PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am setting up a Login where i have only a few groups: 'Users', 'Employees', 'Patients', 'Referrals', and 'Administrators'
Now when someone first signs up they are ctagorized as a 'User' which will redirect them to sorry.php stating the admin has to assign their access.
But if they already have a specified acces i want them redirected to different pages
Group 1 is where the Access Level is held in the database what would i need to do to get rid of the else and make it find the correct access Level and redirect????
switch ($_SESSION['group1']) {
case 'Users':
header("Location: sorry.php");
break;
case 'Employees':
case 'Patients':
case 'Referrals':
case 'Administrators':
header('Location: general.html');
break;
default:
header('Location: sorry.php');
break;
}
Can do whatever you want from there no matter what the access level.
Well it was Close now i cant get my php Code to restrict access to certain users I think this is my problem but i dont know what its doing can any one explain what this means ?
Assured99 wrote:Well it was Close now i cant get my php Code to restrict access to certain users I think this is my problem but i dont know what its doing can any one explain what this means ?
Here are some comments with a few changes to your code...
function allow_access($group)
{
// Check the value of the session vars 'group1' 'group2' 'group3' or 'user_name'
if ($_SESSION['group1'] == $group ||
$_SESSION['group2'] == $group ||
$_SESSION['group3'] == $group ||
$_SESSION['group1'] == "Administrators" ||
$_SESSION['group2'] == "Administrators" ||
$_SESSION['group3'] == "Administrators" ||
$_SESSION['user_name'] == $group)
{
// Set the var allowed to 'yes'
$allowed = "yes";
} else {
// Set the var allowed to 'no'
$allowed = "no";
}
// Return the var allowed
return $allowed;
}
As a side-note, this is a really bad way to handle authentication. You may want to consider matching your user_auth_level (the users approved level) against a known groups auth level. Both can be stored in the database and used for matching. Just a suggestion.
<?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
require('http://www.mydomain.com/secure/config.php');
require('http://www.mydomain.com/secure/functions.php');
//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Administrators) != "Yes")
if (allow_access(Employees) != "no")
if (allow_access(Patients) != "no")
if (allow_access(Referrals) != "no")
if (allow_access(Users) != "no")
{
include ('http://www.mydomain.com/secure/no_access.html');
exit;
}
?>
<?php
if (allow_access(Administrators) != "Yes")
if (allow_access(Employees) != "no")
if (allow_access(Patients) != "no")
if (allow_access(Referrals) != "no")
if (allow_access(Users) != "no")
{
include ('http://www.mydomain.com/secure/no_access.html');
exit;
}
?>
1. You are passing assumed constants to your function. The function is expecting a string, so what you pass should be quoted
<?php if (allow_access('Administrators') != "Yes") ?>
2. You cannot use IF like this. One if, many conditionals in the comparison (or better, maybe a switch()).
3. You first conditional checks against 'Yes' but the function returns 'yes' or 'no' (notice the case?).
You may need to rework your code a bit as it appears that the code you have now may run into problems as you begin to roll it out.