Advertisement
| 05.16.2008 at 05:06PM PDT, ID: 23410036 |
|
[x]
Attachment Details
|
||
1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: |
//-----editpage.php---------
<?php
ini_set('error_reporting', E_ALL);
ini_set('display_errors', 'On');
ini_set('display_startup_errors', 'On');
$database = "serve_forms";
mysql_connect("localhost", "test", "test") or die(mysql_error());
@mysql_select_db($database) or die( "Unable to select database");
include("functions.php");
checkLogin(1 2 3);
//1=> SYS ADMIN(everything plus DELETE), 2=>ADMIN(edit,view,update) 3=>ANALYST(view only)
echo("hello");
?>
//-----functions.php-----------
<?php
#require_once('db.php');
//LEVEL ACCESS
//1=> SYS ADMIN(everything plus DELETE), 2=>ADMIN(edit,view,update) 3=>ANALYST(view only)
function checkLogin($role)
{
if(!$_SESSION['logged_in'])
{
$access = FALSE;
}
else {
$kt = split(' ', $role);
$query = mysql_query('SELECT level_access FROM tblUsers WHERE ID = "'.mysql_real_escape_string($_SESSION['user_id']).'"');
$row = mysql_fetch_assoc($query);
$access = FALSE;
while(list($key,$val)=each($kt))
{
if($val==$row['LEVEL_access'])
{//if the user level matches one of the allowed levels
$access = TRUE;
}
}
}
if($access==FALSE)
{
header("Location: login.php");
}
}
?>
|
Advertisement
