function page_require_level($require_level)
{
global $session;
$current_user = current_user();
$login_level = find_by_groupLevel($current_user['user_level']);
$_SESSION['user_level'] = find_by_groupLevel($current_user['user_level']);
//if user not logged in
if (!$session->isUserLoggedIn(true)) {
$session->msg('d', 'Please login...');
redirect('index.php', false);
//if Group status Deactivate
} elseif ($login_level['group_status'] === '0') {
$session->msg('d', 'This account has been locked!');
redirect('home.php', false);
//checking log in User level and Require level is Less than or equal to
} elseif ($current_user['user_level'] <= (int) $require_level) {
return true;
} else {
$session->msg("d", "Sorry! you dont have permission to view the page.");
redirect('home.php', false);
}
}
<?php
$page_title = 'Add Group';
require_once 'includes/load.php';
// Checking userlevel
page_require_level(1);
if (isset($_POST['add'])) {
$req_fields = array('group-name', 'group-level');
validate_fields($req_fields);
if (find_by_groupName($_POST['group-name']) === false) {
$session->msg('d', '<b>Sorry!</b> Entered Group Name already in database!');
redirect('add_group.php', false);
} elseif (find_by_groupLevel($_POST['group-level']) === false) {
$session->msg('d', '<b>Sorry!</b> Entered Group Level already in database!');
redirect('add_group.php', false);
}
if (empty($errors)) {
$name = remove_junk($db->escape($_POST['group-name']));
$level = remove_junk($db->escape($_POST['group-level']));
$status = remove_junk($db->escape($_POST['status']));
$query = "INSERT INTO user_groups (";
$query .= "group_name,group_level,group_status";
$query .= ") VALUES (";
$query .= " '{$name}', '{$level}','{$status}'";
$query .= ")";
if ($db->query($query)) {
//sucess
$session->msg('s', "Group has been created! ");
redirect('add_group.php', false);
} else {
//failed
