Skip to content

Commit

Permalink
[FEATURE] Permission Levels
Browse files Browse the repository at this point in the history
  • Loading branch information
larsjarred9 committed Jan 6, 2020
1 parent 1a679f3 commit 42809bd
Show file tree
Hide file tree
Showing 6 changed files with 60 additions and 12 deletions.
16 changes: 14 additions & 2 deletions website/dashboard/disabledleden.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
exit();
}

$level = $_SESSION["level"];

if (isset($_GET["search"])) {
$search = $_GET["search"];
$sql = "SELECT * FROM leden WHERE disable='Y' AND achternaam LIKE '%" . $search . "%' ORDER BY achternaam;";
Expand Down Expand Up @@ -102,8 +104,18 @@
<tbody>

<?php
foreach ($result as $item) {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["geboortejaar"] . "</td><td>" . $item["woonplaats"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "' class='btn btn-info'><i class='fas fa-user'></i></a></td><td><a href='views/edituser.php?id=" . $item['ledennummer'] . "&disabled=true' class='btn btn-warning'><i class='fas fa-user-edit'></i></a></td><td><a href='views/enableuser.php?id=" . $item["ledennummer"] . "' class='btn btn-success'><i class='fas fa-user-check'></i></a></td></tr>";
if ($level == 1) {
foreach ($result as $item) {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["geboortejaar"] . "</td><td>" . $item["woonplaats"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "&disabled=true' class='btn btn-info'><i class='fas fa-user'></i></a></td><td><a href='views/edituser.php?id=" . $item['ledennummer'] . "&disabled=true' class='btn btn-warning'><i class='fas fa-user-edit'></i></a></td><td><a href='views/enableuser.php?id=" . $item["ledennummer"] . "' class='btn btn-success'><i class='fas fa-user-check'></i></a></td></tr>";
}
} else if ($level == 2) {
foreach ($result as $item) {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["geboortejaar"] . "</td><td>" . $item["woonplaats"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "&disabled=true' class='btn btn-info'><i class='fas fa-user'></i></a></td><td><a href='views/edituser.php?id=" . $item['ledennummer'] . "&disabled=true' class='btn btn-warning'><i class='fas fa-user-edit'></i></a></td></tr>";
}
} else if ($level == 3) {
foreach ($result as $item) {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["geboortejaar"] . "</td><td>" . $item["woonplaats"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "&disabled=true' class='btn btn-info'><i class='fas fa-user'></i></a></td></tr>";
}
}
?>
</tbody>
Expand Down
15 changes: 15 additions & 0 deletions website/dashboard/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
exit();
}

$level = $_SESSION["level"];
$sql = "SELECT * FROM leden WHERE disable='N' ORDER BY achternaam;";
$result = $conn->query($sql);
$contributie_aankomend_jaar;
Expand Down Expand Up @@ -160,11 +161,25 @@
<tbody>

<?php
if($level == 1) {
foreach ($result as $item) {
if($item["betalingtermijn"] < date("Y-m-d") && $item['disable'] == 'N') {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["betalingtermijn"] . "</td><td>" . $item["contributie"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "' class='btn btn-info'><i class='fas fa-user'></i></a></td><td><a href='views/edituser.php?id=" . $item['ledennummer'] . "' class='btn btn-warning'><i class='fas fa-user-edit'></i></a></td><td><a href='views/removeuser.php?id=" . $item["ledennummer"] . "' class='btn btn-danger'><i class='fas fa-user-minus'></i></a></td></tr>";
}
}
}else if ($level == 2) {
foreach ($result as $item) {
if($item["betalingtermijn"] < date("Y-m-d") && $item['disable'] == 'N') {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["betalingtermijn"] . "</td><td>" . $item["contributie"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "' class='btn btn-info'><i class='fas fa-user'></i></a></td><td><a href='views/edituser.php?id=" . $item['ledennummer'] . "' class='btn btn-warning'><i class='fas fa-user-edit'></i></a></tr>";
}
}
}else if ($level == 3) {
foreach ($result as $item) {
if($item["betalingtermijn"] < date("Y-m-d") && $item['disable'] == 'N') {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["betalingtermijn"] . "</td><td>" . $item["contributie"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "' class='btn btn-info'><i class='fas fa-user'></i></a></td><td></td><td></td></tr>";
}
}
}
?>
</tbody>
</table>
Expand Down
30 changes: 24 additions & 6 deletions website/dashboard/leden.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@
exit();
}

$level = $_SESSION["level"];

if (isset($_GET["search"])) {
$search = $_GET["search"];
$sql = "SELECT * FROM leden WHERE disable='N' AND achternaam LIKE '%" . $search . "%' ORDER BY achternaam;";
Expand Down Expand Up @@ -83,7 +85,7 @@
<button class="btn btn-primary form-control" type="submit" id="submit"><i class="fas fa-search"></i> Zoeken</button>
</div>
<div class="form-group col-md-8">
<a style="float: right;" href="views/adduser.php" class="btn btn-success"><i class="fas fa-user-plus"></i> Lid Toevoegen</a>
<?php if($level == 2 || $level == 1) echo '<a style="float: right;" href="views/adduser.php" class="btn btn-success"><i class="fas fa-user-plus"></i> Lid Toevoegen</a>' ?>
</div>
</div>
</form>
Expand All @@ -104,11 +106,27 @@
</thead>
<tbody>

