PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
function allow_access($group)
{
// Check the value of the session vars 'group1' 'group2' 'group3' or 'user_name'
if ($_SESSION['group1'] == $group ||
$_SESSION['group2'] == $group ||
$_SESSION['group3'] == $group ||
$_SESSION['group1'] == "Referrals" ||
$_SESSION['group1'] == "Patients" ||
$_SESSION['group1'] == "Employees" ||
$_SESSION['group1'] == "Administrators" ||
$_SESSION['user_name'] == $group)
{
// Set the var allowed to 'yes'
$allowed = "yes";
} else {
// Set the var allowed to 'no'
$allowed = "no";
}
// Return the var allowed
return $allowed;
}
Here is the code from the page im trying to secure
<?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
require('http://www.mydomain.com/secure/config.php');
require('http://www.mydomain.com/secure/functions.php');
//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access('Administrators') != "yes")
if (allow_access('Employees') != "no")
if (allow_access('Patients') != "no")
if (allow_access('Referrals') != "no")
if (allow_access('Users') != "no")
{
include ('http://www.mydomain.com/secure/no_access.html');
exit;
}
?>
Can i use the Multiple Group 1's in the Function because the Access Level is only stored in group1?
requiring or including a file from an external source will not return the code inside them unless they are scripted to do so. Change the paths to local ones.
Warning: main(../secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/login/employee/employee.php on line 10
Everah wrote:Can you describe what you mean when you say
Assured99 wrote:the web page is still not secure any clues?????
Yes, I can log onto the page by typing the URL in directly, There is no prompt for Username and Password or Redirtection to no_access.html. it allows you to view the page.
Eaither one would be fine i believe it it going to no_access.html right now.
<?php
//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();
require('/home/assuredm/public_html/secure/config.php');
require('/home/assuredm/public_html/secure/functions.php');
//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access('Administrators') != "yes")
if (allow_access('Employees') != "no")
if (allow_access('Patients') != "no")
if (allow_access('Referrals') != "no")
if (allow_access('Users') != "no")
{
include ('http://www.mydomain.com/secure/no_access.html');
exit;
}
?>
function allow_access($group)
{
// Check the value of the session vars 'group1' 'group2' 'group3' or 'user_name'
if ($_SESSION['group1'] == $group ||
$_SESSION['group2'] == $group ||
$_SESSION['group3'] == $group ||
$_SESSION['group1'] == "Referrals" ||
$_SESSION['group1'] == "Patients" ||
$_SESSION['group1'] == "Employees" ||
$_SESSION['group1'] == "Administrators" ||
$_SESSION['user_name'] == $group)
{
// Set the var allowed to 'yes'
$allowed = "yes";
} else {
// Set the var allowed to 'no'
$allowed = "no";
}
// Return the var allowed
return $allowed;
}