Please note, similar questions have been asked multiple times.
**** Though, not this one as far as my search goes! ****
The goal:
I need help on how to build a script that shows the page with user settings. It should be based on account level and if the user_id matches with the variable of 'id' in the url. So, basically.. the admin should always be able to see the user settings no matter if the user_id matches the 'id' from the url.
The problem:
I can't get it to work with the two variables (user status = 'id' in url, and if the user is admin? Then always show) in a good way, since I don't want to duplicate the "juicy" stuff in two places.
My current state:
I'm thinking something like this:
#DB:USERS
user_id user_name user_level ....
1 ADAM 3 (admin)
2 BRYAN 1 (suspended)
3 CODY 2 (user)
4 DAVID 3 (admin)
CODE:
<?php
// Get the logged in user data..
$sql = "SELECT * FROM users where user_name = '".$_SESSION['username']."'";
$user_level = $row["user_level"];
$query... (SELECT * #DB:USERS);..
$url_id = $_GET['id'];
$user_id = $row['user_id'];
if ($url_id == $user_id) {
#Show all the juicy user setting stuff#
} else {
echo 'ACCESS DENIED';
}
?>
So far so good, but how to add the step that says, if the user status is equal to 3 (admin).. then show the jucy stuff anyway?
Thanks in advance!
If I understood your question, you need to test if user is admin in addition of the test of user ID, use or condition :
// not sure of variable name for userlevel
if ($url_id == $user_id || $_SESSION['userlevel'] == 3) {
#Show all the juicy user setting stuff#
} else {
echo 'ACCESS DENIED';
}
Related
I am trying to make a login system for normal user and AdminUser. If a normal user types in browser http://localhost/project the login screen comes in and user can login using his Id and Password. But while logged in if user types in browser http://localhost/project/admin the normal user also gets the access in adminpanel which i want to stop. How can I do that ?I am stuck here for long time. Any Help Please?
Login for user:
$query = "SELECT * FROM user WHERE eid='$eid'and password='$password'";
$result = $db->select($query);
if ($result != false) {
$value = $result->fetch_assoc();
Session::set("login", "userLogin");
Session::set("username", $value['username']);
Session::set("email", $value['email']);
Session::set("uid", $value['uid']);
Session::set("image", $value['image']);
header("Location: index.php");
} else { $loginErr = "Username
or Password Not Matched !!";}
Session function for User:
public static function checkSession(){
self::init();
if (self::get("userLogin")!== false) {
self::destroy();
header("Location:login.php");
}
}
Session check for User:
Session::checkSession();
Login for admin
$query = "SELECT * FROM afcadmin WHERE adminname='$adminname'and password='$password'";
$result = $db->select($query);
if ($result != false) {
$value = $result->fetchassoc();
Session::set("loginadmin", "adminLogin");
Session::set("adminname", $value['adminname']);
Session::set("adminemail", $value['adminemail']);
Session::set("adminid", $value['adminid']);
header("Location: index.php");
} else {
$loginErr = "Usernameor Password Not Matched !!";
}
Session function for admin:
public static function checkSessionAdmin(){
self::init();
if (self::get("adminLogin")!== false) {
self::destroy();
header("Location:login.php");
}
}
Session check for admin
Session::checkSessionAdmin();
You don't have to be using different tables for the user and admin login. You just need a column that will help you check if a user has admin privileges. For example: You could create an is_admin column and set it's value to 1 if the user is an admin and 0 if he/she isn't.
# Your query
$stmt = "SELECT
users.id as uid,
users.username as username,
users.is_admin as is_admin
FROM users
WHERE users.username='{$username}'
AND users.password='{$password}'
LIMIT 1
";
You then add the results to a session like you are doing already.
var_dump($_SESSION['user']);
Array {
'uid' => '125',
'username' => 'SomeGuy',
'is_admin' => '1',
}
Your session will now contain a value is_admin and so you can check if a user is an administration by using a simple if statement.
if ($_SESSION['user']['is_admin'] == 1) {
// Admin only stuff here
}
As I can see you having two separate tables for user and admin to store their data, so i think that shouldn't be any problem for your query, when its for user we can not stop to brows them any page.
But if user can use its own detail to log in admin panel that means you have multiple data in your both table, that may be caused because of you may insert same data in both table or there is something wrong in your insert Query.
But as a solution i think its better to add Roles field in both database which define where there its user or admin and after your select query make if condition to check if they fall in with your requirements and than set the session.
But From My point of view best thing is to have single Table for both Users and Admin to store all comment data and make Admin table to store user_id and some priority. when you make checking query check where there user_id is belongs to admin table or not and define them as admin or user and than set session.
This may solve your issue, but if need more help let me know.
You can have user_type field in the database and in the admin session you can see if the user_type is admin or customer. If its admin then redirect him to the admin dashboard otherwise to the customer dashboard. In the admin header, put a check for the same.
Hope this helps.
I've found the solution. I replaced the following code.
