For a little project I'm doing, I need to restrict user access on my HTML page.
It currently uses PHP, HTML and MySQL database.
What I need to do is have a Admin role and a regular User role, where the website has several tables with data where the Admin will be able to view, edit, remove and add data. While this happens, I only want the regular User to be able to see the tables with no way of messing with them.
I've done some research, but I never found anything for HTML specific pages.
What I've tried was looking up RBAC but I don't know if that is fitting for my kind of problem.
<div class="anonymous">
<center><h1>Welcome Anonymous User!</h1></center>
</div>
<div class="end_user">
<center><h1>Welcome End-User!</h1></center>
</div>
<div class="agent">
<center><h1>Welcome Agent!</h1></center>
</div>
<div class="manager">
<center><h1>Welcome Manager!</h1></center>
</div>
I have found a little bit of this code online, which the mixes it with Js and CSS, however, I am not sure if this is the way to go.
The first thing you should do is create a session variable for the user. Somewhere in your login code you could put the following:
$_SESSION["user_role"] = "admin"; // if the admin were logging in
Then when the user loads a webpage, you can check the session and build the HTML based on the permissions that user has.
<html><body>
<?php
if ($_SESSION["user_role"] == "admin")
echo "<p> This text is only visible to an admin! </p>"
else
echo "<p> This text is visible to non-admins. </p>"
?>
</body></html>
Related
im working in wordpress. I have 3 users in it, and inside my wordpress dashboard login i have a customized html widget with custom data. This widget has 3 divs
If any of these users log in, can see the 3 divs. But what i want to do is display a specific div for a specific user.
Lets say i have:
<div class=“user1”></div>
<div class=“user2”></div>
<div class=“user3”></div>
and i want to “user_id=3” only see the next:
<div class=“user3”></div>
and if user 2 log in, can see the div with class “user2” and hide the others
in wordpress, each user name as for ex: user_id=3
Can anyone who understand php and wordpress help me with this?
Thanks!
You should use PHP to identify the user and then show the appropriate content. This way the page only contains the data the user should see. If you have multiple <div> elements then you have to include them all every time. This creates data leaks and security vulnerabilities.
The Problem
Consider this:
Your page has these div elements like you suggested
<div class="user1">User1 Information</div>
<div class="user2">User2 Information</div>
<div class="user3">User3 Information</div>
When user1 logs in, you only show the div with class='user1'. The problem is, that you still include in the page the information for user2 and user3. That's a bad practice, because a skilled user can easily obtain that information by viewing the page's source code.
The Right Way
You should use the PHP script to identify the user and then print the widget that you want them to see. The code below is a generalized Wordpress script that you will need to adapt to your need.
$user = wp_get_current_user();
$user_id = $user->ID;
switch($user_id) {
case 1: //user1 id
//show user1 widget
break;
case 2: //user2 id
//show user2 widget
break;
case 3: //user3 id
//show user3 widget
break;
}
Here, you only show the widget that the user should see. This is not the only way to accomplish this and your need with dictate your script. You can use if statements or use the switch statement or put all the code in a function to contain it all. The solution is up to you, but I hope this gets you pointed in the right direction.
I'm pretty new to PHP and I need to make a login system and I need to check if the user has certain permission, then show something on the page. Let me give a pseudo-code example:
IF USER HAS PERMISSION "CONTACTS" OR USER HAS PERMISSION "ALL"
SHOW CONTACTS LINK
I've been using DevDojo's php login script, and I wanted something similar or an adaption of that code with a multi-level system.
I've tried many things here on SO but none of them really fit my needs, I need to use something like if $user->hasPermission("contacts"). because as I have many features, levels like 1, 2 and etc. won't fit, and admin or not also won't. I'm pretty newbie, so explanation is welcome! Thanks in advance.
If you have 3 different levels of user with 3 being the master level...
When the user logs in, set a PHP variable to the permission value set in the database.
Create your template containing all visible content. Decide which sections will be hidden to users at each level and use PHP if statements to prevent blocks being loaded to the page.
A very basic example would be
<?php $level=2; ?>
<img src="http://someimg.com/img.jpg" alt="level 1">
<?php if($level >= 2){ ?>
<img src="http://someimg.com/img.jpg" alt="level 2">
<?php }
if($level == 3){?>
<img src="http://someimg.com/img.jpg" alt="level 3">
<?php }?>
In this example the variable $level represents the user level, this is followed by 3 images. The first image is available to all level users, the second image is available to user level 2 & above and the third is only visible to master level users. You can see the changes when you change "$level=2" to a value of 1 or 3.
I'm creating an inline CMS using ckeditor. The idea is:
Client logs into admin area
Login beings a session
Client is directed to pages on their website where they can edit predefined regions
The regions are specified with the contenteditable attribute:
<div contenteditable="true">
safsdfdfsdfdfsdfsdfds
</div>
Since a session is created when the client logs in, I've written some PHP that knows to enable ckEditor and all the CMS functionality if the client is logged in.
