Hello All,
I'm building a CMS where an admin sets up a user, then sends the user a link so that they can log in and add the majority of the data.
With this in mind, I have 2 types of users: Admin, Normal
My first resource was how to build a secure login:
http://forums.devshed.com/php-faqs-...ing-891201.html
My next step was how to build the db efficiently. I finally decided (with help from r937) to place all of the submitted data into a single db, but to have the user table for admins and normal users be separate. My thought on this was that the users need to authenticate before they can even touch the data.
From the link above (Secure login), I want to give admins the ability to view any account that's created with the option to build users (normal users will not have creation ability). The users themselves can only access their account.
I'm going to use a foreign key to point the data table (acct_ref - ex: 123) to the user table (acct - ex: 123). In the user table, I'll be adding 'acct' and admins will set what account the user is allowed to get details for.
My question is, how would I make the session differentiate between an admin and a normal user? Would this be more in the session itself, or do I need to add more of an if, then, else statement?
Right now I can differentiate links using the following:
Code:
if(empty($_SESSION['user'])) {
echo '<a href="login.php">Login</a>';
} else {
echo '<a href="memberlist.php">Member List</a> | <a href="register.php">Register New User</a> | <a href="edit_account.php">Edit Account</a> | <a href="logout.php">Logout</a>';
};
But I'm sure it's much different to say:
If user is admin
* acct can have any value
else if user is normal
* search details for acct if equals 123
Thanks for sharpening my mind in advance.
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
