Simple Logic Question

Hey everyone,

This is a pretty silly one, I just can't get my head around it.

I have a table of artices, with a row "isPremium", meaning it's
content available only to paid users. In my corresponding user table I
have a row "user_group" with various levels signifying access rights.

In my file displayarticle.php I'm trying to process this. What I want
is for the system to check the article ID, if it's premium, check the
user's credentials (and if they're not okay, print some kind of
error), and if it's not premium, just display it as normal.

My efforts to do this have given errors due to my nested if statements
and I can't seem to think of a solution that doesn't involve my (200
line) display article code being repeated for both possible outcomes
(eg, isPremium = true or false). Can anyone point out the blindingly
obvious solution I'm missing?

Matt

Re: Simple Logic Question

Matt wrote:
> Hey everyone,
>
> This is a pretty silly one, I just can't get my head around it.
>
> I have a table of artices, with a row "isPremium", meaning it's
> content available only to paid users. In my corresponding user table I
> have a row "user_group" with various levels signifying access rights.
>
> In my file displayarticle.php I'm trying to process this. What I want
> is for the system to check the article ID, if it's premium, check the
> user's credentials (and if they're not okay, print some kind of
> error), and if it's not premium, just display it as normal.

What - are we working on the same project? ;)

The way I did this is to have the article displayed in TWO PHP pages,
loaded into the main page.

The first page displays the teaser - title and description - to everyone.

The second page checks the credentials before displaying the content.

Re: Simple Logic Question

On Aug 26, 10:23 pm, Sanders Kaufman wrote:

> What - are we working on the same project? ;)
>
> The way I did this is to have the article displayed in TWO PHP pages,
> loaded into the main page.
>
> The first page displays the teaser - title and description - to everyone.
>
> The second page checks the credentials before displaying the content.

Hmm, this would work, but a) it complicates my code since I already
have pagination going on (and comments, etc etc), and b) I'd rather
non premium users didn't even know about the existence of the special
articles. I think, anyway..

But! You did give me an idea. I could just make a separate file for
handling premium articles, and just send premium users to that page
when they're browsing the article index. Simple!

Re: Simple Logic Question

Matt wrote:
> On Aug 26, 10:23 pm, Sanders Kaufman wrote:
>
>> What - are we working on the same project? ;)
>>
>> The way I did this is to have the article displayed in TWO PHP pages,
>> loaded into the main page.
>>
>> The first page displays the teaser - title and description - to everyone.
>>
>> The second page checks the credentials before displaying the content.
>
> Hmm, this would work, but a) it complicates my code since I already
> have pagination going on (and comments, etc etc), and b) I'd rather
> non premium users didn't even know about the existence of the special
> articles. I think, anyway..
>
> But! You did give me an idea. I could just make a separate file for
> handling premium articles, and just send premium users to that page
> when they're browsing the article index. Simple!
>

But then how do the premium users read the non-premium articles? Of
course if you can answer that then you've solved your original problem.

Norm

p.s. You need to check your users permissions prior to retrieving your
articles. In other words, build your SELECT statement based on your
users permissions:

if ($user_is_premium)
{
SELECT both non-premium and premium articles here
}
else
{
SELECT non-premium articles here
}
....rest of code

should be a rather small change to your code.

Re: Simple Logic Question

> But then how do the premium users read the non-premium articles? Of
> course if you can answer that then you've solved your original problem.
>
> Norm
>
> p.s. You need to check your users permissions prior to retrieving your
> articles. In other words, build your SELECT statement based on your
> users permissions:
>
> if ($user_is_premium)
> {
> SELECT both non-premium and premium articles here}
>
> else
> {
> SELECT non-premium articles here}
>
> ...rest of code
>
> should be a rather small change to your code.


Basically on the article index page I'll just loop through all of the
articles in the table, and test for isPremium. If a row isPremium,
I'll send the link to displaypremiumarticle.php?id=123, if not, just
to displayarticle.php?id=123.

That code would make things simpler but this page specifically
displays a single article, hence the confusion. I could just do the
above method and not show the links to non-premium users but this
means a curious user could just guess at URLs and find 'hidden'
content.

Re: Simple Logic Question

Matt wrote:
>> But then how do the premium users read the non-premium articles? Of
>> course if you can answer that then you've solved your original problem.
>>
>> Norm
>>
>> p.s. You need to check your users permissions prior to retrieving your
>> articles. In other words, build your SELECT statement based on your
>> users permissions:
>>
>> if ($user_is_premium)
>> {
>> SELECT both non-premium and premium articles here}
>>
>> else
>> {
>> SELECT non-premium articles here}
>>
>> ...rest of code
>>
>> should be a rather small change to your code.
>
>
> Basically on the article index page I'll just loop through all of the
> articles in the table, and test for isPremium. If a row isPremium,
> I'll send the link to displaypremiumarticle.php?id=123, if not, just
> to displayarticle.php?id=123.
>

Don't. Let SQL do it for you. Norm has the right idea.