<?php
foreach ($result as $item) {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["geboortejaar"] . "</td><td>" . $item["woonplaats"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "' class='btn btn-info'><i class='fas fa-user'></i></a></td><td><a href='views/edituser.php?id=" . $item['ledennummer'] . "' class='btn btn-warning'><i class='fas fa-user-edit'></i></a></td><td><a href='views/removeuser.php?id=" . $item["ledennummer"] . "' class='btn btn-danger'><i class='fas fa-user-minus'></i></a></td></tr>";
}
?>
<?php
if($level == 1) {
foreach ($result as $item) {
if($item["betalingtermijn"] < date("Y-m-d") && $item['disable'] == 'N') {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["betalingtermijn"] . "</td><td>" . $item["contributie"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "' class='btn btn-info'><i class='fas fa-user'></i></a></td><td><a href='views/edituser.php?id=" . $item['ledennummer'] . "' class='btn btn-warning'><i class='fas fa-user-edit'></i></a></td><td><a href='views/removeuser.php?id=" . $item["ledennummer"] . "' class='btn btn-danger'><i class='fas fa-user-minus'></i></a></td></tr>";
}
}
}else if ($level == 2) {
foreach ($result as $item) {
if($item["betalingtermijn"] < date("Y-m-d") && $item['disable'] == 'N') {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["betalingtermijn"] . "</td><td>" . $item["contributie"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "' class='btn btn-info'><i class='fas fa-user'></i></a></td><td><a href='views/edituser.php?id=" . $item['ledennummer'] . "' class='btn btn-warning'><i class='fas fa-user-edit'></i></a></tr>";
}
}
}else if ($level == 3) {
foreach ($result as $item) {
if($item["betalingtermijn"] < date("Y-m-d") && $item['disable'] == 'N') {
echo "<td>" . $item["ledennummer"] . "</td>" . "<td>" . $item["voornaam"] . "</td><td>" . $item["achternaam"] . "</td><td>" . $item["email"] . "</td><td>" . $item["betalingtermijn"] . "</td><td>" . $item["contributie"] . "</td><td><a href='views/viewuser.php?id=" . $item['ledennummer'] . "' class='btn btn-info'><i class='fas fa-user'></i></a></td><td></td><td></td></tr>";
}
}
}
?>
</tbody>
</table>

Expand Down
1 change: 0 additions & 1 deletion website/dashboard/views/edituser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,6 @@
<main id="page-content-wrapper">
<div class="container-fluid">
<h2>Dashboard - Gegevens Wijzigen</h2>
<h2><?=$message?></h2>
<h5><?= $message ?></h5>
<div class="col-sm-4">
<div class="card">
Expand Down
5 changes: 4 additions & 1 deletion website/dashboard/views/viewuser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
}
}

if($_GET["disabled"] == "true") $disabled = true;

?>
<!DOCTYPE html>
<html lang="nl">
Expand Down Expand Up @@ -149,7 +151,8 @@
<label for="Geslacht">Leedennummer<br></label>
<?php echo "<input type='text' class='form-control' disabled name='postcode' id='Postcode' placeholder='Postcode' value='" . $ledennummer . "'>" ?>
</div>
<a class="btn btn-primary" href="../leden.php"><i class="fas fa-backward"></i> Terug naar leden</a>
<?php if($disabled == false) echo '<a class="btn btn-primary" href="../leden.php"><i class="fas fa-backward"></i> Terug naar leden</a> ';
else echo '<a class="btn btn-primary" href="../disabledleden.php"><i class="fas fa-backward"></i> Terug naar disabled leden</a> ';?>
</div>
</form>
</div>
Expand Down
5 changes: 3 additions & 2 deletions website/php/login/authenticate.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,20 +5,21 @@
die ("Vul beide invoervelden in alstublieft.");
}

if($stmt = $conn->prepare("SELECT id, username, password FROM users WHERE username = ?")) {
if($stmt = $conn->prepare("SELECT id,username,password,level FROM users WHERE username = ?")) {
$stmt->bind_param("s", $_POST["username"]);
$stmt->execute();
$stmt->store_result();

if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $username, $password);
$stmt->bind_result($id, $username, $password, $level);
$stmt->fetch();

if ($_POST["password"] === $password) {
session_regenerate_id();
$_SESSION["loggedin"] = TRUE;
$_SESSION["name"] = $username;
$_SESSION["id"] = $id;
$_SESSION["level"] = $level;
header("Location: ../../dashboard/index.php");
} else {
session_start();
Expand Down

0 comments on commit 42809bd

Please sign in to comment.