xKush
Doujinshi Creator
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
200 XP
Introduction:
This tutorial is the third and final episode to the User Levels section of my Forum Creation Tutorial series. In this part, we are going to be adding banning functionality and giving the admins their privileges.
Admin Privileges:
This part is essentially the same as the moderator privileges part found the previous tutorial. Once the user has logged in using our login form found in login.php we check if the user level of that user is 3 (admin), if it is we set the isAdmin session variable...
Next, we go to the checks for moderators and add the exception for admins so admins too can delete posts by other users. So add:
to threadPage.php replies, and forumTutorial.php (index/thread list page)...
Finally we want to add a check just under where we continue our session and connect to our database on the admin panel page to check that the user accessing the page is an admin...
Banning Users:
Next we want to add the ability for admins to ban users. We could add a new column in to our database to hold their current ban status (0 or 1, false or true, unbanned or banned) but instead we are going to use their level as 0 if they are banned.
First we add another option next to the change level option for every user within the admin panel...
Next we need to process when the get parameter of act is ban, we grab the user id from the url as well (through PHP GET statements) then we set their user level to 0...
(Appending on to the end of the if statement script which checks for the act level parameters):
Finally we need to check on login if the user is banned, if they are then we give an error otherwise we allow them to login as normal...
We might want an option to unban users as well so we simply do the opposite...
Logout Script:
I thought I had already covered logging out scripts, but I don't seem to have a logout page in my directory. The script is a simple two line php script and simply connects to the session then destroys it ready for a new one the next time another script connects...
This tutorial is the third and final episode to the User Levels section of my Forum Creation Tutorial series. In this part, we are going to be adding banning functionality and giving the admins their privileges.
Admin Privileges:
This part is essentially the same as the moderator privileges part found the previous tutorial. Once the user has logged in using our login form found in login.php we check if the user level of that user is 3 (admin), if it is we set the isAdmin session variable...
- if
(
$info
[
'level'
]
==
3
)
- $_SESSION
[
'isAdmin'
]
=
'yes'
;
Next, we go to the checks for moderators and add the exception for admins so admins too can delete posts by other users. So add:
- ||
isSet
(
$_SESSION
[
'isAdmin'
]
)
to threadPage.php replies, and forumTutorial.php (index/thread list page)...
- echo
'<tr><td><a href="threadPage.php?tid='
.
$row
[
"id"
]
.
'">'
.
$row
[
"title"
]
.
'</td><td>'
.
$content
.
'...</td>'
;
- if
(
isSet
(
$_SESSION
[
'isMod'
]
)
||
isSet
(
$_SESSION
[
'isAdmin'
]
)
)
- echo
'<td><a href="threadPage.php?act=delete&type=thread&id='
.
$row
[
"id"
]
.
'">Delete</td>'
;
- echo
'</tr>'
;
- if
(
$delType
==
'reply'
)
{
- $delAuthorQ
=
mysqli_query
(
$con
,
"SELECT * FROM `replies` WHERE `id`='$delID
'"
)
;
- $delAuthorInfo
=
mysqli_fetch_array
(
$delAuthorQ
)
;
- $delAuthor
=
$delAuthorInfo
[
'author'
]
;
- if
(
strtolower
(
$delAuthor
)
==
strtolower
(
$_SESSION
[
'username'
]
)
||
isSet
(
$_SESSION
[
'isMod'
]
)
||
isSet
(
$_SESSION
[
'isAdmin'
]
)
)
{
- $delq
=
mysqli_query
(
$con
,
"DELETE FROM `replies` WHERE `id`='$delID
'"
)
;
- }
else
- echo
'You do not have permission to do that!'
;
- }
else
if
(
$delType
==
'thread'
)
{
- $delAuthorQ
=
mysqli_query
(
$con
,
"SELECT * FROM `threads` WHERE `id`='$delID
'"
)
;
- $delAuthorInfo
=
mysqli_fetch_array
(
$delAuthorQ
)
;
- $delAuthor
=
$delAuthorInfo
[
'author'
]
;
- if
(
strtolower
(
$delAuthor
)
==
strtolower
(
$_SESSION
[
'username'
]
)
||
isSet
(
$_SESSION
[
'isMod'
]
)
||
isSet
(
$_SESSION
[
'isAdmin'
]
)
)
{
- $delq
=
mysqli_query
(
$con
,
"DELETE FROM `threads` WHERE `id`='$delID
'"
)
;
- }
else
- echo
'You do not have permission to do that!'
;
- }
- $replies
.=
'<tr><td>'
.
$row
[
"content"
]
.
'</td><td>'
.
$author
.
'</td><td>'
.
$repliedUser
[
"signature"
]
.
'</td>'
;
- if
(
isSet
(
$_SESSION
[
'username'
]
)
&&
$author
==
$_SESSION
[
'username'
]
||
isSet
(
$_SESSION
[
'isMod'
]
)
||
isSet
(
$_SESSION
[
'isAdmin'
]
)
)
- $replies
.=
'<td><a href="threadPage.php?act=delete&type=reply&id='
.
$row
[
"id"
]
.
