ok, I have set up a basic membership system where I have groups in my db (members, admin and moderator).
the groups have 3 fields, id, name and permission. members I have left permission blank, admin has {"admin": 1
"moderator": 1} and moderator has {"moderator": 1}.
I have a simple function in a user.php file in a folder classes
function
class User {
public function hasPermission($key) {
$group = $this->_db->query("SELECT * FROM groups WHERE id = ?", array($this->data()->group));
if($group->count()) {
$permissions = json_decode($group->first()->permissions, true);
if($permissions[$key] === 1) {
return true;
}
}
return false;
}
}
then in a file admin.php I have a simple bit of code that should show a echo if the users logged in is admin
ps: I have required the init.php file that has my classes/User.php file required so that I do not need to call several files.
code
<?php
}
if($user->hasPermission('admin')) {
echo '<p>You are a admin!</p>';
} else {
echo 'You need to log in or register!';
}
?>
from this when a admin is logged in a echo should be displayed, unfortunately I am just getting a blank page.
Question
So my question is dose anyone know why this is not working as I have a admin permission set user logged in and am getting nothing on admin.php?
groups table
users table
Ok so for some reason the You need to log in or register! echo shows it dose not recognise when a admin is logged in.
all im trying to do is allow different groups different page accsess
Alright, since my previous answer was deleted.. here's another go.
Your problem is the type-safe comparison you do here:
if($permissions[$key] === true) {
return true;
}
Your array is filled from a json object {"moderator": 1}, which translates to array('moderator' => 1) in php. You are comparing a boolean true with an integer 1 using a type-safe comparison. That will fail because the types do not match. See http://php.net/manual/en/language.operators.comparison.php for more detail.
You can remedy this by either using type-unsafe comparisons or by converting your $permissions to booleans.
if ((bool)$permissions[$key] === true) // Both are now of type boolean and will be compared.
or
if ($permissions[$key] == true) // Will compare 1 and TRUE, which will result in TRUE.
Related
I am trying to make a login system for normal user and AdminUser. If a normal user types in browser http://localhost/project the login screen comes in and user can login using his Id and Password. But while logged in if user types in browser http://localhost/project/admin the normal user also gets the access in adminpanel which i want to stop. How can I do that ?I am stuck here for long time. Any Help Please?
Login for user:
$query = "SELECT * FROM user WHERE eid='$eid'and password='$password'";
$result = $db->select($query);
if ($result != false) {
$value = $result->fetch_assoc();
Session::set("login", "userLogin");
Session::set("username", $value['username']);
Session::set("email", $value['email']);
Session::set("uid", $value['uid']);
Session::set("image", $value['image']);
header("Location: index.php");
} else { $loginErr = "Username
or Password Not Matched !!";}
Session function for User:
public static function checkSession(){
self::init();
if (self::get("userLogin")!== false) {
self::destroy();
header("Location:login.php");
}
}
Session check for User:
Session::checkSession();
Login for admin
$query = "SELECT * FROM afcadmin WHERE adminname='$adminname'and password='$password'";
$result = $db->select($query);
if ($result != false) {
$value = $result->fetchassoc();
Session::set("loginadmin", "adminLogin");
Session::set("adminname", $value['adminname']);
Session::set("adminemail", $value['adminemail']);
Session::set("adminid", $value['adminid']);
header("Location: index.php");
} else {
$loginErr = "Usernameor Password Not Matched !!";
}
Session function for admin:
public static function checkSessionAdmin(){
self::init();
if (self::get("adminLogin")!== false) {
self::destroy();
header("Location:login.php");
}
}
Session check for admin
Session::checkSessionAdmin();
You don't have to be using different tables for the user and admin login. You just need a column that will help you check if a user has admin privileges. For example: You could create an is_admin column and set it's value to 1 if the user is an admin and 0 if he/she isn't.
# Your query
$stmt = "SELECT
users.id as uid,
users.username as username,
users.is_admin as is_admin
FROM users
WHERE users.username='{$username}'
AND users.password='{$password}'
LIMIT 1
";
You then add the results to a session like you are doing already.
var_dump($_SESSION['user']);
Array {
'uid' => '125',
'username' => 'SomeGuy',
'is_admin' => '1',
}
Your session will now contain a value is_admin and so you can check if a user is an administration by using a simple if statement.
if ($_SESSION['user']['is_admin'] == 1) {
// Admin only stuff here
}
As I can see you having two separate tables for user and admin to store their data, so i think that shouldn't be any problem for your query, when its for user we can not stop to brows them any page.
But if user can use its own detail to log in admin panel that means you have multiple data in your both table, that may be caused because of you may insert same data in both table or there is something wrong in your insert Query.
But as a solution i think its better to add Roles field in both database which define where there its user or admin and after your select query make if condition to check if they fall in with your requirements and than set the session.
But From My point of view best thing is to have single Table for both Users and Admin to store all comment data and make Admin table to store user_id and some priority. when you make checking query check where there user_id is belongs to admin table or not and define them as admin or user and than set session.