> That code would make things simpler but this page specifically
> displays a single article, hence the confusion. I could just do the
> above method and not show the links to non-premium users but this
> means a curious user could just guess at URLs and find 'hidden'
> content.
>

IF they aren't authorized, they won't get the article, even if they
guess the URL.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: Simple Logic Question

"Jerry Stuckle" wrote in message
news:46D21E8F.3040708@attglobal.net...
> Matt wrote:
>>> But then how do the premium users read the non-premium articles? Of
>>> course if you can answer that then you've solved your original problem.
>>>
>>> Norm
>>>
>>> p.s. You need to check your users permissions prior to retrieving your
>>> articles. In other words, build your SELECT statement based on your
>>> users permissions:
>>>
>>> if ($user_is_premium)
>>> {
>>> SELECT both non-premium and premium articles here}
>>>
>>> else
>>> {
>>> SELECT non-premium articles here}
>>>
>>> ...rest of code
>>>
>>> should be a rather small change to your code.
>>
>>
>> Basically on the article index page I'll just loop through all of the
>> articles in the table, and test for isPremium. If a row isPremium,
>> I'll send the link to displaypremiumarticle.php?id=123, if not, just
>> to displayarticle.php?id=123.
>>
>
> Don't. Let SQL do it for you. Norm has the right idea.
>
>> That code would make things simpler but this page specifically
>> displays a single article, hence the confusion. I could just do the
>> above method and not show the links to non-premium users but this
>> means a curious user could just guess at URLs and find 'hidden'
>> content.
>>
>
> IF they aren't authorized, they won't get the article, even if they guess
> the URL.

Jerry beat me to it. The way I do it is to the ifs within the building of
an SQL query statement. I then execute the query. For example, I want to
display a list of orders where it can be all the orders, all the orders for
a given account number, or all the orders for a given account number and a
given agent. Here is my query building code:

***************
$qf = "SELECT * FROM Orders";
$qm = "";
$qe = " ORDER BY timestamp DESC";
if (strlen($accountNumber) > 0) {
$qm = " WHERE accountNumber=" .
GetSQLValueString($accountNumber, "int");
}
if (strlen($agentID) > 0) {
if ($qm == "") {
$qm = " WHERE agentID=" .
GetSQLValueString($agentID, "int");
} else {
$qm .= " AND agentID=" .
GetSQLValueString($agentID, "int");
}
}
$q = $qf . $qm . $qe;
**************

You could do a similar thing with respect to access rights.

--
Shelly

Re: Simple Logic Question

On Aug 27, 1:45 am, Jerry Stuckle wrote:

> IF they aren't authorized, they won't get the article, even if they
> guess the URL.

This is the part I'm having trouble with. Norman's method will work
fine to print a list of links to articles depending on user access
rights, but my issue is for displaying a specific article. I just
can't figure out an efficient way to test a) if the article IS premium
and b) if the user is premium without repeating my 'output article'
code.

I can't build my SELECT statement based on privileges because I have
to make the SELECT in the first place to establish whether or not the
article is premium content or not!

Re: Simple Logic Question

Matt wrote:
> On Aug 27, 1:45 am, Jerry Stuckle wrote:
>
>> IF they aren't authorized, they won't get the article, even if they
>> guess the URL.
>
> This is the part I'm having trouble with. Norman's method will work
> fine to print a list of links to articles depending on user access
> rights, but my issue is for displaying a specific article. I just
> can't figure out an efficient way to test a) if the article IS premium
> and b) if the user is premium without repeating my 'output article'
> code.
>
> I can't build my SELECT statement based on privileges because I have
> to make the SELECT in the first place to establish whether or not the
> article is premium content or not!
>

If you can retrieve whether the article is premium or not, SQL can test
on it. Just make it a part of your SELECT statement - if they are not a
premium user, ensure it's not a premium article.

For details on the SQL itself, try posting in comp.databases.mysql -
you'll need to post your table layout and some sample data so people can
help you.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: Simple Logic Question

Matt wrote:
> On Aug 27, 1:45 am, Jerry Stuckle wrote:
>
>> IF they aren't authorized, they won't get the article, even if they
>> guess the URL.
>
> This is the part I'm having trouble with. Norman's method will work
> fine to print a list of links to articles depending on user access
> rights, but my issue is for displaying a specific article. I just
> can't figure out an efficient way to test a) if the article IS premium
> and b) if the user is premium without repeating my 'output article'
> code.
>

Right, so a non-premium user will not have links to premium articles
and premium users will have links to everything which is just what you
wanted. You need to use sessions (see below) in both your index script
and your article script to keep track of the users status.


> I can't build my SELECT statement based on privileges because I have
> to make the SELECT in the first place to establish whether or not the
> article is premium content or not!
>

So really what you need to do is keep track of a users access rights
when they login. This way what Jerry and I said, put together gives you
what you're after. Use sessions to store the users credentials at login
so that you can create your queries properly.


Norm