'">Delete</a></td>'
;
- $replies
.=
'</tr>'
;
Finally we want to add a check just under where we continue our session and connect to our database on the admin panel page to check that the user accessing the page is an admin...
- if
(
!
isSet
(
$_SESSION
[
'isAdmin'
]
)
)
{
- header
(
"Location:forumTutorial.php"
)
;
//Redirect to main/index/thread listing page.
- exit
(
)
;
- echo
'You\'re not an admin! Redirecting to main page...'
;
- }
Banning Users:
Next we want to add the ability for admins to ban users. We could add a new column in to our database to hold their current ban status (0 or 1, false or true, unbanned or banned) but instead we are going to use their level as 0 if they are banned.
First we add another option next to the change level option for every user within the admin panel...
- <td
><form
action
=
"admin.php?act=ban&uID='.$row["
id
"].'"
method
=
"POST"
><input
type
=
"submit"
value
=
"Ban User!"
/
></
form
></
td
>
Next we need to process when the get parameter of act is ban, we grab the user id from the url as well (through PHP GET statements) then we set their user level to 0...
(Appending on to the end of the if statement script which checks for the act level parameters):
- else
if
(
isSet
(
$_GET
[
'act'
]
)
&&
$_GET
[
'act'
]
==
'ban'
&&
isSet
(
$_GET
[
'uID'
]
)
)
{
- $uID
=
$_GET
[
'uID'
]
;
- $checkUserExists
=
mysqli_query
(
$con
,
"SELECT * FROM `users` WHERE `id`='$uID
'"
)
;
- if
(
mysqli_num_rows
(
$checkUserExists
)
>
0
)
{
- //User exists, set level to 0 and ban them.
- $banUserQuery
=
mysqli_query
(
$con
,
"UPDATE `users` SET `level`='0' WHERE `id`='$uID
'"
)
;
- if
(
$banUserQuery
)
{
- echo
'Banned user.'
;
- }
else
- echo
'Failed to ban user...'
;
- header
(
"Location:admin.php"
)
;
- exit
(
)
;
- }
- }
Finally we need to check on login if the user is banned, if they are then we give an error otherwise we allow them to login as normal...
- $con
=
mysqli_connect
(
'localhost'
,
'root'
,
''
,
'forumTutorial'
)
;
- if
(
isSet
(
$_POST
[
'login'
]
)
&&
isSet
(
$_POST
[
'user'
]
)
&&
isSet
(
$_POST
[
'pass'
]
)
&&
$_POST
[
'user'
]
!=
''
&&
$_POST
[
'pass'
]
!=
''
)
{
- $pass
=
$_POST
[
'pass'
]
;
- $passMD5
=
md5
(
$pass
)
;
- $user
=
$_POST
[
'user'
]
;
- $q
=
mysqli_query
(
$con
,
"SELECT * FROM `users` WHERE `username`='$user
'"
)
;
- if
(
mysqli_num_rows
(
$q
)
>
0
)
{
- $info
=
mysqli_fetch_array
(
$q
)
;
- if
(
$info
[
'level'
]
!=
'0'
)
{
- $storedPassword
=
$info
[
'password'
]
;
- if
(
$storedPassword
==
$passMD5
)
{
- $_SESSION
[
'username'
]
=
$user
;
- if
(
$info
[
'level'
]
==
2
)
- $_SESSION
[
'isMod'
]
=
'yes'
;
- if
(
$info
[
'level'
]
==
3
)
- $_SESSION
[
'isAdmin'
]
=
'yes'
;
- header
(
"Location:forumTutorial.php"
)
;
- exit
(
)
;
- echo
'Logged in!'
;
- }
else
- echo
'Password was incorrect. Please try again.'
;
- }
else
- echo
'That account is banned!'
;
- }
else
- echo
'That username was not found. Please try again.'
;
- }
We might want an option to unban users as well so we simply do the opposite...
- <td
><form
action
=
"admin.php?act=unban&uID='.$row["
id
"].'"
method
=
"POST"
><input
type
=
"submit"
value
=
"Unban User!"
/
></
form
></
td
>
- else
if
(
isSet
(
$_GET
[
'act'
]
)
&&
$_GET
[
'act'
]
==
'unban'
&&
isSet
(
$_GET
[
'uID'
]
)
)
{
- $uID
=
$_GET
[
'uID'
]
;
- $checkUserExists
=
mysqli_query
(
$con
,
"SELECT * FROM `users` WHERE `id`='$uID
'"
)
;
- if
(
mysqli_num_rows
(
$checkUserExists
)
>
0
)
{
- //User exists, set level to 1 and unban them.
- $banUserQuery
=
mysqli_query
(
$con
,
"UPDATE `users` SET `level`='1' WHERE `id`='$uID
'"
)
;
- if
(
$banUserQuery
)
{
- echo
'Unbanned user.'
;
- }
else
- echo
'Failed to unban user...'
;
- header
(
"Location:admin.php"
)
;
- exit
(
)
;
- }
- }
Logout Script:
I thought I had already covered logging out scripts, but I don't seem to have a logout page in my directory. The script is a simple two line php script and simply connects to the session then destroys it ready for a new one the next time another script connects...
- <?php
- session_start
(
)
;
- session_destroy
(
)
;
- ?>