StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>As I seem to be answering with a lot today, I have <a href="https://github.com/HirotoKun/admin-panel/blob/master/admin/private.php#L20" rel="nofollow noreferrer">an admin panel on github</a> that seems to answer a lot of common questions about php logins. In your case, you would simply fetch <code>type</code> from your database and use that. Note that you must provide the <code>WHERE</code> statement in your SQL otherwise you will not have that user's information. You will have <em>every piece of it in that table</em>.</p> <p>The following makes use of <a href="http://php.net/manual/en/mysqli.prepare.php" rel="nofollow noreferrer">prepared queries</a>. <a href="http://www.php.net/manual/en/faq.databases.php#faq.databases.mysql.deprecated" rel="nofollow noreferrer"><code>mysql_*</code> functions are <strong>deprecated</strong></a> (no longer supported; see <a href="https://stackoverflow.com/questions/12859942">this SO question</a>)</p> <pre><code>function get_user_array() { /* Does all of the heavy lifting for getting user stats. */ $db = new db(); // where db() is an abstraction class that implements mysqli and adds login details. if (isset($_SESSION["id"])) { $sid = $_SESSION["id"]; if ($query = $db->prepare("SELECT id, name, status FROM `users` WHERE id=?")) { $query->bind_param("i", $sid); // i = integer $query->execute(); $query->bind_result($id, $name, $status); $query->fetch(); $query->close(); $db->close(); return array("name" => $name, "status" => $status, "id" => $id); } else { return false; } } else { return false; } } </code></pre> <p>My suggestion is also to use a user id, and find everything from the database. That way, if their username changes, the whole site doesn't blow up on their page load.</p> <hr> <p>The actual comparison would be:</p> <pre><code>$user = get_user_array(); if (@$user["type"] != 'admin') { // @ error-handling will make it NULL anyway. header("Location: index.php"); // note: this must be sent BEFORE any output! } </code></pre> <p>And the fast comparison to check if a normal user is logged in (<code>if logged_in()</code>, for instance):</p> <pre><code>$user = get_user_array(); if (!@$user["id"]) { // continue only if logged in // not logged in handle } </code></pre> <hr> <p>Note: <code>db()</code> is this class (it is great to override the mysqli public functions to shorten code in the long run, provided you call the parent):</p> <pre><code>class db extends mysqli { public function __construct($a = DB_HOST, $b = DB_USER, $c = DB_PASS, $d = DB_NAME, $persistent = true) { if ($persistent) { parent::__construct("p:" . $a, $b, $c, $d); } else { parent::__construct($a, $b, $c, $d); } } } </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload