andy_b_1502 Posted April 7, 2012 Share Posted April 7, 2012 Hi, I have an admin area to update users detials etc.. I want this area to be secure so only admins can access it, Currently anyone and everyone can access the page. <?PHP session_start(); /* really need to use a session variable to insure authorized to be here */ include ('db.php'); /* ======================================== 99% of the time it is better to put your query in a string. It makes debugging much easier ======================================== */ $query = "SELECT * FROM companies"; $result = mysql_query($query ) or die("SELECT Error: ".mysql_error()); $num_rows = mysql_num_rows($result); /* ======================================== I find it easier to locate problems if I indent code properly and drop out of PHP if there are large sections of html ======================================== */ ?> <br><br><br>There are <?PHP echo $num_rows; ?> removalspace users so far.<P> <table width="819" height="114"> <tr> <th>Company Name</th> <th>Contact Name</th> <th>Contact Number</th> <th>Email</th> <th>Address Line 1</th> <th>Address Line 2</th> <th>Location</th> <th>Postcode</th> <th>Basic Members</th> <th>Upgraded Users</th> <th>Company Logo</th> <th>Approved</th> </tr> <tr> <td colspan="6"></td> </tr> <?PHP while ( $row = mysql_fetch_array($result, MYSQL_ASSOC )) { ?> <tr> <td><?PHP echo $row['company_name']; ?></td> <td><?PHP echo $row['contact_name']; ?></td> <td><?PHP echo $row['phone']; ?></td> <td><?PHP echo $row['email']; ?></td> <td><?PHP echo $row['street1']; ?></td> <td><?PHP echo $row['street2']; ?></td> <td><?PHP echo $row['location']; ?></td> <td><?PHP echo $row['postcode']; ?></td> <td><?PHP echo $row['basicpackage_description']; ?></td> <td><?PHP echo $row['premiumuser_description']; ?></td> <?PHP /* ======================================== I presume you want to show the thumb version here ======================================== */ ?> <td><img src="images/thumbs/<?PHP echo $row['upload']; ?>" alt="logo"/></td> </tr> <tr> <td colspan="10"> <table> <tr> <td>Current level = <?PHP echo $row['approved']; ?></td> <td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=1">Level 1 - Free</a></td> <td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=2">Level 2 - Basic</a></td> <td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=3">Level 3 - Premium</a></td> <td><a href="admin02.php?id=<?PHP echo $row['id']; ?>&level=0">Level 0 - Do Not Display</a></td> </tr> </table> </tr> <?PHP } echo "</table>"; ?></table> i know it's something like: <?php session_start(); if(isset($_SESSION " but dont know how to finish it correctly? " ?> Quote Link to comment Share on other sites More sharing options...
NLT Posted April 7, 2012 Share Posted April 7, 2012 You should have a column in a users table or something, to show which level/rank they are. You can then create a SESSION for the user, check the session with the database to see if the user is a level to access administrative things. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.