Show and Hide Content Based on User Access Levels

By: Danilo Celic

Page 1 of 3

Set for printing

Next

Dreamweaver's native Log In User server behavior combined with the Restrict Access to Page server behavior can help you protect your pages from prying eyes. However, when it comes for more fine grained control of content on pages viewable by users from multiple access levels, Dreamweaver doesn't have anything built in to offer any assistance to you.

Imagine you want to build a content management system (CMS) for your client. They could have three, or more, access levels defined for logged in users of their site. There may be a systemAdmin  user (probably you), a few admin users that perform basic administration work of the site such as approve new content, and finally you have several author users that create the content that the admin users approve, and finally you have a bunch of subscriber users that can view articles and also change an modify their own account info.

As part of the CMS that you're building you might have a control panel page that contains the main navigation links for common tasks performed by all users, such as updating user password and contact information. All of this is easily handled by the Restrict Access to Page server behavior so that all logged in users can see your common content. If you have links to pages that have special significance only to say the admin users such as approving articles, you'd probably rather not create a special log in just for admin users, as well as you'd rather not show links that user access levels shouldn't see, and probably can't even visit if you're properly restricting access to those pages using the Restrict Access To page server behavior.

Note: To read up on using the server behaviors mentioned above take a look at Using the Log in Server Behavior and Access Level and Login for PHP and ASP. Or check out our Liverpool JumpStart which contains a page set design design that includes password protected pages.

So how do you balance the two competing needs, a main control panel page that displays common links and also displays links that only specified users can access? One way to do this would be to analyze the code Dreamweaver uses to determine if a user can log in, or check out the code that is used to determine if a logged in user can access a restricted page.

We've taken a close look at these server behaviors for you and determined that Dreamweaver's Log In User and Restrict Access To Page server behaviors write code to your page that use session variables to maintain information about a user if they are logged in, and what access level they have assigned to them when logged in.

Note: ColdFusion users make sure you have sessionmanagement turned on in your Application.cfm to enable sessions. For an article on doing this, check out: Enabling Session Variables in ColdFusion.

ASP and ColdFusion use a session variable named MM_UserAuthorization and PHP uses a session variable named MM_UserGroup to identify the access level for a logged in user. So checking that a user's MM_UserAuthorization, or MM_UserGroup, value is part of a list of valid access levels (or alternately checking that their access level is not part of the list) will help you determine if you need to show or hide a particular piece of content.

In the sample code below, we're using Access levels for our users where 1 = System Admin, 2= Admin, 3= Users. ASP VBScript does things a little differently than ColdFusion and PHP, so we'll tackle PHP and ColdFusion together and then get on to VBScript further down the article. The sample pages within the support files contain pages written in ColdFusion, PHP and ASP VBScript that show content based upon the access level examples. You can use the included Access MDB file to test with or, the .sql file to create your own MySQL table.

Showing Content for ColdFusion and PHP

To show content when a user is a System Admin (1), use the following to wrap around your content:

ColdFusion:

<cfif ListContains("1", Session.MM_UserAuthorization)>
Content to show if user in proper access level.
</cfif>

PHP:

<?php
$accessLevels = array("1");
$validLevel = $_SESSION['MM_UserGroup'];
if(array_search($validLevel, $accessLevels)>-1){
?>
<p>System Admin users (1)</p>
<?php
}
?>

If you want to show content to System Admins (1) and to Admin (2) users, wrap your content with the following:

ColdFusion:

<cfif ListContains("1,2", Session.MM_UserAuthorization)>
Content to show if user in proper access level.
</cfif>

PHP:

<?php
$accessLevels = array("1","2");
$validLevel = $_SESSION['MM_UserGroup'];
if(array_search($validLevel, $accessLevels)>-1){
?>
Content to show if user in proper access level
<?php
}
?>

Please note that in the code being used here Coldfusion uses a quotes comma separated string such as "1,2" and PHP uses comma separated quotes strings as in "1","2".

Page 1 of 3 1 2 3 Next


download
Download Support Files


Downloads are disabled during your trial period.


Keywords
Dreamweaver, Log In User, Restrict Access To page, Session, MM_UserAuthorization, MM_UserGroup, Access Levels, user group