Session stuff

[unknown gamer]

Ok, I may be going about this the wrong way. I have a login system that is pretty much finished but I have 4 user levels, admin, sub-admin, mod, and user. so for everything like checking if there logged in i use: if (isset($_SESSION['admin']) || isset($_SESSION['sub-admin']) || isset($_SESSION['user']) || isset($_SESSION['mod']))is there a better way to do this?

[KYKK]

I am not sure but try if (isset($_SESSION['admin', 'sub-admin', 'user', 'mod'])

[unknown gamer]

I may have phrased it wrong, My code works, but is there a better way instead of having different sessions for different user levels?

[Jesdisciple]

Can any user be in two levels at once? If not you don't need to worry about this. (To demonstrate how to check for a certain level, I've assumed a fifth "banned" level.)Otherwise, you might try something like

if (isset($_SESSION['level']) && strpos($_SESSION['level'], 'banned') === FALSE)

with level strings like this:

admin mod member

[unknown gamer]

I don't think I understand what you mean..

[jlhaslip]

I would use $_SESSION['level'] as per above with 4 approved levels defined.Admin, SuperMod, Mod, MemberBanned Members would not be allowed to Log-in

[Jesdisciple]

Check my post again to make sure you didn't miss an edit. Also, see strpos for what the 'banned' part is doing. Then... what are you not getting?

[unknown gamer]

So how does $_SESSION['level'] know what it is, mod member etc.?

[jlhaslip]

the member's level is stored in the Member's row of the Database Table.*edit*the $_SESSION['level'] would be pulled from the Member Table and set in the Session Array when they Log-in

[Jesdisciple]

strpos will return a number (0 or above) if the item is found; if it's not, it will return false. Because 0 is falsy, the strict comparison is necessary. If $_SESSION['level'] is set and doesn't contain "banned", then that if statement will execute.

function userAtLevel($level){	return strpos($_SESSION['level'], $level) !== FALSE;}

EDIT: Oh, is that what you meant? I assumed you had that part set up already.

[unknown gamer]

yes, there level is in the status thing of the database, when they login i have it check there status and set the session according to there session, I just don't understand how you have $_SESSION['level'] for all the different levels. Do i set that as the session then when i go to check there status go SELECT status from users where name=$_SESSION['level'] making the session there name? :S

[Jesdisciple]

Oh! See LIKE.

SELECT statusFROM usersWHERE level LIKE '%admin%'

[unknown gamer]

I used to do that, but that's very very similar to the different sessions... are these 2 the only ways to go about this?

[Jesdisciple]

Can any user be in two levels at once? If not you don't need to worry about this.

I.e., you could have only one item in the level field and just check for equality.

[unknown gamer]

ok, i understand that. but i don't get how to use the codes above..

[Jesdisciple]

Well, which arrangement are you looking at? (I thought you didn't want to do the strpos thing...) Also, can you be specific about what you don't get?

[unknown gamer]

Ya, i think i'm going around in circles <.< Ok. time to restart.Instead of having a session for each level and having one session and everytime running a code checking there status for each session. Like i have an edit file. where admins can edit everyone sub-admins can edit everyone but admins, mods can edit everyone but sub-admins and admins and users can only edit themselves. So i go if isset session admin {show stuff}if isset session sub-admin {then it checks if they are trying to edit admins if not show form to edit}} etc... so is there an easier way of doing this? because that seems like such a bad and hard way.

[Jesdisciple]

First, I question the wisdom of allowing everyone but users to edit their peers (admins editing admins, supers editing supers, and mods editing mods). I think one's self and those who are lower should be the limit... And mods might not deserve to edit anyone but themselves.What do you see wrong with the single-level system?

[unknown gamer]

Wait, admins (i am the only admin)... sub-admins can edit everyone but admins and sub-admins, and mods can only edit users... sorry for the confusion. :)Also nothing is really wrong it just looks really messy. :/and i want a better way, if possible.

[Jesdisciple]

The only way I see to clean it up is to use numbers instead of words.

1. users
2. mods
3. sub-admins
4. admins

if($_SESSION['userid'] === $profile['userid'] || $_SESSION['level'] > $profile['level'])	//The current user can edit this profile.

[unknown gamer]

so the user levels are the 1 2 3 or 4 for $profile['level'])? I'm not very good at this stuff, i'm good doing it my way but others confuse me. T_T

[Jesdisciple]

Yes. $profile is a result set from your database of user profiles. It's like a four-story building:

----------------------------------------------------------------|						   admins						 |----------------------------------------------------------------|						sub-admins					  |----------------------------------------------------------------|							 mods						  |----------------------------------------------------------------|							 users						  |----------------------------------------------------------------

To edit a profile, you must either own it or be "above" the user who owns it. This way the metaphor of height is taken all the way; you're comparing numbers rather than labels.

[unknown gamer]

I'm like a deer in the head lights right now..... your way is very confusing and my way is very not right.

[Jesdisciple]

Answers can fix anything (kind of like an Aggie's duct tape), but first I need a question.

[unknown gamer]

Heh, well i keep asking the same question. I just don't really understand your way of this, can you maybe post a bit more code and explain it more? i'm not good at learning without commented code...