I have an edit button on my site for users to edit comments they have written. 开发者_Go百科It appears only on posts that the logged in user has written through performing this check.
if($rows['name']===$_SESSION['myusername']
I want to allow the admin account to also be able to edit any posts. How would I add the user account for admin to this?
Thanks in advance!
Add in if statement or condition to check if current user is admin.
if( $rows['name']===$_SESSION['myusername'] || $_SESSION['idAdmin'] ) {...}
You should make sure that every login is checked and a users privileges are passed into a variable, for example:
$_user['loggedin'] = false;
if(isset($_SESSION['myusername']) && isset($_SESSION['mypassword'])) {
$q = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($_SESSION['myusername'])."' AND password = '".mysql_real_escape_string($_SESSION['mypassword'])."'");
if(mysql_num_rows($q) == 1) {
$_user = mysql_fetch_assoc($q);
$_user['loggedin'] = true;
}
}
Now assuming you have a field 'is_admin' on your database, you can use this piece of code in your check:
if($rows['name'] == $_SESSION['myusername'] OR ($_user['loggedin'] && $_user['is_admin'])) { // perform action }
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论