Doc

$users->get with specific role ?

Recommended Posts

Doc    23

Hi,

I've just hit a problem I didn't think of.

I've registered a fake player on my website (still in dev) with the email I've used for the administrator.

So, when I connect, password doesn't match and I can't sign me up.

I'm using : (sum up) 

	$connect_user = $users->get("email=$email");

                if($connect_user && $connect_user->id) {
                    $username = $connect_user->name;
                } else {
                    echo "unknown email";
                }

                // if everything is ok :
                    if ($session->login($username, $password) !== null) {
                        // Go on

It only retrieves the admin (guest, superuser) roles but not the player I'm looking for, who has another kind of role.

Is there a way to add the role filter in the $users->get ?

I've used too :

$connect_user = $users->find("email=$email");

but it brings back different stuff than $users->get.

Thanks

Share this post


Link to post
Share on other sites
rick    329

Hi Doc,

A slight flaw in the logic. You created a second user with the same email as the administrator, and are basing your user->get 'query' on that email entry. The result of your 'query' is not unique. I would recommend you create unique emails per user to resolve this issue.

Once that is corrected, you can access the user roles of the logged-in user for further processing.

  • Like 1

Share this post


Link to post
Share on other sites
LostKobrakai    4,307

First of all $users->find() is not interchangeable with $users->get() (just like with $pages). The first does return a list of users. While the second one does return the first found result. So $users->find() will find both your users, but returns them in a list. 

To limit your query like you asked to use

$users->get("email=$email, roles!=superuser")
11 minutes ago, rick said:

A slight flaw in the logic. […] I would recommend you create unique emails per user to resolve this issue.

I wouldn't say so. It's perfectly fine to allow for non-unique emails if one is aware of the consequences.

  • Like 2

Share this post


Link to post
Share on other sites
Doc    23

Thanks to both of you. The support is awesome here :)

I'll use LostKobrakai's proposal to filter the right user.

I shouldn't have added the same email, but, I like the idea to filter them correctly as they don't have the same privileges.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.