prventing from a person to enter to a certain page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

prventing from a person to enter to a certain page

Post by pelegk2 »

i have a db that tlls me each page by its name its user priviliges need to acces the page!
what is the best way to manage all of this?
to check on each page with the db?or any other way?
thanks in advance
peleg[/big_search]
tony_c
Forum Newbie
Posts: 4
Joined: Wed Feb 11, 2004 9:11 am

Be more specific please

Post by tony_c »

You will get better/more responses/help if you are more specific.

Here is a "shot in the dark" that may help you:

When the user logs in, give them a cookie specifying the user's access level...

Code: Select all

setcookie("access_level", $access_level, time() + 14400);
Then, at the top of each page verify the access level...

Code: Select all

$access_level = $HTTP_COOKIE_VARSї'access_level'];

if($access_level != "this_level") {
   echo "You do not have permission to view this page\n";
   exit;
}
For better security, the $access_level should be some random string like a password, instead of something obvious like 1,2,3,"low","medium","high" etc. Hope this helps.
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

sessions

cookies

run a query against the stored/logged-in username and make a list of if-statements to allow certain people

or, the more 'professional' way:

make a column in the sql table called admin, set the default to 0 (cant access the page) then when new users sign -up they are viewed as basic, change the value to 1 for they can access that pages.

again, use if-statements.

good luck
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

Post by pelegk2 »

first thanks both of u !
second tony_c what do i do if the usercookies are disabled!!!!
and doing

Code: Select all

exit;
is not enough i need to redirect to another page how do i do that?
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

you can redirect using header() function or Javascript.

if the user cookies are disabled, theres nothing you can do cept warn them that they need to enable cookies. If it dont set, it will act as if they never logged in.
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

hence why you should use the MySQL to do the handling (as I suggested in my above post)

8)
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

*nod*

whoops, im not malcolm ;) :P

tim's way + keep it in a session, then check it like:

Code: Select all

$page_rank = 3;
$user_rank = mysql_result(mysql_query("SELECT rank FROM users WHERE username = {$_SESSION['name']}"), 0,0);
if($user_rank >= $page_rank){
//print page
}
else {
header("Location: errorpage.php");
}
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

lol theres the code

:)
Post Reply