Reputation: 1327
try to give permission for users see own profile even when they haven´t permission to see the page
In top of my pages, I verify if my functions "verifyLevel" exists.
This function verifys level of my admin. Admins can have level 1, 2 or 3.
Now Im working on my edit users page, and in this page I just want that admins with level 1 can edit users.
But, I also have a link "my profile", for each user can edit own profile. And for this functionality I want that level 1,2 or 3 have acess.
This is my link:
<a title="my profile" href="dashboard.php?exe=useres/users-edit&userid=
<?php echo $_SESSION['admin']['id'];
?>">my profile
</a>
The problem Im having now is that, as I am doing my level validation, When I click on "my profile" link, Im always getting my message "You dont have permissions to edit admins.".
My link "my profile", just works when admin have level 1, but this functionality, I want that works for all admin levels.
Do you see some way to fix this issue?
This is code in top of my page:
if(function_exists('verifyLevel')){
if(verifyLevel($_SESSION['result']['id']) != '1'){
echo 'You dont have permission to edit admins.';
}
else{
$userId = $_GET['userid'];
$read = $pdo->prepare("SELECT * from admins WHERE id = ?");
$read->bindParam(1, $userId, PDO::PARAM_INT);
$read->execute();
$result = $read->fetch(PDO::FETCH_ASSOC);
if(!$read->rowCount() >=1){
header('Location: dashboard.php?exe=users/index¬found=true');
}
....
Upvotes: 0
Views: 35
Answers (1)
Reputation: 12433
You could add an if before your current if, that checks if you are on the my profile page, and if they are an admin 1-3 -
if(function_exists('verifyLevel')){
$adminArray(1,2,3);
if( isset($_GET['exe']) && $_GET['exe'] == 'useres/users-edit' && in_array(verifyLevel($_SESSION['result']['id']), $adminArray) ){
// GET $_GET['userid'] profile
}
else if(verifyLevel($_SESSION['result']['id']) != '1'){
echo 'You dont have permission to edit admins.';
}
else{
...
Upvotes: 1
Related Questions
- Disallowing user to view page
- function when user not logged in cant see page wordpress
- page only accesible to certain users PHP
- don't allow user to access profile.php but allow him to access profile.php?username=
- How to do i hide the content in user page to the unregistered users?
- Drupal access control to custom user profile page
- How to secure id profile page and not show data if user is not the owner of the id
- when a user logs in send them to their own profile page
- redirect to profile page
- Limit user to their profile page