Ive made the following script to display files from a directory if user is signed in:
<?php
session_start();
require_once("path/file.php");
if (!empty($_SESSION[username]))
{echo "You <b>$_SESSION[username]</b> are registered.";
$dirPath = dir('includes/path/');
$docArray = array();
while (($file = $dirPath->read()) !== false)
{
if ((substr($file, -3)=="pdf") || (substr($file, -3)=="doc"))
{
$docArray[ ] = trim($file);
}
}
$dirPath->close();
sort($docArray);
$c = count($docArray);
foreach($docArray as $filename)
{
echo "<div><a href=\"./includes/path/$filename\">Download '$filename'</a></div>";
echo "<br/>";
}
include('logout.php');
}
else
{echo "somethingsomething";
include('login.php');
}
?>
In the members table there are two columns MSV and LTP with possible values 0, 1. Also I have to directories /path/LTP and /path/MSV.
I would need an addition to the script that if a user has privileges to LTP or/and MSV, the files would be displayed accordingly.
You will need stored into $_SESSION the value of the fields LTP and MSV and try somethig like this in the php file that your are using to read those folder
read LTP folder
if(!empty($_SESSION[LTP])){
//code to read LTP folder
}else{
//Cannot read LTP folder
}
read MSV folder
if(!empty($_SESSION[MSV])){
//code to read MSV folder
}else{
//Cannot read MSV folder
}
Assuming 0 is deny acces and 1 is grant permission to read
Query your database for the user, and build in logic after you fetch your row.
$username = mysqli_real_escape_string($con, $_SESSION['username']);
$query = "SELECT `LTP`, `MSV` FROM `members` WHERE `username`='".$username."'";
$data = mysqli_query($con, $query) or die(mysqli_error($con));
$row = mysqli_fetch_array($data);
if ($row['MSV'] == '1') {
//provide access to MSV files here.
}
if ($row['LTP'] == '1') {
//provide access to LTP files here.
}
Note that the die statement is for debugging and is not graceful enough for production use.