Authentication Problems

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Authentication Problems

Post by Assured99 »

Ok i am trying to open a page that i want to secure when i open the page i get an Error:

Code: Select all

Fatal error: Call to undefined function: allow_access()
I would assume that this would be a problem with the Function so i looked it over and everything seems to be allright.

Code: Select all

function allow_access($group) 
{ 
        // Check the value of the session vars 'group1' 'group2' 'group3' or 'user_name' 
        if 	($_SESSION['group1'] == $group || 
                $_SESSION['group2'] == $group || 
                $_SESSION['group3'] == $group ||
	$_SESSION['group1'] == "Referrals" ||  
                $_SESSION['group1'] == "Patients" || 
                $_SESSION['group1'] == "Employees" || 
                $_SESSION['group1'] == "Administrators" || 
                $_SESSION['user_name'] == $group) 
        { 
                // Set the var allowed to 'yes' 
                $allowed = "yes"; 
        } else { 
                // Set the var allowed to 'no' 
                $allowed = "no"; 
        } 

        // Return the var allowed 
        return $allowed; 
}

Here is the code from the page im trying to secure

Code: Select all

<?php

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();

require('http://www.mydomain.com/secure/config.php');

require('http://www.mydomain.com/secure/functions.php'); 

//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access('Administrators') != "yes")
if (allow_access('Employees') != "no")
if (allow_access('Patients') != "no")
if (allow_access('Referrals') != "no")
if (allow_access('Users') != "no")
{ 
include ('http://www.mydomain.com/secure/no_access.html'); 
exit;
}
?>

Can i use the Multiple Group 1's in the Function because the Access Level is only stored in group1?

Any other ideas will be appreciated
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

requiring or including a file from an external source will not return the code inside them unless they are scripted to do so. Change the paths to local ones.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

I believe this is your problem...

Code: Select all

require('http://www.mydomain.com/secure/config.php');

require('http://www.mydomain.com/secure/functions.php');
Needs to be relative to the url you are at or a unix path "/something/somethingelse/bla/foo/bar/functions.php"
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

so Change:

Code: Select all

require('http://www.mydomain.com/secure/config.php'); 

require('http://www.mydomain.com/secure/functions.php');
TO

Code: Select all

require('/secure/config.php'); 

require('/secure/functions.php');
????
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

Now when you say relative path

How would i get it to go back to a higher folder???
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

../
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

Now i have this:

Code: Select all

Warning: main(../secure/config.php): failed to open stream: No such file or directory in /home/assuredm/public_html/login/employee/employee.php on line 10
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

Ok i fixed that issue by adding /home/assuredm/public_html/ before tha path but the web page is still not secure any clues?????
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Can you describe what you mean when you say
Assured99 wrote:the web page is still not secure any clues?????
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

Everah wrote:Can you describe what you mean when you say
Assured99 wrote:the web page is still not secure any clues?????
Yes, I can log onto the page by typing the URL in directly, There is no prompt for Username and Password or Redirtection to no_access.html. it allows you to view the page.

Eaither one would be fine i believe it it going to no_access.html right now.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Can you post the code in which you call the authentication function?
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

Everah wrote:Can you post the code in which you call the authentication function?

Code: Select all

<?php

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();
session_start();

require('/home/assuredm/public_html/secure/config.php');

require('/home/assuredm/public_html/secure/functions.php'); 

//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access('Administrators') != "yes")
if (allow_access('Employees') != "no")
if (allow_access('Patients') != "no")
if (allow_access('Referrals') != "no")
if (allow_access('Users') != "no")
{ 
include ('http://www.mydomain.com/secure/no_access.html'); 
exit;
}
?>
User avatar
Assured99
Forum Commoner
Posts: 81
Joined: Wed Jul 12, 2006 11:48 am
Location: California

Post by Assured99 »

or did you mean this ?

Code: Select all

function allow_access($group) 
{ 
        // Check the value of the session vars 'group1' 'group2' 'group3' or 'user_name' 
        if 	($_SESSION['group1'] == $group || 
                $_SESSION['group2'] == $group || 
                $_SESSION['group3'] == $group ||
				$_SESSION['group1'] == "Referrals" ||  
                $_SESSION['group1'] == "Patients" || 
                $_SESSION['group1'] == "Employees" || 
                $_SESSION['group1'] == "Administrators" || 
                $_SESSION['user_name'] == $group) 
        { 
                // Set the var allowed to 'yes' 
                $allowed = "yes"; 
        } else { 
                // Set the var allowed to 'no' 
                $allowed = "no"; 
        } 

        // Return the var allowed 
        return $allowed; 
}
Post Reply