Home/ Questions/Q 9039431
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T09:43:44+00:00

I want to make a certain page viewable only to a certain group of

  • 0

I want to make a certain page viewable only to a certain group of a database. My SQL table is set up as:

Table: DD_users
Columns: id | group | username | paraphrase | guild | level | salt

This is the code I am trying to use:

// First we execute our common code to connection to the database and start the session
require("common.php");

// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
    // If they are not, we redirect them to the login page.
    header("Location: /DD/index.php");

    // Remember that this die statement is absolutely critical.  Without it,
    // people can view your members-only content without logging in.
    die("Redirecting to /DD/index.php");
}

if($_SESSION['user']['group'] == '0')
{
    // Destroy the session to make them log in again.
    unset($_SESSION['user']);

    // If they are not, we redirect them to the login page.
    header("Location: /DD/index.php");

    // Remember that this die statement is absolutely critical.  Without it,
    // people can view your members-only content without logging in.
    die("Redirecting to /DD/index.php");
}

// Everything below this point in the file is secured by the login system

When I try this, will let any user group (0, 1, and 2) access the page when I only want groups 1 and 2 to access the page.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Got it working another way:

    require('common.php');
$charname = $_SESSION['user']['username'];
$query = "SELECT adminaccess, guild, username, class, level, active, canRegister, canNews, canActive 
      FROM DD_users 
      WHERE username = ?";
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$stmt->execute(array($charname));
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code. 
die("Failed to run query: " . $ex->getMessage());
}

// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetchAll();

//print_r($rows);
$group = $rows['0']['adminaccess'];
$guild = $rows['0']['guild'];
$username = $rows['0']['username'];
$class = $rows['0']['class'];
$level = $rows['0']['level'];
$accessAdmin = $rows['0']['adminaccess'];
$canRegister = $rows['0']['canRegister'];
$canNews = $rows['0']['canNews'];
$canActive = $rows['0']['canActive'];
    • 0