I am trying to figure out how to block a user from signing in to my site unless they are over a certain permission level. I am making my site public and once someone registers they are given the permission level 'bench'. Once I accept the user and change the permission level, then they are able to login. The way I am blocking the 'bench' permission level users is with a redirect to the index page(where they sign in at). However, I want to display some sort of alert that pop's up displaying a message that I create and then from the start not even allow that user to move forward.
I'm not sure if I can do this with validation or not. Something like if this user tries to log in, the script dies once it sees that the permission level is at the group 'bench'. Then a pop alert displays saying why.
This is how I allow the user to login..
if(Input::exists()) {
if(Token::check(Input::get('token'))) {
$validate = new Validate();
$validation = $validate->check($_POST, array(
'username' => array('required' => true),
'password' => array('required' => true)
));
if($validation->passed()) {
$user = new User();
$remember = (Input::get('remember') === 'on') ? true : false;
$login = $user->login(Input::get('username'), Input::get('password'), $remember);
if($login) {
Redirect::to('userIndex.php');
} else {
$tryagain = '<span class="signinpanel">' . "The information you entered did not match our records." . '</span>';
}
} else {
foreach($validation->errors() as $error) {
echo $error, '<br>';
}
}
}
I then redirect like this...
if($user->hasPermission('bench')) {
header("Location: http://sundayfundayleague.com");
die();
}
This is my permissions code:
public function hasPermission($key) {
$group = $this->_db->get('groups', array('id', '=', $this->data()->group));
if($group->count()) {
$permissions = json_decode($group->first()->permissions, true);
if($permissions[$key] == true) {
return true;
}
}
return false;
}
How can I go about doing this?
UPDATE:
I am not sure I am doing this correctly. I'm doing a die with it and showing an error message I made up.
if(Input::exists()) {
if(Token::check(Input::get('token'))) {
$permissionError = "Your membership request has not been accepted yet.";
$validate = new Validate();
$validation = $validate->check($_POST, array(
'username' => array('required' => true),
'password' => array('required' => true)
if($user->hasPermission('bench')) {
die($permissionError);
));
if($validation->passed()) {
$user = new User();
$remember = (Input::get('remember') === 'on') ? true : false;
$login = $user->login(Input::get('username'), Input::get('password'), $remember);
if($login) {
Redirect::to('userIndex.php');
} else {
$tryagain = '<span class="signinpanel">' . "The information you entered did not match our records." . '</span>';
}
} else {
foreach($validation->errors() as $error) {
echo $error, '<br>';
}
}
}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 迷人小祖宗 的文章《Blocking a user from logging in with a certain per》','https://www.manongdao.com/article-482853.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}