Hi guys

I am very new to php and am trying to create a small content management site. Hopefully I will have posted this correctly, sorry If I have missed anything out.

I want to be able to have an admin page link show up when i log in as a super user/administrator. In addition to this I don't want this admin link to be visible to normal users when they log in. Unfortunately my understanding and knowledge of Php isn't up to scratch to know how to do this in the best way.

What I have currently is an index.php/homepage, where users can log on. Once a user is logged in they are authenticated using . $_SESSION. I have an if statement which says if the user is authenticated then display a selection of links, view profile, edit profile etc. If the user isn't authenticated they can only see the register and login links.

What I want to achieve is, if the administrator logs in then he can see an aditional link, 'admin'. So i setup and elseif statement. I am using the following code.

if (isset($_SESSION['username']) && ($username = 'rich')){
		
	echo '<ul>';
	echo '<li><a href="profileview.php">View Profile</a></li>';
    echo '<li><a href="profileedit.php">Edit Profile</a></li>';
	echo '<li><a href="upload.php">Upload Media</a></li>';
	echo '<li><a href="admin.php">Admin</a></li>';
    echo '<li><a href="logout.php">Log Out (' . $_SESSION['username'] . ')</a></li>';
	echo '</ul>';
		
 }
 elseif (isset($_SESSION['username'])) {
	echo '<ul>';
	echo '<li><a href="profileview.php">View Profile</a></li>';
    echo '<li><a href="profileedit.php">Edit Profile</a></li>';
	echo '<li><a href="upload.php">Upload Media</a></li>';
    echo '<li><a href="logout.php">Log Out (' . $_SESSION['username'] . ')</a></li>';
	echo '</ul>';
	
	 }
 
 else {
	 
	echo '<ul>';
    echo '<li><a href="login.php">Log In</a></li>';
    echo '<li><a href="register.php">Register</a></li>';
	echo '</ul>';
	}

However this does not work. Although the admin page link displays, it dislpays for any authenticated user and not just for the admin user 'username = rich'. I asn't sure if I needed a nested if statement and to run a select query against the db, where username = rich. But I have a feeling this isn't the answer. Does anyone know how I can get this working? Maybe somebody knows of a better and easier way of achieving what I am after. I don't know if I need to do this another way where I query a user_type column in the db and only show the admin link for users with a user_type of admin??

I have copied the code below. If anyone can help me out with this I would be very grateful and I appreciate anyones time. Thanks for any help and time given,

cheers


==============================================================

index.php

<?php
 session_start();

  // If the session vars aren't set, try to set them with a cookie
  if (!isset($_SESSION['user_id'])) {
    if (isset($_COOKIE['user_id']) && isset($_COOKIE['username'])) {
      $_SESSION['user_id'] = $_COOKIE['user_id'];
      $_SESSION['username'] = $_COOKIE['username'];
    }
  }

 //add the page header 
	$pagetitle = 'Home';
	require_once('header.php');	
  //require_once('appvars.php');
  require_once('dbvars.php');

  ?>
  <?php
  
  echo '<div id="toplinks">';

if (isset($_SESSION['username']) && ($username = 'rich')){
		
	echo '<ul>';
	echo '<li><a href="profileview.php">View Profile</a></li>';
    echo '<li><a href="profileedit.php">Edit Profile</a></li>';
	echo '<li><a href="upload.php">Upload Media</a></li>';
	echo '<li><a href="admin.php">Admin</a></li>';
    echo '<li><a href="logout.php">Log Out (' . $_SESSION['username'] . ')</a></li>';
	echo '</ul>';
		
 }
 elseif (isset($_SESSION['username'])) {
	echo '<ul>';
	echo '<li><a href="profileview.php">View Profile</a></li>';
    echo '<li><a href="profileedit.php">Edit Profile</a></li>';
	echo '<li><a href="upload.php">Upload Media</a></li>';
    echo '<li><a href="logout.php">Log Out (' . $_SESSION['username'] . ')</a></li>';
	echo '</ul>';
	
	 }
 
 else {
	 
	echo '<ul>';
    echo '<li><a href="login.php">Log In</a></li>';
    echo '<li><a href="register.php">Register</a></li>';
	echo '</ul>';
	}


  
  echo '</div>';
require_once('leftmenu.php');
?>
<div id="hometext">
<p>If you are a designer or Artist and have never found the right way to market your work then The Negative Space is the site you need a profile on.  Create a profile today and start sharing you work with people who will appreciate it. </p>
</div>
<?php
require_once('footer.php');
?>

Throw another ' = ' in there.

if (isset($_SESSION['username']) && ($username == 'rich')){

The way you have it you are setting the value of $username to 'Rich' and thus everyone is now named Rich, therefore everyone sees the links you don't want them to.