Code for User login:
Replaced Session::set("login", "userLogin"); by Session::set("login", "true");
Code for Session Function User:
Replaced if (self::get("login")!== false) by if (self::get("login")== false)
Code for Admin login:
Replaced Session::Session::set("loginadmin", "adminLogin"); by Session::set("adminlogin", "true");
Code for Session Function Admin:
Replaced if (self::get("adminlogin")!== false) by if (self::get("adminlogin")== false)
I'm trying to build voting system for my web page (Laravel 5). Now, any user can vote multiple times, I want to fix it.
Here is my code in php:
public function addVote()
{
$bikepoint = $this->bikepoint->find($id);
$userid = \Sentry::getUser()->id;
$votesid = \DB::table('bikepoints')->select('votesuid')->where('votesuid', 'LIKE' , $userid)->get();
if (...) {
$bikepoint->votes = $bikepoint->votes + 1;
$bikepoint->votesuid = $bikepoint->votesuid . $userid . '; ';
echo 'Success!';
}
else {
echo 'Fail!';
}
$bikepoint->save();
}
My DB table:
id title votes votesuid
1 point1 2 93; 22;
2 point2 3 92; 28; 47;
3 point3 45 ...
4 point4 32 ...
5 point5 12 ...
So when user click the "Add vote" button, a function adds its ID to the votesuid field and one vote to the votes field.
I want to check if the user has already voted by checking if his ID is placed in the votesuid field. And, if so, the user cannot vote anymore.
For example, users with IDs 92, 28 and 47 should not be able to vote another time.
As suggested by others in the comments, yes, you do need to change your system so that each vote has it's own record on a table.
So create a Votes table and a Laravel model class for it, and give your Users model class a hasMany() relationship to Votes.
That's actually not too much work, is it?
But now then the solution to your question becomes trivially easy -- ie:
$votes = Sentry::getUser()->votes;
As things stand, you would need to do sub-string LIKE queries, which are much harder to write, and will also give you major performance problems when your DB starts getting bigger, so yes, you definitely need to be refactoring it now.
I have the following code:
MODEL:
function check_account($account_details){
$query = $this->db->get_where('admin', array('username' => $account_details['username'] ,
'password' => $account_details['password']) )->result_array();
if(!empty($query)){
return 'Admin';
}
else{
$query2 = $this->db->get_where('user_mst', array('username' => $account_details['username'],
'password' => $account_details['password']) )->result_array();
if(!empty($query2)){
return 'User';
}
else return FALSE;
}
}
I only posted my model because view only consist of input fields for username and password and in the controller it only retrieves the data inputted and passed on to the function in the model. The above code snippet is the function which was called by the controller.
I only have 1 log in page, it checks first if the account inputted exists in the admin table, if not, then checks if it exists in the user table. IF the account inputted does not belong to the 2 tables, it returns false.
I checked admin table first because accounts in the admin belongs to the minority. whereas in the user will be most of the majority accounts. For example, if i have 5 admin accounts and 1000 user accounts.
Instead of checking if the account inputted is one of those 1000 it firsts checks if it belongs to the 5 in the admin table.
Hope my explanation is clear or at least understandable.
My question is, when i input say, SampleAccount as username even though in the database its all in small caps it still returns as though its the same.
SampleAccount(inputted) = sampleaccount(database) - should not return in the query.
Also, i would like to read some professional's opinion on how im checking the account, or should i just make 2 login pages for both user and admins.
foreach($query as $arr => $result){
if($account_details['username'] == $result['username']){
echo ' equal';
}
else echo ' not equal';
}
If inputted is UseRname and in the database it is Username then this is ideal.
But is there anyway, to add this in the query itself?
get_where(); like limit, etc.
bro you had big mistake make 1 table but make coulmn name it role
check if 1 user 2 admin
function premission_check($role){
switch($role){
case 1 :
return 'user';
break;
case 2 :
return 'admin';
break;
default :
return 'bad role'
break;
}}
I am building a friendship system in CakePHP that uses two tables: Users and Friends.
In Users (id,username,email,password) and Friends (id,user_from,user_to,status)
A user requests another user to be friends and this creates a record in the friends table storing both the user ids and setting a status of 'Requested'. The user can either accept the friendship and the status changes to 'Accepted' or cancel the friendship and the record is deleted from the database.
An example link for the request looks like and could be shown either in a users list or on the users details page:
<?php echo $this->Html->link('Add as Friend', array('controller'=>'friends','action'=>'add_friend',$user['User']['id'])); ?>
Question 1 is how could I make this link change to a cancel request link if the user has a request against them or is already friends?
This link corresponds to the following method in the controller:
function add_friend ( $id )
{
if(!empty($this->data))
{
$this->Friend->Create();
if($this->Friend->save($this->data))
{
$this->Session->setFlash('Friendship Requested');
$this->redirect(array('controller'=>'users','action'=>'login'));
}
}
}
So we are passing the ID to the method which will be the user_to and then the 'user_from' needs to be the currently logged in user and set the status to 'Requested'. Question 2 is how to do I do this? Also how do I prevent a user from creating multiple records by just calling that method over and show a message saying you've already requested friendship.