This may solve your issue, but if need more help let me know.
You can have user_type field in the database and in the admin session you can see if the user_type is admin or customer. If its admin then redirect him to the admin dashboard otherwise to the customer dashboard. In the admin header, put a check for the same.
Hope this helps.
I've found the solution. I replaced the following code.
Code for User login:
Replaced Session::set("login", "userLogin"); by Session::set("login", "true");
Code for Session Function User:
Replaced if (self::get("login")!== false) by if (self::get("login")== false)
Code for Admin login:
Replaced Session::Session::set("loginadmin", "adminLogin"); by Session::set("adminlogin", "true");
Code for Session Function Admin:
Replaced if (self::get("adminlogin")!== false) by if (self::get("adminlogin")== false)
I have the following code:
MODEL:
function check_account($account_details){
$query = $this->db->get_where('admin', array('username' => $account_details['username'] ,
'password' => $account_details['password']) )->result_array();
if(!empty($query)){
return 'Admin';
}
else{
$query2 = $this->db->get_where('user_mst', array('username' => $account_details['username'],
'password' => $account_details['password']) )->result_array();
if(!empty($query2)){
return 'User';
}
else return FALSE;
}
}
I only posted my model because view only consist of input fields for username and password and in the controller it only retrieves the data inputted and passed on to the function in the model. The above code snippet is the function which was called by the controller.
I only have 1 log in page, it checks first if the account inputted exists in the admin table, if not, then checks if it exists in the user table. IF the account inputted does not belong to the 2 tables, it returns false.
I checked admin table first because accounts in the admin belongs to the minority. whereas in the user will be most of the majority accounts. For example, if i have 5 admin accounts and 1000 user accounts.
Instead of checking if the account inputted is one of those 1000 it firsts checks if it belongs to the 5 in the admin table.
Hope my explanation is clear or at least understandable.
My question is, when i input say, SampleAccount as username even though in the database its all in small caps it still returns as though its the same.
SampleAccount(inputted) = sampleaccount(database) - should not return in the query.
Also, i would like to read some professional's opinion on how im checking the account, or should i just make 2 login pages for both user and admins.
foreach($query as $arr => $result){
if($account_details['username'] == $result['username']){
echo ' equal';
}
else echo ' not equal';
}
If inputted is UseRname and in the database it is Username then this is ideal.
But is there anyway, to add this in the query itself?
get_where(); like limit, etc.
bro you had big mistake make 1 table but make coulmn name it role
check if 1 user 2 admin
function premission_check($role){
switch($role){
case 1 :
return 'user';
break;
case 2 :
return 'admin';
break;
default :
return 'bad role'
break;
}}
I have a Drupal 7 site, and I would like to print out inside the profile page some field content, according to the role of the profile user (not the logged in user).
I need to show a specific field only if the profile owner does not have role autor:
<?php
if (!in_array('autor', array_values($user->roles))) {
print drupal_render(field_view_field('profile2', $profile['main'], 'field_nombrecompleto1', 'value'));
}
else {print "yada yada";}
Note: The profile field in question, is a rofile2 field and not a core profile one.
What´s wrong with that code? Because it will print out the field in question in any case, regardless of the role of the profile owner.
I´ve tried this other code, and in this case the field won´t print out in any case:
<?php
if (is_array($user->roles) &&
in_array('authenticated user', $user->roles) &&
!in_array('autor', $user->roles)) {
print drupal_render(field_view_field('profile2', $profile['main'], 'field_nombrecompleto1', 'value'));
}
?>
Here is how this is accomplished in Drupal 7 when modifying the form for editing your profile:
function MYMODULE_form_profile2_edit_main_form_alter(&$form, $form_state) {
global $user;
$roles = $user->roles;
if(!in_array('authenticated user', $roles)) {
$form['profile_main']['MY_FIELD_ID']['#access'] = FALSE;
}
}
I am building a friendship system in CakePHP that uses two tables: Users and Friends.
In Users (id,username,email,password) and Friends (id,user_from,user_to,status)
A user requests another user to be friends and this creates a record in the friends table storing both the user ids and setting a status of 'Requested'. The user can either accept the friendship and the status changes to 'Accepted' or cancel the friendship and the record is deleted from the database.
An example link for the request looks like and could be shown either in a users list or on the users details page:
<?php echo $this->Html->link('Add as Friend', array('controller'=>'friends','action'=>'add_friend',$user['User']['id'])); ?>
Question 1 is how could I make this link change to a cancel request link if the user has a request against them or is already friends?
This link corresponds to the following method in the controller:
function add_friend ( $id )
{
if(!empty($this->data))
{
$this->Friend->Create();
if($this->Friend->save($this->data))
{
$this->Session->setFlash('Friendship Requested');
$this->redirect(array('controller'=>'users','action'=>'login'));
}
}
}
So we are passing the ID to the method which will be the user_to and then the 'user_from' needs to be the currently logged in user and set the status to 'Requested'. Question 2 is how to do I do this? Also how do I prevent a user from creating multiple records by just calling that method over and show a message saying you've already requested friendship.
