So I'm trying to make a dummy website where only members who are marked as premium can see certain content. Since it's a dummy website the way this is distinguished is by selecting yes or no on a checkbox while creating an account. But, what I'm having trouble figuring out is how I can have the entire site check to make sure the user is a premium member and not a normal member or guest. On the registration page itself, I figured I could use an if statement to initially mark it like this
if($user['premium'] == 1){
$_SESSION['premium'] = true;
}
but how would I make it so a page like membersonly.php ONLY shows up if the user is a premium member? I'm assuming I'd have to use either a function or a class but I truly do not know what I would need to do inside either.
EDIT
I guess I didn't explain myself clearly enough, not surprising since I posted this at 2am. I don't want to just redirect normal users and guests away from membersonly.php I want it so the link for the membersonly page ONLY shows up on the nav bar if the user has a premium account. Could this be accomplished with an if statement or could I need to create a function or class dedicated to monitoring this?
You can simply do by the following steps:
1. On the button click post event first check if the user is premium or normal
2. Put an if condition that if user is premium then
header('Location: ****.php');
else to the other php file using the same way.
NOTE: you need to add to you database if the user is premium or normal.
I assume you know basic php follow just below steps on your membership page.
Create connection to database.
Fetch user from user id (I think you done use login for it).
check condition where user is premium or not if user is not premium then redirect it to home page.
require_once('connection.php');
// Fetch user details.
if($user['premium'] != 1){
header("location:index.php");
}
Add a flag column in your db table 'is_premium'.Upon saving, if a user is
premium than insert 1 in this flag else 0.Than create a function which checks
if logged in user is premium or not and call this function on start of every
page.following is the implementation of function which checks for premium
user.
function checkPremium(){
if($_SESSION['premium'] == true){
return true;
}else{
header('Location:some_other_page.php');
}
}
Related
I have a link on the settings.php page of my activity module that goes to a clear.php page that truncates a table in the database.
As it stands even guests can still run this function by going to the clear.php themselves by typing in the address bar.
Is there a way to check if a USER is an admin or not? I checked the USER object but couldn't find anything. I can probably check if they are a guest or not with their usernames, but what about the students?
The easiest solution would be to set up the page like this:
require_login();
if (!is_siteadmin()) {
die('Admin only');
}
I am working on darskite project in case of crisis. For this project we want to prepare a specific case.
We need to inform the user visiting our website of the crisis (eg : our factory has an electrical failure). We want to show him this specific page of information only during the first time he comes in our website. For the next visits, he must visit our classical homepage.
How can we target and identify a user to redirect him only once to the alert message (when he first logs in)? Are there any solutions like those for retargeting Google or Facebook via cookies? If Yes, what kind of cookie ?
Our website is powered by Drupal 7. Can Drupal handle this case?
Thank you for your ideas.
From the drupal docs:
https://api.drupal.org/api/drupal/modules!user!user.module/function/user_cookie_save/7.x
What you can do is: You first check if a cookie has been set. If not, then you set it. The next time the user visits your site, he/she will have a cookie so the logic gate will be passed.
Here's an example that you can use in your header file in drupal:
if (!isset($_COOKIE['some_descriptive_cookie_name'])) {
user_cookie_save('some_descriptive_cookie_name');
drupal_goto('temp/page/here', [], 307);
}
drupal_goto is documented here: https://api.drupal.org/api/drupal/includes%21common.inc/function/drupal_goto/7.x
Good luck.
There are two approaches:
You can do it using the JavaScript's localstorage
You can do it using PHP's $_SESSION[' ']
Both will follow the same mechanism, when user loads the webpage for the first time, set a variable as true. Now for the next visits check this variable, if it is set to true, don't load the first page and redirect it to your classical page.
Drupal can handle almost everything.
What I would do is to create a boolean private field in the users profile to store if the user already saw that particular page.
Following this approach you can also make reports about how many users have seen that page, or know if a particular user saw that page. Using fields gives you a lot of power in Drupal.
How can you store this value when the user sees the page? Check the rules module and don't forget to active the rules UI so you can configure this action triggered by the mentioned condition.
You can use hook_user_login.
function MODULE_user_login(&$edit, $account) {
// The user has never logged in before.
if ($account->access == 0) {
// Redirect user when first login.
$_GET['destination'] = 'redirect_url';
}
}
I have a website with 2 types of membership, lets call them "basic" and "premium". What I want to happen is for site links to redirect the user to the relevant profile page based on their membership status, but I don't want there to be too much emphasis on what type of member they are in the url. I'll try to explain it better:
username_1 = Basic Member
username_2 = Premium Member
URL Redirection
website.com/basic.php?user=username_1
website.com/premium.php?user=username_2
Output
website.com/username_1
website.com/username_2
Any ideas how this can be achieved and if it can, how would the direct linking be effected, i.e. typing www.website.com/username_1 directly into the browser?
