Forum Tutorial - User Levels #2 - Moderator Privileges and Admin Panel

Submitted by Yorkiebar on Tuesday, March 4, 2014 - 05:51.
Introduction: This tutorial is carrying on from my previous tutorial of User Levels #1 on a Forum Creation Tutorial Series. Since this is #2, we are setting the permissions and actions for Moderators and creating the admin panel. Moderators: Because we will need to check the user level of the logged in user each time we want to check if they have privileges over other users, we are going to set a new session variable on the login script (isMod)...
  1. $con = mysqli_connect('localhost', 'root', '', 'forumTutorial');
  2. if (isSet($_POST['login']) && isSet($_POST['user']) && isSet($_POST['pass']) && $_POST['user'] != '' && $_POST['pass'] != '') {
  3.         $pass = $_POST['pass'];
  4.         $passMD5 = md5($pass);
  5.         $user = $_POST['user'];
  6.         $q = mysqli_query($con, "SELECT * FROM `users` WHERE `username`='$user'");
  7.         if (mysqli_num_rows($q) > 0) {
  8.                 $info = mysqli_fetch_array($q);
  9.                 $storedPassword = $info['password'];
  10.                 if ($storedPassword == $passMD5) {
  11.                         $_SESSION['username'] = $user;
  12.                         if ($info['level'] == 2)
  13.                                 $_SESSION['isMod'] = 'yes';
  14.                         header("Location:forumTutorial.php");
  15.                         exit();
  16.                         echo 'Logged in!';
  17.                 }else
  18.                         echo 'Password was incorrect. Please try again.';
  19.         }else
  20.                 echo 'That username was not found. Please try again.';
  21. }
Now we can simply check if 'isMod' is set in the session variables when we want to check if the logged in user is a moderator. So next, when we output each thread on our main home page we want to check if the logged in user ia moderator, if they are, give them a delete option...
  1. echo '<tr><td><a href="threadPage.php?tid='.$row["id"].'">'.$row["title"].'</td><td>'.$content.'...</td>';
  2. if (isSet($_SESSION['isMod']))
  3.         echo '<td><a href="threadPage.php?act=delete&type=thread&id='.$row["id"].'">Delete</td>';
  4. echo '</tr>';
We also need to alter our delete script to check that the person trying to delete the post is either the author of the post or a moderator...
  1. if ($delType == 'reply') {
  2.         $delAuthorQ = mysqli_query($con, "SELECT * FROM `replies` WHERE `id`='$delID'");
  3.         $delAuthorInfo = mysqli_fetch_array($delAuthorQ);
  4.         $delAuthor = $delAuthorInfo['author'];
  5.         if (strtolower($delAuthor) == strtolower($_SESSION['username']) || isSet($_SESSION['isMod'])) {
  6.                 $delq = mysqli_query($con, "DELETE FROM `replies` WHERE `id`='$delID'");
  7.         }else
  8.                 echo 'You do not have permission to do that!';
  9. }else if ($delType == 'thread') {
  10.         $delAuthorQ = mysqli_query($con, "SELECT * FROM `threads` WHERE `id`='$delID'");
  11.         $delAuthorInfo = mysqli_fetch_array($delAuthorQ);
  12.         $delAuthor = $delAuthorInfo['author'];
  13.         if (strtolower($delAuthor) == strtolower($_SESSION['username']) || isSet($_SESSION['isMod'])) {
  14.                 $delq = mysqli_query($con, "DELETE FROM `threads` WHERE `id`='$delID'");
  15.         }else
  16.                 echo 'You do not have permission to do that!';
  17. }
Next we need to add the option next to replies to a thread...
  1. if (isSet($_SESSION['username']) && $author == $_SESSION['username'] || isSet($_SESSION['isMod']))
  2.         $replies .= '<td><a href="threadPage.php?act=delete&type=reply&id='.$row["id"].'">Delete</a></td>';
Admin Panel: Next we are going to make the admin panel. Here admins will be able to change other users' levels. Since the next tutorial is more on admin features, we are not going to add a check to see if the user accessing the page is an admin, you cna add it if you know how, send me a message if you need help, or read the next tutorial. Before we can do anything, make a new file named "admin.php", this is where the panel will go. So first we are going to connect to the database and continue our sessions...
  1. <?php
  2.         session_start();
  3.         $con = mysqli_connect('localhost', 'root', '', 'forumTutorial') or die(mysql_error());
  4. ?>
  5. <html>
  6.         <head></head>
  7.         <body>
  8.         </body>
  9. </html>
Next we will list each user in the users table within our database along with their current user level, and a small form to change their user level to a new number...
  1. <h1>Users List:</h1>
  2. <table>
  3.         <tbody>
  4.                 <?php
  5.                         $q = mysqli_query($con, "SELECT * FROM `users`");
  6.                         while ($row = mysqli_fetch_array($q)) {
  7.                                 echo '<tr><td>'.$row["username"].'</td><td>Current Level: '.$row["level"].'</td><td>Change Level: </td><td><form action="admin.php?act=level&uID='.$row["id"].'" method="POST"><input type="number" name="newLevel" /><input type="submit" value="Change User Level" /></form></td></tr>';
  8.                         }
  9.                 ?>
  10.         </tbody>
  11. </table>
Next we process the forms by checking the GET and POST arguments given by the forms. We check the level is between 1 and 3, otherwise we output there's a problem and reset it accordingly...
  1. if (isSet($_GET['act']) && $_GET['act'] == 'level' && isSet($_GET['uID']) && isSet($_POST['newLevel'])) {
  2.                 $userID = $_GET['uID'];
  3.                 $level = $_POST['newLevel'];
  4.                 if ($level > 3) {
  5.                         echo 'Warning, new user level is above three, resetting to three.';
  6.                         $level = 3;
  7.                 }else if($level < 1) {
  8.                         echo 'Warning, new user level is below one, resetting to one.';
  9.                         $level = 1;
  10.                 }
  11.                 $q = mysqli_query($con, "SELECT * FROM `users` WHERE `id`='$userID'");
  12.                 if (mysqli_num_rows($q) > 0) {
  13.                         //User exists.
  14.                         $qq = mysqli_query($con, "UPDATE `users` SET `level`='$level' WHERE `id`='$userID'");
  15.                         if ($qq) {
  16.                                 echo 'Updated user level.';
  17.                         }else
  18.                                 echo 'Failed to update user level.';
  19.                 }
  20.                 header("Location:admin.php");
  21.                 exit();
  22.                 echo 'Redirecting.';
  23.         }
In the above code we also make sure the user exists before we attempt to alter their user level (because this would cause an error, obviously). Next tutorial we will be finishing off admin privileges which includes banning users.
Tags
php
MYSQL
MySQLi
User
Create
Forum
admin
panel
Moderator

Add new comment

About text formats
  • 198 views