A few examples to get you started:
At login screen:
.... ($uname and $upass from a <form>)...
$query="SELECT user_id, user_status FROM users WHERE
user_name='$uname' AND
password='$upass'";
$result=mysql_query($query);
if($result) {
if ( mysql_num_rows($result) == 0 ) {
$err[]='Username or password is incorrect.';
} else {
$row=mysql_fetch_array($result, MYSQL_ASSOC); // get status
session_start(); // send seession_id cookie to user
$_SESSION['username'] = $uname;
$status = $row[ 0 ];
$_SESSION['status'] = $status;
$url='http://' . $_SERVER['HTTP_HOST'] .
dirname($_SERVER['PHP_SELF']);
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')){
$url = substr($url,0,-1); // Get full pathname
}
$url .= '/index.php'; // go back to index page, now logged in
header("location: $url"); // bail out to the redirect page
exit(); // and stop executing this script
......
At top of page that requires a certain level to view:
Ever page now has access to the user's status via the $_SESSION array.
session_start(); // send session_id cookie to user
if(isset($_SESSION['username'])) {
$uname=$_SESSION['username'];
$ustatus= $_SESSION['status'];
} else {
$ustatus=0;
if ( $ustatus >= $this_page_level ) { // some minimum status level to
view this page
// required to be logged in and with status high enough to
// view this screen. If not redirect to another page
$url='http://' . $_SERVER['HTTP_HOST'] .
dirname($_SERVER['PHP_SELF']);
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')){
$url = substr($url,0,-1); // Get full pathname
}
$url .= '/login.php?'; // redirect, for example, to the login page
header("location: $url"); // bail out to the redirect page
mysql_close();
exit(); // and stop executing this script
}
Or, if you simply want a link to be invisible when the users status is
not high enough:
if ($ustatus >= $min_status)
echo '<a href="someplace.php">You can't see me.</a>';
--gary