The issue I have, is when not logged in, contenteditable="true" on divs still allows you to edit them without a WYSIWYG as the default behaviour for the browser. Obviously this is no good. How do I stop users being able to edit the page?
You could setup the divs like that:
<div data-contenteditable="true">
And have a JavaScript (if in admin mode) go over all divs (document.getElementsByTagName("div")) and if they have data-contenteditable set the real contenteditable.
Otherwise let the server only include contenteditable if in admin mode
In PHP:
Create first a function that returns true if the user is logged in, then, for each editable region (in your views):
<div<?php if (your_login_check_function()) echo ' contenteditable="true"'; ?>>Lorem ipsum</div>
It's a bit tedious but it should work.
Or in jQuery (as proposed by Moritz):
Add a data-contenteditable="true" to your editable nodes, then add a script to the end of the page when the user is logged in:
<script>$('[data-contenteditable]').attr('contenteditable', true);</script>
I am trying to get people that are not logged in to log in by linking them to the log in fields in the sidebar.
So far I managed to accomplish this:
<?php comment_form(array(must_log_in => sprintf(__('You must be logged in to comment.')))); ?>
So I am using the Login with AJAX widget, or I could just place the plugin's template tag in there which is <?php login_with_ajax() ?>. Right before the widget I have placed <a name="reg"></a>, so when they click the link to log in they get to where the log in form is, but they are not placed in the username field. Is there a way (I doubt it) where I can place the focus in the username field? That is to have a blinking cursor in there?
"It is not possible" is also an acceptable answer, so I can move onto my next problem.
Assuming something like <input type="text" id="username">, you could use
document.getElementById("username").focus();
in JavaScript.
I am currently working on a member login script that uses PHP, Mysql, and Jquery (What I need help with only pertains to the PHP and Mysql database though). I am using a tutorial/script for this: Tutorial
So my scripting at the moment looks similar to the coding in the tutorial, with changes for my specific Mysql database. What I am currently trying to achieve is that once a user is logged in, I want specific information to be shown to them, such as their name, rank, etc. I have rows in the mysql database for this that also houses the ID, username, etc. Specifically, there is a spot that I want it to show in the script, which is shown in the "demo.php" part:
<?php
// FROM TUTORIAL PAGE
if(!$_SESSION['id']):
?>
[...]
<?php
else:
?>
<div class="left">
<h1>Members panel</h1>
<p>You can put member-only data here.
</p>
View a special member page
<p>- or -</p>
Log off
</div>
<div class="left right">
</div>
<?php
endif;
?>
Where it says "you can put member-only data here", I want the code to pull from the database to show the information I want specific for the username logged in. For example, if user "dan124" is logged in, where member-only data is, I want it to show dan124's current rank, points accumulated, stuff like that. An example is one row that I want pulled from the database is "pts".
I have tried several different codes and tinkered with some stuff I have found, but I cannot get what I'm trying to achieve. I know my way around basic database pulls, but this is my first time working specifically with logged in user based info.
If anyone can help with this, I'd really appreciate it. I'm sure I'm not the first person who has used the tutorial I'm working with and wanted this kind of information pull, I just can't find anything! If you need more info, let me know.
Ok so much thanks to Tom Haws whose answer helped me figure out the coding I needed with some of the coding he provided. After a lot of trial and error, I managed to work out the php coding to pull specific information out of a persons database and show it when they're logged in. This is the coding I got it to work with:
<?php
if($_SESSION['id'])
$result = mysql_query("SELECT * FROM database WHERE `id` = $_SESSION[id]")
or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
echo '<b>Points Accumulated:</b>' .$row['pts'];
echo '<br>';
echo '<b>Rank:</b>' .$row['rank'];
}?>
This resulted in the logged in user being shown ONLY HIS/HER points and rank, which is what I was trying to achieve.
I may be misunderstanding what you are asking, but I am hearing that you need help with the basic database architecture and SQL.
A very common way to use MySQL would be to have a visitor table that looks like this:
visitor_id|visitor_login_name|visitor_current_rank|visitor_points_accumulated
----------|------------------|--------------------|---------------------------
1 |dan124 |veteran |1254
6892 |mary8 |honored guest |1
Now, for the life of me I don't know how you are getting the visitor logged in without doing more complicated things than this already, but assuming you have them logged in with their login_name available as a session variable, you would use the following query to get the info you want.
$query = "SELECT * FROM `visitor` WHERE `visitor_login_name` = $_SESSION[visitor_login_name]";
Then you will run that query, and the results will have the information you need as members of the result array, like this:
$rank = $result['visitor_current_rank'];
If you can give me some feedback as to how well I have guessed your intent, we can move a little further from here.