Bazaar – php example code – part 7 – limiting user access and diferent page content display

Article deeper focus on mechanism how to use session variables created for loged in user for diferentiating page display. This mechanism relays on login features described in article part 6. Together make reusable solution for another projects with need in restricting access and diferent page content display for diferent categories of users.

Diferent content display – how to?

In many cases is important to display content of the page diferently for diferent types of users. Page for anonymous user will not display ability for editing user profiles or only loged in user can sell or buy listed items.

First part of all pages restricting access to them contains initialization session function call and reading info from session. If session is not set up, then look at data stored in cookies. If cookies contain valid information about loged in users, then session inforation is per page restored by their content. If not, page display content as for anonymous user.

This code looks like this

 require_once(‚appvars.php‘); // including variables for database
    // two variables for message and styling of the mesage with bootstrap
    session_start()// start the session – must be added on all pages for session variable accessing

    // solution using SESSIONS with COOKIES for longer (30days) login persistency
    
    if(!isset($_SESSION[‚users_id‘])) { // if session is no more active
        if(isset($_COOKIE[‚users_id‘]) && isset($_COOKIE[‚username‘])) { // but cookie is set then renew session variables along them
            $_SESSION[‚users_id‘] = $_COOKIE[‚users_id‘];
            $_SESSION[‚username‘] = $_COOKIE[‚username‘];
            $_SESSION[‚user_role‘] = $_COOKIE[‚user_role‘]; // added for role
        }
     }

Diferent page content display

For diferent page display, we request for existence one fo session variable. If present, user is loged in, if not alternatve part of page code must be shown.

<!– *************************************************** –>
<!– HTML part available after succesfull login as user –>
<!– *************************************************** –>        
<?php if(isset($_SESSION[‚users_id‘]) ) { //if user is loged with users_id then editprofile form is available?> 
 
… part of page code shown if user loged in …
 
<!– ***************************************** –>
<!– HTML part displayed for unloged user      –>
<!– ***************************************** –> 
<?php } else { // else if user is not loged then form will noot be diplayed?>  
    
     
        <br> 
        <img id=“calcimage“ src=“./images/logininvit.png“ alt=“Log in invitation“ width=“150″ height=“150″>
        <br>
        <h4>For listening items for sell you must be loged in <a class=“navbar-brand“ href=“login.php“> here. </a></h4>
        <br>
      

<?php } ?>  

Main page menu variable content display

Main menu is another example of part fo adaptive dsiplay relaying on category of loged in user.

Next code display way how to display their content.

<body>
    <nav class=“navbar navbar-default“>
      <div class=“container“>
        <div class=“navbar-header“>    
        <?php // generate menu if user is loged in or not
         // old solution with cookies if(isset($_COOKIE[‚username‘])) { // loged in user
            if(isset($_SESSION[‚username‘])) { // loged in user
                echo ‚<a class=“navbar-brand“ href=“index.php“>Bazaar – best items for a best prices!</a>‘;
                echo ‚<a class=“navbar-brand“ href=“editprofile.php“> Edit profile </a>‘;
                echo ‚<a class=“navbar-brand“ href=“logout.php“> Logout ‚ .$_SESSION[‚username‘] .'</a>‘;
                if(isset($_SESSION[‚user_role‘])==’admin‘) {
                   echo ‚<a class=“navbar-brand“ href=“admin.php“> Manage your page </a>‘;
               };
               require_once(‚sell_icon.php‘); // graphic menu item for selling your items  – we focus on this two items in next articles from tihis series
               require_once(‚cart_icon.php‘); // small cart icon in menu
             } else { // visitor without login
               echo ‚<a class=“navbar-brand“ href=“login.php“> Log In </a>‘;
               echo ‚<a class=“navbar-brand“ href=“signup.php“> Sign Up for better membership! </a>‘;
   
               echo ‚<a class=“navbar-brand“ href=“index.php“>Bazaar – best items for a best prices!</a>‘;
            }
        ?>   
        </div>
      </div>
    </nav>

Different display of content shows following pictures on example of admin page.

Display of admin page of unloged user

Display of admin page for user with low priviledges – relogin as admin requested.

Loged in as admin

Conclusions and further thoughts

We described ways how to display diferent content of the pages for diferent categories of users. Or mechanism use existence of sesion variables of loged user for making decision of which part of page is visible.

Inplementation of this features in whole project can be wisible on our github account here.