-2

I'm trying to create permissions for 3 diferent types of users

  • Normal
  • Admin
  • SuperAdmin

And I don't know how or where to start doing it because I'm still very weak with php, can someone give me an example of what to do please? How to use Session Variable for example, I've tried a code that I found here:

    <?php
$result = "SELECT * FROM customers" or die("Error: " . mysqli_error($db));

            $res = $db->query($result);

            while($row = mysqli_fetch_array($res)) {
                $UserRoleID = $row['userRoleID'];

                $_SESSION['user_role'] = $UserRoleID;
            }
?>

And on another page:

<?php

if( (isset($_SESSION['user_role']) ) && (false != $_SESSION['user_role']) )
{
    if( '2' == $_SESSION['user_role'] ) 
    { 
        echo "<li><a href='index.php'>User</a></li>";
    } 

    elseif ('3' == $_SESSION['user_role'] ) 
    { 
        echo "<li><a href='index.php'>Admin</a></li>";
    } 

    else
    { // error condition
        // display details of invalid $_SESSION['user_role']
    }
}

else
{ // error condition
    // display details of missing or empty $_SESSION['user_role']
}

?>

It don't show me any error but it also don't show-me the outputs so I can't do anything

Carlos Santiago
  • 7
  • 6
  • Is there more to the page? I don't see a `session_start();` anywhere. You will need to call this at the top of your page on each separate page to be able to store data in session – Recnats Jun 08 '18 at 09:40
  • _“And I don't know how or where to start doing it because I'm still very weak with php”_ - well then my suggestion would be that you start by fixing the last part. Getting in “way over your head” is most likely not going to lead to a quality result anyway; and since this is a security sensitive issue, it might even be _dangerous_ to try and do this on your current experience level already. – CBroe Jun 08 '18 at 09:46
  • I start the session when the page loads, to login system work – Carlos Santiago Jun 08 '18 at 09:52
  • The first code sample is suspicious. Are you sure the table containing the users is called `customer`? Then, if you login one user, you should read the permissions of this one user and store it. But you read all rows of the table, without a WHERE clause in your query. Also, in the loop reading the roles, you reset the value of your session variable, so in the end, the value in the session variable will be the one from the last row of the table. Maybe you could post the part where you login the user, then we can better tell how the permissions part should look like. – Karsten Koop Jun 08 '18 at 10:34

1 Answers1

0

Your code does not use session_start(), so regardless of any session ID the user sees, session information will not appear to persist between requests.

Start both of your scripts with this:

<?php

session_start();
mike42
  • 1,608
  • 14
  • 24