The next method is:
function accept_friendship ( $id )
{
$this->Session->setFlash('Friendship Accepted');
$this->redirect(array('controller'=>'friends','action'=>'index'));
}
}
}
Question 3: But again I'm confused as to how I would change the status of the record and mark the users as friends when the method is called. Also need to prevent this from being called multiple times on the same record.
The final bit is listing the friends for the user or another user:
function users_friends( $id )
{
$this->set('friends', $this->Friend->find('all'));
}
function my_friends()
{
$this->set('friends', $this->Friend->find('all'));
}
As you can see the first method requires the id of the user you are viewing and then the second method will use the currently logged in user id. Question 4: How do I then use this to list the friends of that user?
If anyone can help put me on the right track with this it'd be much appreciated as I've ground to a halt and not sure how to do those 4 things and trying to learn CakePHP as best I can so help is much appreciated. Thanks
EDIT: It has occurred to me that a view with hidden fields could be used to store the information regarding the friend request that the user confirms but this isn't ideal as it means sending the user off somewhere else when in fact I want to just run the function and do the redirect straight off. NOT AJAX THOUGH!
Answer 1 and 2:
function add_friend ( $id )
{
if(!empty($this->data))
{
$this->Friend->Create();
if($this->Friend->save($this->data))
{
$this->Session->setFlash('Friendship Requested');
$this->redirect(array('controller'=>'users','action'=>'login'));
}
}
if(empty($this->data))
{
$this->set('friends', $this->Friend->find('all',array('Friend.id'=>$id));
}
}
<?php
if($friends['Friend']['status']=="Requested")
{
echo $this->Html->link('Request Pending', '#');
}
else if($friends['Friend']['status']=="Accepted")
{
echo $this->Html->link('Already Friend', '#');
}
else
{
echo $this->Html->link('Add as Friend', array('controller'=>'friends','action'=>'add_friend',$user['User']['id']));
}
?>
Answer 3 and 4:
funcrion friendlist($user_id)
{
$session_user_id = $this->Session->read('Auth.User.id')
if($user_id == $session_user_id )
{
$user_to = $session_user_id ;
}
else
{
$user_to = $user_id;
}
$this->Friend->find('all',array('Friend.user_to'=>$user_to,'Friend.status'=>'Accepted')
}
Answer 3 is something like this:
function accept_friendship ( $id ) {
$this->Friend->id = $id;
$current_status = $this->Friend->field('status');
if($current_status=='Requested') {
$this->Application->saveField('status', 'Accepted');
}
$this->Session->setFlash('Friendship Accepted');
$this->redirect(array('controller'=>'friends','action'=>'index'));
}
Essentially get the ID of the friend request, check the status field, and if it's equal to Requested, then update it to Accepted. This way it will only be called once.
And also to prevent people from repeatedly "accepting" a friend, just remove the "Accept" link once it's been accepted. The if statement stops your code from updating unnecessarily.
You should also put some kind of prevention in place so that only the requested friend can accept the request. Otherwise I could type the URL yoursite.com/friends/accept_friendship/123 and accept a random persons request without any authentication.
When a user enters his login information and hits submit, i want to check if the user already exists or not.
So, i have the following two questions
1. Which hook is needed to be implemented , for the case when user hits the submit button on the login form. I need the username entered by the user.
2. How to check if a user already exists in drupal or not programmatically ?
Some sample code would be really appreciated.
Please help.
Thank You.
Drupal 7 provides a function to get a user object by name :
$user = user_load_by_name($name);
if(!$user){
// User doesn't exist
}
else {
// User exists
}
http://api.drupal.org/api/drupal/modules%21user%21user.module/function/user_load_by_name/7
This can be done with hook_form_alter:
function module_(&$form, &$form_state, $form_id) {
$user_login_forms = array('user_login', 'user_login_block');
if (in_array($form_id, $user_login_forms)) {
$form['#validate'][] = 'my_validate_function';
}
}
function my_validate_function(&$form, &$form_state) {
$name = $form_state['values']['name'];
// Drupal 6:
if (!db_result(db_query("SELECT COUNT(*) FROM {users} WHERE name = '%s';", $name))) {
// User doesn't exist
}
// Drupal 7:
if (!db_query("SELECT COUNT(*) FROM {users} WHERE name = :name;", array(':name' => $name))->fetchField()) {
// User doesn't exist
}
}
It's better to query the DB directly in this case than than using user_load as it hooks into other modules as well.
In Drupal 7, substitute for this in the validation function:
if (!db_query("SELECT COUNT(*) FROM {users} WHERE name = :name", array(':name' => $name))->fetchField()) {
// User doesn't exist
}
I realize this is almost 2 years old, but user_authenticate does this nicely.
$existing_user = user_authenticate($name,$password);
if($existing_user)
// user exists
else
// user doesn't exist
Hope this helps someone else.
You can try to look on these 2 modules for inspiration: friendly_register and username_check.