I assume you already have a working user system, and some kind of routing so that anything after the website.com/ is matched as a username. In the code that handles the user profile page, you have access to the username, and can get the user's profile from that.
Assuming you store the user's membership type in the profile, simply just check for that value and include the appropriate view. Might not be the best practice and how things are usually done, but here's a sample:
$user = get_user_from_db($username);
if ($user->member_type == 'basic') include 'profile/basic.php';
else if ($user->member_type == 'premium') include 'profile/premium.php';
It's not so much of the link redirection that matters. What matters is how you handle the user when loading his or her profile page.
Your case could be resolved with php login system with admin features:
http://evolt.org/node/60384
I'm creating a website in which users can create some profiles.
All profiles must be open for viewing only to users that the creator has chosen. The others won't be seeing them.
Using angular, you can easily create pages using routes, so of each new page you will have something like:
www.example.com/profiles/profile/1
www.example.com/profiles/profile/2
www.example.com/profiles/profile/3
etc.
But, say, you own profile 1,2,3 you can easily view profile/4, profile/5 etc...
How can you implement a system that prohibits viewing, or allows to see less data than the access-granded users?
Thank you.
As told, the answer should be server side. authentications should always be server side..
In your case, you need to query the database only once like you have done so far, actually the correct term will be just sending a http request to your api (as the http requests is doing the db queries). that http request should start by checking what kind of permissions you got and return the appropriate data (limited list of users, a specific user or an error that you don't have access to that specific content).
I hope it makes sense to you.
If using a database you can add a column AccessRights
0 = Basic
1 = Profile 1
2 = profile 1/2
etc
Different integers of AccessRights will let you access different things.
and to stop people with access rights 1 from accessing accessrights 3 material
if ($Accessrights < 3)
{
die("You Cannot View This");
}
it will be up to you to assign a variable for $Accessrights or something.
Hopefully this is something your looking for
So do I have to query the database on each page a user visits? Wouldn't that be too resourceful?
The access system that I want to create is something in the same vein as facebook.
You can see your pages and your friends pages, but you cannot see the private pages.
You can edit your profile, but not othe peoples profile.
Is this the right way to go?
You could check if the user is viewing his own record or if he is allowed to view any record
$iUserType = USER_TYPE_ADMIN; // constant
$iUserId = 5; // this and user type can be stored in session after login
$iViewProfileId = 5; // this should come from the request parameters
if (($iViewProfileId != $iUserId) AND (USER_TYPE_ADMIN != $iUserType)) {
// error, user is not permitted to view the record
}
I recently came across this post on Forrst: http://forr.st/~Nbp and thought it'd be a brilliant idea to try and do something similar to the person under the heading: How do I practice to become perfect when I know nothing?
I have used PHP to store user data (username, email, password) and they can login using those details, however I'm a bit stuck on making a profile for a user account and keeping them logged in?
This isn't a specific profile, just something general, like an about me page for example.
Any links or help would be fantastic! Thanks in advance.
To keep them logged in you need some mechanism that keeps the information of a specific user between the page requests. I would recommend you to search how to work with cookies and/or to work with sessions. These are used to store information between the page requests.
to make a specific profile for a user, you can use the identifier in your database to get the information out. The identifier would be passed through the URL. Example:
www.site.com/user.php?id=15
This would load a user where the identifier is 15.
The general concept of course would be to use sessions which I assume you've got around already, if not, that's the first thing you would like to do.
The profile pages could use a table in your database with all the info like names, interests and descriptions that would be downloaded from the database on said profile pages.
User avatars could be stored as file in formats $username-avatar.png in some directory, and you would use them as images on the profile pages too.
User authentication is queit simple to integrate if all you need to do is get something up and running. Save all the user records to a DB. Have a login form. Once the info is submitted you ll verify them against a db and if found valid retrieve their member id.
$member_id = ValidateUser($username,$password);
Store it in a session
$_SESSION["member_id"] = $member_id;
create a secure function
function secure()
{
if((isset($_SESSION["member_id"])) or ($_SESSION["member_id"] == ""))
{
header("location: login.php");
}
}
add this secure function on top of every page.
Let's assume you want to add an About me section. This is how I will do:
Create a table field in your users table(the same table you use to store username, password, etc) called 'about'. The type of this field must be text.
You must create an edit profile page where you will have a form with a textarea input. After you click the Submit button you must store the value of this input in the database.
If you want to show profile in a page you must use $_GET to retrieve the about information from table users. If you want to show the information in the showprofile.php page, you will go to this url http://yoururl.com/showprofile.php?username=peter
in the showprofile.php you must write:
//you must connect to database
<pre>
$user = $_GET["username"];
$query = "select * from users where username='".$user."'";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($query)!=0) {
while ($row=mysql_fetch_array($query)){
echo 'About me:';
echo $row['about'];
}
} else {
echo 'Not found';
}
</pre>
To do all these things you must work with sessions or cookies.