The next method is:
function accept_friendship ( $id )
{
$this->Session->setFlash('Friendship Accepted');
$this->redirect(array('controller'=>'friends','action'=>'index'));
}
}
}
Question 3: But again I'm confused as to how I would change the status of the record and mark the users as friends when the method is called. Also need to prevent this from being called multiple times on the same record.
The final bit is listing the friends for the user or another user:
function users_friends( $id )
{
$this->set('friends', $this->Friend->find('all'));
}
function my_friends()
{
$this->set('friends', $this->Friend->find('all'));
}
As you can see the first method requires the id of the user you are viewing and then the second method will use the currently logged in user id. Question 4: How do I then use this to list the friends of that user?
If anyone can help put me on the right track with this it'd be much appreciated as I've ground to a halt and not sure how to do those 4 things and trying to learn CakePHP as best I can so help is much appreciated. Thanks
EDIT: It has occurred to me that a view with hidden fields could be used to store the information regarding the friend request that the user confirms but this isn't ideal as it means sending the user off somewhere else when in fact I want to just run the function and do the redirect straight off. NOT AJAX THOUGH!
Answer 1 and 2:
function add_friend ( $id )
{
if(!empty($this->data))
{
$this->Friend->Create();
if($this->Friend->save($this->data))
{
$this->Session->setFlash('Friendship Requested');
$this->redirect(array('controller'=>'users','action'=>'login'));
}
}
if(empty($this->data))
{
$this->set('friends', $this->Friend->find('all',array('Friend.id'=>$id));
}
}
<?php
if($friends['Friend']['status']=="Requested")
{
echo $this->Html->link('Request Pending', '#');
}
else if($friends['Friend']['status']=="Accepted")
{
echo $this->Html->link('Already Friend', '#');
}
else
{
echo $this->Html->link('Add as Friend', array('controller'=>'friends','action'=>'add_friend',$user['User']['id']));
}
?>
Answer 3 and 4:
funcrion friendlist($user_id)
{
$session_user_id = $this->Session->read('Auth.User.id')
if($user_id == $session_user_id )
{
$user_to = $session_user_id ;
}
else
{
$user_to = $user_id;
}
$this->Friend->find('all',array('Friend.user_to'=>$user_to,'Friend.status'=>'Accepted')
}
Answer 3 is something like this:
function accept_friendship ( $id ) {
$this->Friend->id = $id;
$current_status = $this->Friend->field('status');
if($current_status=='Requested') {
$this->Application->saveField('status', 'Accepted');
}
$this->Session->setFlash('Friendship Accepted');
$this->redirect(array('controller'=>'friends','action'=>'index'));
}
Essentially get the ID of the friend request, check the status field, and if it's equal to Requested, then update it to Accepted. This way it will only be called once.
And also to prevent people from repeatedly "accepting" a friend, just remove the "Accept" link once it's been accepted. The if statement stops your code from updating unnecessarily.
You should also put some kind of prevention in place so that only the requested friend can accept the request. Otherwise I could type the URL yoursite.com/friends/accept_friendship/123 and accept a random persons request without any authentication.
When a user enters his login information and hits submit, i want to check if the user already exists or not.
So, i have the following two questions
1. Which hook is needed to be implemented , for the case when user hits the submit button on the login form. I need the username entered by the user.
2. How to check if a user already exists in drupal or not programmatically ?
Some sample code would be really appreciated.
Please help.
Thank You.
Drupal 7 provides a function to get a user object by name :
$user = user_load_by_name($name);
if(!$user){
// User doesn't exist
}
else {
// User exists
}
http://api.drupal.org/api/drupal/modules%21user%21user.module/function/user_load_by_name/7
This can be done with hook_form_alter:
function module_(&$form, &$form_state, $form_id) {
$user_login_forms = array('user_login', 'user_login_block');
if (in_array($form_id, $user_login_forms)) {
$form['#validate'][] = 'my_validate_function';
}
}
function my_validate_function(&$form, &$form_state) {
$name = $form_state['values']['name'];
// Drupal 6:
if (!db_result(db_query("SELECT COUNT(*) FROM {users} WHERE name = '%s';", $name))) {
// User doesn't exist
}
// Drupal 7:
if (!db_query("SELECT COUNT(*) FROM {users} WHERE name = :name;", array(':name' => $name))->fetchField()) {
// User doesn't exist
}
}
It's better to query the DB directly in this case than than using user_load as it hooks into other modules as well.
In Drupal 7, substitute for this in the validation function:
if (!db_query("SELECT COUNT(*) FROM {users} WHERE name = :name", array(':name' => $name))->fetchField()) {
// User doesn't exist
}
I realize this is almost 2 years old, but user_authenticate does this nicely.
$existing_user = user_authenticate($name,$password);
if($existing_user)
// user exists
else
// user doesn't exist
Hope this helps someone else.
You can try to look on these 2 modules for inspiration: friendly_register and username_check.