PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
// continue with existing session, or start a new one
if (!isset($_SESSION)) {
if (isset($session_name)) {
session_name($session_name); // set the session name
}
session_start(); // open/reopen session
}
// check if user is logged in
$task_id = basename($_SERVER['PHP_SELF']);
if (!in_array($task_id, array('cms_logon.php', 'help.php')) && (!isset($_SESSION['user_id']) || !isset($_SESSION['role_id'])))
{
redirect('cms_logon.php');
}
// check if user has authorization to access this task
require_once('classes/cms_role_task_xref.class.inc');
$rbac = new cms_role_task_xref;
if (!in_array($task_id, array('cms_logon.php', 'help.php')) && (!isset($_SESSION['allowed'][$task_id]) || $_SESSION['allowed'][$task_id] != 'y'))
{
$role_id = $_SESSION['role_id'];
$data = $rbac->getData("task_id='$task_id' AND role_id='$role_id'");
if (count($data) <= 0)
{
redirect('cms_logon.php');
}
else
{
$_SESSION['allowed'][$task_id] = 'y';
}
}
I thought about doing cookies but that would mean creating a whole Session setup. I would do it if it was worth it, however the excess security would be pointless. Simple = good. HTTP Auth = simple = good. However; HTTP Auth that does not allow more then one page to be authenticated != good.
My main concern is just to provide a basic login for this part of the web. I have another section that I may do cookies for but I really rather do HTTP and just try to fix what I have.