Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- global $db = null; // db connection
- $user_id = "";
- $password = "";
- /**
- * This function will fetch a specific user fro mthe database;
- *
- * @param int $user_id The user id;
- * @return Object it's fetched object. null will be returned if anything goes wrong.
- **/
- function get_user($user_id) {
- // validating input
- // must not be empty or not a number nor a negative number
- if (empty($user_id) || !is_numeric($user_id) || $user_id <= 0 ) {
- return null;
- }
- // query to the db
- // please adjust to your case
- $user = $db->query("select * from users where id = " . $user_id . ";");
- // returning values
- return ($user) ? $user : null;
- }
- function has_privilege($user_id, $role) {
- $query = $db->query("select * from roles where user_id = " . $user_id . ";");
- return ($role == $query['role']);
- }
- $user = get_user($user_id);
- // loging in
- // this presumes you're using PHP built-in validation functions see manual
- if (password_verify($password, $user['password'])) {
- // checking if it has required privileges...
- if (has_privilege($user_id, "admin")) {
- // grant access
- header("location: ... "); // your page
- } else {
- // error. redirect to login
- }
- } else {
- // error. redirect to login
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement