Jordan Jordan - 22 days ago 6
MySQL Question

Admin Levels/User Role implementation in PHP/SQL

I am trying to implement a Admin Level/User role into my website, I am fairly new to PHP so still trying to figure a few things out.

I have this SQL query:

$sqlUserLevel = $user_home->runQuery("SELECT * FROM po_users");
$sqlUserLevel->execute();
$loggedInUserRole = $sqlUserLevel->fetch(PDO::FETCH_ASSOC);


and this PHP if statement:

if($loggedInUserRole['userRole'] == "Admin"){
include 'file.php';
}else{
//dont show.
}


But the content is still showing to everyone not just "Admin" users can someone point me in the right direction...

Answer

I think your query may be wrong , My opinion is please try to select the user role from op_user rather than * . What happens here you first record always looking and the if condition never gonna true. so that's why you getting this issue . Please have a try. This may help you.

Please change this as what you want.

 $sqlUserLevel = $user_home->runQuery("SELECT userRole FROM po_users where uid='".$myUid."'");
    $sqlUserLevel->execute();
    $loggedInUserRole = $sqlUserLevel->fetch(PDO::FETCH_ASSOC);


    if($loggedInUserRole['userRole'] == "Admin"){
        include 'file.php';
      }else{
      //dont show.
    }

Please have a try this may help you.