Now that you mention it!!
I tried to use sessions but without success, i did:
session_start();
session_register(var);
but after log in as a different user, it keeps taking the data of the previous
user. If I close the browser window and reload the page and log in, then it
takes de current user
Maybe I'm not killing the previous session! session_unset();
Do I need to propagate the Session ID on every page that use session_start()??
Can I use session_id();?
Best Regards,
Miguel Guirao
----- Mensaje original -----
De: Jeffrey <[EMAIL PROTECTED]>
Fecha: Lunes, Marzo 6, 2006 7:37 ombr
Asunto: Re: [PHP-DB] Retricting Access to Menu Items
> I've done this kind of thing with a number of web apps.
>
> What I usually do is create a user table in MySQL with a user-name,
> password and access level, which has an integer value.
>
> When a user logs in successfully, a session is created (see
> session_start() in php documentation), the access level is pulled
> from
> the user table and saved as a session variable. Then it is a simple
> matter of using bits of code like...
>
> if ($_SESSION['access_level'] > 7){
> echo "some stuff";
> }
>
> In your example, you will also want to check the user's access
> level on
> each restricted page - it is not enough to hide menu options. Users
> could simply type the URL in.
>
> I hope that's clear.
>
> Good luck,
>
> Jeffrey
>
> Jeff Broomall wrote:
> > Good morning everyone.
> >
> > I'm building a very simple content management site that tracks
> "tasks.">
> > The options available are:
> > 1. Add Task
> > 2. Edit Task
> > 3. View Task
> > 4. Print Task
> >
> > I need to restrict some users to only View and Print and I'm
> trying to find a way to tell the page not to load the menu options
> (the text) for those not having access to the Add and Edit functions.
> >
> > IOW, they would only see View and Print.
> >
> > I have three basic users:
> > 1. System Admin
> > 2. Subject Matter Expert (SME)
> > 3. Viewers
> >
> > Obviously the System Admin and SME will have full access so it's
> the Viewers that are to have access to only View and Print.
> >
> > I have a users table but haven't set it up for the distinction.
> What I was thinking was creating a field labeled users_group and
> assign a numeric value for each user using the numbering system above.
> >
> > I have my page load the menu options:
> >
> > Home<br />
> > View Tasks<br />
> > Edit Task<br />
> > Add Task<br />
> >
> > into here...
> >
> > <BODY>
> >
> > <table width="90%" border="1" cellspacing="10" cellpadding="0"
> align="center">>
> > <tr><td colspan="2"><h1 id="mainhead">ICAO Tasks —
> WAFS</h1></td></tr>>
> > <tr>
> > <td align= "center" valign="top" nowrap="nowrap" width="10%">
> > Menu<br />
> > <?php include ('./includes/menu.html'); ?> <--The menu above
> inserted here.
> > </td>
> >
> > <td valign="top" class="content">
> >
> >
> > How can I tell the system not to load the last two lines unless
> they are a System Admin or SME?
> >
> > I read a chapter on Cookies/Sessions...but it wasn't that helpful
> for this case.
> >
> > Can I setcookie('user_group', '3') and use that somehow???
> >
> > Am I in the ballpark with this solution?
> >
> > Thanks.
> >
> > Jeff
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Este mensaje es exclusivamente para el uso de la persona o entidad a quien esta
dirigido; contiene informacion estrictamente confidencial y legalmente
protegida, cuya divulgacion es sancionada por la ley. Si el lector de este
mensaje no es a quien esta dirigido, ni se trata del empleado o agente
responsable de esta informacion, se le notifica por medio del presente, que su
reproduccion y distribucion, esta estrictamente prohibida. Si Usted recibio
este comunicado por error, favor de notificarlo inmediatamente al remitente y
destruir el mensaje. Todas las opiniones contenidas en este mail son propias
del autor del mensaje y no necesariamente coinciden con las de Radiomovil
Dipsa, S.A. de C.V. o alguna de sus empresas controladas, controladoras,
afiliadas y subsidiarias. Este mensaje intencionalmente no contiene acentos.
This message is for the sole use of the person or entity to whom it is being
sent. Therefore, it contains strictly confidential and legally protected
material whose disclosure is subject to penalty by law. If the person reading
this message is not the one to whom it is being sent and/or is not an employee
or the responsible agent for this information, this person is herein notified
that any unauthorized dissemination, distribution or copying of the materials
included in this facsimile is strictly prohibited. If you received this
document by mistake please notify immediately to the subscriber and destroy
the message. Any opinions contained in this e-mail are those of the author of
the message and do not necessarily coincide with those of Radiomovil Dipsa,
S.A. de C.V. or any of its control, controlled, affiliates and subsidiaries
companies. No part of this message or attachments may be used or reproduced in
any manner whatsoever.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
