php code limit a user based on access level

Report · Oct 19, 2009

building site where users post items for sale

different levels of access

want to limit basic access level to 10 postings

use php/mysql and dreamweaver CS4

thanks for your help,

jim balthrop

Report · Oct 19, 2009

basic user inserts their post into a table. recordset of table finds out how many posts the users has made. your php code will then determine IF recordset for users total posts > 10 then no more posts are possible ELSE post is possible.

What is to prevent users from creating multiple accounts to post more than 10?

You're welcome.

In Response To DwFAQ · Oct 20, 2009

thanks

so i would have the recordset with COUNT(*) >10 as part of the recordset; would the recordset go on the login user page and the IF count is >10 echo a statement to purchase a higher level?

would the recordset need to go on any other pages than just the login page?

anything i am missing?

In Response To JBWebWorks · Oct 20, 2009

The recordset should also go on the add page so that it checks that the user cannot add anymore without upgrading.

select * from user where user_type = 'basic'

do your count here

if user_type = basic {

do something here

e.g echo 'please upgrade your account. Click Here to upgrade';

}

In Response To JBWebWorks · Oct 20, 2009

JBWebWorks wrote:
anything i am missing?

Yeah: Like I asked earlier...

What is to prevent users from creating multiple accounts to post more than 10?

In Response To DwFAQ · Oct 20, 2009

only thing using is get User_IPaddress when registering account

with $_SERVER["REMOTE_ADDR"]

comparison made and email sent to me to allow or not.

must try to determine if a household is setting up more than one account.

There are many benefits to having an upgraded account more than just the ability to post unlimited.

In Response To JBWebWorks · Oct 20, 2009

sounds phenominal

Like Craigslist but you have to pay... sign me up!

If the activation method of the registration being sent to your email is this method then, as mentioned, it can be circumvented. And the IP address is an absolute fool-proof way to prevent multiple registration. That is of course without the consideration that the user may use a proxy server or otherwise cloak their IP address.

Think of it this way: what if you were only allowed to post 10 threads in the Adobe forums and after that you had to pay to get "many benefits besides unlimited posting" What do you think DWFAQ would do?

In Response To DwFAQ · Oct 21, 2009

to confirm the registration i am using a hidden field on the registration form which produces a random numeric string

<input name="account_sessionID type="hidden" id="account_sessionID value="<?php

echo rand() . "";

echo rand(5, 2215);

?> "

mysql has that field as unique (even though i doubt the random string would ever be duplicated)
an auto email to the registrant includes the random string which they must type into a field on a confirm page and that field is compared to the account_sessionID field in their registration record and if it is equal their account is validated

Report · Oct 20, 2009

Best way is to add a user_type field into the database table, this will hold the user type say "basic" user will only have access to certain parts of site.

Advanced can have access to all.

Add it to your query.

SELECT * FROM users WHERE user_type = 'basic'