-1

in my database i have the table called users, where i have 5 fields (id, username, email, password, user_level) - for the user_level field i have 2 options administrator and editor.

What i want to do is that when the user who is logged in have administrator in the user_level field to see all the pages from backend, and the user who have in the user_level field editor to see only some of the pages from the backend such as newsletter, or messages.

I hope you understand what i'm asking if not fell free to ask me if you need more specific details.

I tried to make a php page called access.php wher i put the following code, but not working

<?php
session_start();
$sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id");
$user_level = $mysqli->query($sql);
echo $user_level;
if ($user_level !="administrator") {
echo "You are not the proper user type to view this page";
die();
}
?>

I need a little help. Thx in advance for helping me. :)

Rwi
  • 29
  • 6

1 Answers1

0

IN your sql, add a new column called useraccess. Then you could do, 

$sql = "select user_access from imobiliare_users where email = '$email'";
$sql = mysql_fetch_array(mysql_query($sql));
if ($sql['user_access'] != 'user_level2') {
   // show error about not having authorisation
}
else
{
   // login/process script
}
TheMeq
  • 16
  • 4
  • endif error. I've added the code exactly how you suggest but not working the code that i've tried is below:`$sql = mysql_query("select user_level from imobiliare_users where email = '$email'"); $sql = mysql_fetch_array($sql); if ($sql['user_level'] == 'user_level2') { echo "Error"; }` – Rwi Oct 29 '14 at 12:15