function page_require_level($require_level) { global $session; $current_user = current_user(); $login_level = find_by_groupLevel($current_user['user_level']); $_SESSION['user_level'] = find_by_groupLevel($current_user['user_level']); //if user not logged in if (!$session->isUserLoggedIn(true)) { $session->msg('d', 'Please login...'); redirect('index.php', false); //if Group status Deactivate } elseif ($login_level['group_status'] === '0') { $session->msg('d', 'This account has been locked!'); redirect('home.php', false); //checking log in User level and Require level is Less than or equal to } elseif ($current_user['user_level'] <= (int) $require_level) { return true; } else { $session->msg("d", "Sorry! you dont have permission to view the page."); redirect('home.php', false); } }
<?php $page_title = 'Add Group'; require_once 'includes/load.php'; // Checking userlevel page_require_level(1); if (isset($_POST['add'])) { $req_fields = array('group-name', 'group-level'); validate_fields($req_fields); if (find_by_groupName($_POST['group-name']) === false) { $session->msg('d', '<b>Sorry!</b> Entered Group Name already in database!'); redirect('add_group.php', false); } elseif (find_by_groupLevel($_POST['group-level']) === false) { $session->msg('d', '<b>Sorry!</b> Entered Group Level already in database!'); redirect('add_group.php', false); } if (empty($errors)) { $name = remove_junk($db->escape($_POST['group-name'])); $level = remove_junk($db->escape($_POST['group-level'])); $status = remove_junk($db->escape($_POST['status'])); $query = "INSERT INTO user_groups ("; $query .= "group_name,group_level,group_status"; $query .= ") VALUES ("; $query .= " '{$name}', '{$level}','{$status}'"; $query .= ")"; if ($db->query($query)) { //sucess $session->msg('s', "Group has been created! "); redirect('add_group.php', false); } else { //failed