I've got a MySQL table that stores group permissions. Each user is assigned to a group, and depending on their permissions they have different access to the site. I wrote a function that checks to see if the user has permission to do something on the site. It is: function user_perms($group_id, $todo) { $perms = mysql_query("SELECT * FROM groups_permissions WHERE group_id ='$group_id' LIMIT 1"); $user_can = mysql_fetch_array($perms); if ($user_can[$todo] == 1) { // 1 is yes, 0 is no $ican = "1"; } else { $ican = "0"; } } PHP: Then, on the page I have: $groupno = "2"; $whattodo = "change_pass"; user_perms($groupno, $whattodo); if ($ican == "1") { echo "You can change your password"; } PHP: This works fine so far. It will give me a yes or no answer if the user is allowed to do something. However, I will have multiple instances of this function on one page. This is where I am running into trouble. On the page, I want to do something like: If (user_perms(2, change_pass) = yes) { // If a user in group 2 can change their password echo "<a href='changepassword.php'>Change your password</a>"; } If (user_perms(2, change_email) = yes) { // If a user in group 2 can change their email echo "<a href='changeemail.php'>Change your email address</a>"; } PHP: Notice there will be multiple instances of the same function on one page. I am having some trouble getting it this far. Any help would be GREATLY appreciated!
i second to sabaina actually on your system design this will create more trouble in the future, every time that youre going to check user rights youll need to open up a database connection then query it.. hmmm... why not putting all user rights upon login to session array, and just check the session for user rights.
Your code can't work as it is, you're setting $ican inside the function, which gets destroyed at the end of the function. Like has been said already, pull all of the permissions out when the user logs in... and store them in a session.. <? function load_permissions($group_id) { $perms = mysql_query("SELECT * FROM groups_permissions WHERE group_id ='$group_id' LIMIT 1"); $_SESSION["PERMISSIONS"] = mysql_fetch_array($perms); } load_permissions(1); if ($_SESSION["PERMISSIONS"]["change_pass"] ==1) echo "You can change your password.."; ?> PHP: I've put no error checking here, but it should give you a rought idea of what needs to be done
Thank you for your tips, but this brings up another question... I already have 5 things stored in the user session. How many different things can I store in the session before it becomes "too many"?