permissions and redirects

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
anthony88guy
Forum Contributor
Posts: 246
Joined: Thu Jan 20, 2005 8:22 pm

permissions and redirects

Post by anthony88guy »

I have a page, that depending on your permission (3 = admin, 2 = supporter, 1 = member, 0 = not verified member) it should keep you within your allowed area.

So if $_SESSION['logged'] == 1 that mean your logged in. $user['permission'] is your permission (3,2,1,0) Okay so my goal is that if your an admin (permission == 3) you can access everything except the register.php, login.php pages. Currently the same for supporter (2) will change later. But if your a regular member (1) you can only access pages index.php, bankingcalc.php, autologger.php, logout.php everything else you would get redirect to index.php.

When I login as an admin (3) it works fine, I get redirected when trying to access register.php, and login.php. But when I try member’s permission (1) I get redirected back and forth in a loop. I've commented out the headers and just echo'd some stuff to get an idea of what’s happening but I can’t figure it out. Also I rather not list the pages it cannot go to for members, just list the pages they are allowed to go to.

Code: Select all

$user['page'] = str_replace("/","",$_SERVER['PHP_SELF']);

if($_SESSION['logged'] == 1)
{
         if($user['permission'] == 3)
	{
		if($user['page'] == 'register.php'
		|| $user['page'] == 'login.php')
		{
			//echo "admin - redirect - " . $user['page'];
			header('Location: index.php');
		}
	}
	elseif($user['permission'] == 2)
	{
		if($user['page'] == 'register.php' 
		|| $user['page'] == 'login.php')
		{
			//echo "supporter - redirect - " . $user['page'];
			header('Location: index.php');
		}
	}
	elseif($user['permission'] == 1)
	{
		if($user['page'] != 'index.php' 
		|| $user['page'] != 'bankingcalc.php' 
		|| $user['page'] != 'autologger.php' 
		|| $user['page'] != 'logout.php')
		{
			//echo "verfied user - redirect - " . $user['page'];
			header('Location: index.php');
		}
	}
	elseif($user['permission'] == 0)
	{
		if($user['page'] != 'index.php' 
		|| $user['page'] != 'logout.php')
		{
			//echo "unverfied user - redirect - " . $user['page'];
			header('Location: index.php');
		}
	}
}
else
{
	if($user['page'] != 'login.php')
	{
		//echo "loggedout - redirect - " . $user['page'];
		header('Location: login.php');
	}
}
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

shouldnt

Code: Select all

if($user['page'] != 'index.php' 
        || $user['page'] != 'bankingcalc.php' 
        || $user['page'] != 'autologger.php' 
        || $user['page'] != 'logout.php')
be

Code: Select all

if($user['page'] != 'index.php' 
        && $user['page'] != 'bankingcalc.php' 
        && $user['page'] != 'autologger.php' 
        && $user['page'] != 'logout.php')
?
should apply for permission 0 too
anthony88guy
Forum Contributor
Posts: 246
Joined: Thu Jan 20, 2005 8:22 pm

Post by anthony88guy »

and I was thinking about that, and for some reason told myself it wouldnt work. Ahh. Thanks alot.
Post Reply