That should straighten you out.

Thanks very much for taking the time to read my question and posting your suggestion. I changed the code like you said to the following.

if (isset($_SESSION['username']) && ($username == 'rich')){

Unfortunately though, I can still see the admin link with other users logged in. Do you have any other suggestions of how I can make this work? I know I am asking a lot, but I keep spending a lot of time on this scratching my head and am now at a loss.

Thanks again for your time, I really appreciate it.

I did something like this a while ago and my solution was to add a row to mysql like level and set 1 as admin 2 as normal user and 3 as super admin. then pull the level from the login check and i did this

if (isset($_SESSION['name'])){

		if ($_SESSION['level'] == 3) {
	 ?>
        
     		   Welcome <br><font color="red"><?php echo $_SESSION['name'];?></font><br>
              <i> <b>Access Level</b> = Developer.</i><br>
               <a href="?logout">Logout</a><br>
               <a href="client_list.php">Client List</a><br>
               <a href="joblist.php">Job list</a><br>
               <a href="add_client.php">Add a Client</a><br />
               <a href="add_user.php">Add New User</a><br />
               <a href="joblist.php">Jobs for following week</a><br />
               <a href=""></a><br />
               <a href="index.php">Start Page</a>
               
              
			   <?php }
		elseif ($_SESSION['level']== 1){ ?>
       Welcome <br><font color="red"><?php echo $_SESSION['name'];?></font><br>
       <i><b>Access Level</b> = User.</i><br>
               <a href="?logout">Logout</a><br>
               <a href="index.php">Start Page</a>
               <?php } 
			
		
		elseif ($_SESSION['level']== 2){ ?>
       Welcome <br><font color="red"><?php echo $_SESSION['name'];?></font><br>
       <i><b>Access Level</b> = Admin.</i><br>
               <a href="?logout">Logout</a><br>
               <a href="client_list.php">Client List</a><br>
               <a href="add_client.php">Add a Client</a><br />
               <a href="add_user.php">Add New User</a><br />
               <a href="joblist.php">Jobs for following week</a><br />
               <a href=""></a><br />
               <a href="index.php">Start Page</a>
			   <?php } 
			   
}

It' a bit crude and i will probably be hounded for going in and out of tags but it worked a treat fo what i wanted.

Hope it helps!!

Cheers...

I'm not sure what to say about that. I copied the code and ran it and with the added '=' and I had no issues. The admin link only displayed for the user I had it set to. It Worked just the way you intended it to. With the code you have posted I don't see where the problem is. I've always used IDs myself. Perhaps you can do something like emhmk1 suggested and run it against an ID.

if (isset($_SESSION['user_id']) && $_SESSION['user_id'] == '69'){

If it works then it would give you an idea of where to start looking for the problem with the user names.

Hi CFROG and emhmk1, thanks a lot for your responses, really appreciate it.

I like the suggestion from emhmk1 and its something I will be working on a little more. But from that suggestion I used another bit of code, similar to what CFROG just posted and it seems to work niceley. However I need to make a few tweeks. This is how the code looks so far:

if (isset($_SESSION['username'])){
	 if ($_SESSION['user_id'] == 1) {
		
	echo '<ul>';
	echo '<li><a href="profileview.php">View Profile</a></li>';
    echo '<li><a href="profileedit.php">Edit Profile</a></li>';
	echo '<li><a href="upload.php">Upload Media</a></li>';
	echo '<li><a href="admin.php">Admin</a></li>';
    echo '<li><a href="logout.php">Log Out (' . $_SESSION['username'] . ')</a></li>';
	echo '</ul>';
		
 }
 elseif (isset($_SESSION['username'])) {
	echo '<ul>';
	echo '<li><a href="profileview.php">View Profile</a></li>';
    echo '<li><a href="profileedit.php">Edit Profile</a></li>';
	echo '<li><a href="upload.php">Upload Media</a></li>';
    echo '<li><a href="logout.php">Log Out (' . $_SESSION['username'] . ')</a></li>';
	echo '</ul>';
	
	 }
 
 else {
	 
	echo '<ul>';
    echo '<li><a href="login.php">Log In</a></li>';
    echo '<li><a href="register.php">Register</a></li>';
	echo '</ul>';
	}
}

But just to add, this works but when I click logout, the links on that page dissapear so i dont have the link to log back in, but this will be played about with and I will get it. Thanks a lot for all your contributions towards my issue, its been a great help and I really appreciate it.

have a good day

FYI i started off by making my own cms also then went on to view other ones and modify them to my needs. Currently i am using this one www.php-login-script.com and am having lots of fun playing around with it.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.