 AM
Recent Blog Entries
Recent Status Updates
Popular Tags
- networking
- Managed C++
- stream
- console
- database
- authentication
- Visual Basic 4 / 5 / 6
- session
- Connection
- asp.net
- import
- syntax
- hardware
- html5
- array
- mysql
- java
- php
- c++
- string
- C#
- html
- loop
- timer
- jquery
- ajax
- javascript
- programming
- android
- css
- assembly
- c
- form
- vb.net
- xml
- linked list
- login
- encryption
- pseudocode
- calculator
- sql
- python
- setup
- help
- game
- combobox
- binary
- hello world
- grid
- innerHTML

3 replies to this topic
#1
Posted 10 April 2012 - 06:22 PM
Well, I am new to using the session function and I'm getting stuck on one major thing.
I am having users log in to the site, and each user has a set "permissions" value.
The permissions are 0 for customer and 1 for admin.
I am wanting to use the session function to check the users permissions upon login and depending on what that value is depends on what is displayed on the homepage.
If they are admin I want an "Admin Panel" link but if they are a customer I want it hidden. It's the same for a lot of other things aswell.
Any help will be greatly appreciated!!!
I am having users log in to the site, and each user has a set "permissions" value.
The permissions are 0 for customer and 1 for admin.
I am wanting to use the session function to check the users permissions upon login and depending on what that value is depends on what is displayed on the homepage.
If they are admin I want an "Admin Panel" link but if they are a customer I want it hidden. It's the same for a lot of other things aswell.
Any help will be greatly appreciated!!!
#2
Posted 11 April 2012 - 04:01 AM
can you provide us some snippet of your code? or your progress code so far?
so that I can help you correct your code and guide you through the process?
so that I can help you correct your code and guide you through the process?
Life has no CTRL+Z
Never Forget To HIT "LIKE" If I Helped
Never Forget To HIT "LIKE" If I Helped
#3
Posted 11 April 2012 - 04:24 AM
The easiest part is to save the status in the $_SESSION variable, similar to $_SESSION['admin'] = true; or $_SESSION['admin'] = false;
depending on status. Then you can do something like this:
I suppose you already have an active session with everything like start_session() etc?
depending on status. Then you can do something like this:
if ($_SESSION['admin']) { echo "Admin link"; }
I suppose you already have an active session with everything like start_session() etc?
I'm a System developer at XLENT Consultant Group mainly working with SugarCRM.
Please DO NOT send mail or PM to me with programming questions, post them in the appropriate forum instead, where I and others can answer you.
#4
Posted 11 April 2012 - 06:41 AM
say for example you have a database named DBSin that database I have a table named USERS, and in users I have a
USERNAME, PASSWORD, PERMISSION fields... and I have USERNAME = "admin", Password = "pass", PERMISSION="1"
This will be my code for that:
I'm using PDO to connect to database because In my opinion it was for prepared statements and named parameters to avoid SQLinjection
I explain the code in comments
USERNAME, PASSWORD, PERMISSION fields... and I have USERNAME = "admin", Password = "pass", PERMISSION="1"
This will be my code for that:
<?php session_start(); //this function will return the permission of the user public function getPermission($username, $password) { try { $con = new PDO("mysql:host=localhost;dbname=DBS", 'root', ''); //create the connection object $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //set the error mode $sql = "SELECT * FROM USER WHERE username = :username and password = :password"; //this will be my sql query.. notice the :username and :password, those are named parameters $stmt = $con->prepare($sql); //create a prepared statement $stmt->bindValue(":username","admin",PDO::PARAM_STR); //this is where I assign the value of :username $stmt->bindValue(":password","pass",PDO::PARAM_STR); //this is where I assign the value of :password $stmt->execute(); //execute the query $result = $stmt->fetch(); // get the result set $con = null; //close the connection return $result['permission']; //return the permission } catch (PDOException $e) { $con = null; //close the connection echo $e->getMessage(); //if there is error go here for debugging purposes } } // this part will be our login code try{ $con = new PDO("mysql:host=localhost;dbname=DBS", 'root', ''); //the connection object $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //set the error mode $sql = "SELECT * FROM USER WHERE username = :username and password = :password"; //my sql query $stmt = $con->prepare($sql); $stmt->bindValue(":username","admin",PDO::PARAM_STR); $stmt->bindValue(":password","pass",PDO::PARAM_STR); $stmt->execute(); $valid = $stmt->fetchColumn(); //see if there is record $con = null; if( $valid == false ) { echo "Invalid username/password"; //if no record } else { $_SESSION['permission'] = getPermission("admin", "pass"); //if there is record call the getPermission function } } catch(PDOException $e) { $con = null; echo $e->getMessage(); } ?>
I'm using PDO to connect to database because In my opinion it was for prepared statements and named parameters to avoid SQLinjection


Life has no CTRL+Z
Never Forget To HIT "LIKE" If I Helped
Never Forget To HIT "LIKE" If I Helped
Also tagged with one or more of these keywords: session
General Forums →
Mobile Development →
html5 web storage session loginStarted by mutago, 11 May 2014 ![]() |
|
![]() |
||
Language Forums →
PHP →
PHP Session VS. Session issetStarted by Serialcek, 31 Jan 2014 ![]() |
|
![]() |
||
General Forums →
General Programming →
Preventing Session Hijacking?Started by Pally, 20 Dec 2013 ![]() |
|
![]() |
||
Language Forums →
HTML, CSS and Javascript →
Passing PHP session variables to a Jquery/Ajax script.Started by elliottveares, 15 Oct 2013 ![]() |
|
![]() |
||
![]() PHP session set but not being detectedStarted by JakeWelton, 06 Oct 2013 ![]() |
|
![]() |
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download