You should be able to create a recordset with the correct SQL statement to join the banner table to the link table and show all users authorized for that domain. If the information is in the the database so that you could figure it out manually, then there is a SQL statement that would figure it out as well.I don't think you need any more tables or inserts... just the correct SQL statement to verify admin access.
Thank you Ray. I do have an (unenviable) issue with over-thinking things, as I'm sure you're used to by now!
So on the Insert/Update page I create a recordset that pulls all of the authorised users out of the domain/user link table....how do I then compare the userID in session (created by MySQli Login User) with the results of that recordset? I understand how to do this when there's only one row in the recordset...
<?php if ($rsAUTHUSERS->getColumnVal("userID") == $_SESSION['userID']) { ?>
<display the Insert/Update form>
<?php } ?>
...what if there are multiple results?
You mention that this can be achieved in a SQL statement so maybe there's not even a need to have this if code on the page, rather it would just display a "you are not authorised" message if recordset is empty?
Appreciate the help, thank you.
NJ
EDIT: Thinking this through...I don't need to join the banner table at all, do I? I just need to check that the session userID created by MySQLi Login User is listed in the domain/user link table. Like so...
<?php
$rsISAUTH = new WA_MySQLi_RS("rsISAUTH",$csdbmysqli,1);
$rsISAUTH->setQuery("SELECT linkuserdomID, domainID, userID FROM linkuserdom WHERE domainID = ? AND userID = ?");
$rsISAUTH->bindParam("i", "".(isset($_POST['dID'])?$_POST['dID']:"") ."", "-1"); //colname
$rsISAUTH->bindParam("i", "".(isset($_SESSION['userID'])?$_SESSION['userID']:"") ."", "-1"); //colname1
$rsISAUTH->execute();
?>
I can then show/hide content based on whether or not that recordset if empty, right?
