1

Please note, similar questions have been asked multiple times.

**** Though, not this one as far as my search goes! ****

The goal:

I need help on how to build a script that shows the page with user settings. It should be based on account level and if the user_id matches with the variable of 'id' in the url. So, basically.. the admin should always be able to see the user settings no matter if the user_id matches the 'id' from the url.

The problem:

I can't get it to work with the two variables (user status = 'id' in url, and if the user is admin? Then always show) in a good way, since I don't want to duplicate the "juicy" stuff in two places.

My current state:

I'm thinking something like this:

#DB:USERS
user_id   user_name   user_level ....
1         ADAM        3 (admin)
2         BRYAN       1 (suspended)
3         CODY        2 (user)
4         DAVID       3 (admin)

CODE:

<?php
  // Get the logged in user data..
    $sql = "SELECT * FROM users where user_name = '".$_SESSION['username']."'";
    $user_level = $row["user_level"];

  $query... (SELECT * #DB:USERS);..
    $url_id = $_GET['id'];
    $user_id = $row['user_id'];

  if ($url_id == $user_id) {
    #Show all the juicy user setting stuff#
  } else {
    echo 'ACCESS DENIED';
  }
?>

So far so good, but how to add the step that says, if the user status is equal to 3 (admin).. then show the jucy stuff anyway?

Thanks in advance!

Improve this question
9
  • 4
    how do you know the user viewing the page is an admin? i would expect it to be in a session. Commented Oct 24, 2018 at 21:37
  • 1
    I think we are missing a variable here. Commented Oct 24, 2018 at 21:38
  • 1
    so why cant you just use ? if($_SESSION['userLevel]=='3'){...} t Commented Oct 24, 2018 at 21:41
  • 1
    the answer below is correct, just have to adjust whats after the the or for your need Commented Oct 24, 2018 at 21:47
  • 1
    side note, may as well put user level in the session at the same time you put in username, then you dont have to query every time to check it. Commented Oct 24, 2018 at 21:50

1 Answer 1

Reset to default
4

If I understood your question, you need to test if user is admin in addition of the test of user ID, use or condition :

// not sure of variable name for userlevel
if ($url_id == $user_id || $_SESSION['userlevel'] == 3) {
    #Show all the juicy user setting stuff#
} else {
    echo 'ACCESS DENIED';
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Hey and thanks for your reply! Well, yeah sort of. Though if the user is not admin, but the user_id matches the url_id.. then the user should be able to see the juicy user settings anyway. Any idéas?
This condition allows both : user connected who matches $url_id, or admin user.
" if the user is not admin, but the user_id matches the url_id.. then the user should be able to see the juicy user settings anyway" that's exactly what this does A(matching user) OR B(admin)
That should be what happens. If either the user is admin, OR the 2 ids match, it shows the juicy stuff
You're great as always guys! Thanks for helping me out and learning me about the operator || = EITHER, upvote for u all!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.