Include file for LOGIN.
Posted: Tue Aug 15, 2006 5:11 am
Ok guys.
A few weeks ago I was trying to work ways to solve my 'admin users' problem basically giving different users different levels of access to allow some users to assume an admin role and others to be standard users without the ability to carry out admin functions.
Well I have kind of solved this problem. Basically I have an include file which carries over the users username and password from thier login to to the organisations intranet.[obviously I have no control over the orgs intranet and username or passwords]
But this file carries over the data they input in their initial login and can then be used for my purpose. (this works for another system currently being used for the organistaion)
Heres how it works. I have an include file called 'permissions.inc'. all users login to the site using their current username and password[again which I have no control over - think the org does it using something called 'htaccess'] anyway when the user then tries to access the 'add', 'edit', 'delete', 'download' functions he/she is prompted with a username and password box. if the username exists in the include file they are given access if it doesnt they are sent to another page.
The include file codes like this:
Then on top of each file that needs protecting you insert this script which calls the include file.
Firstly can anyone see how this will work and secondly when I do this,
all im getting is a blank screen.
A few weeks ago I was trying to work ways to solve my 'admin users' problem basically giving different users different levels of access to allow some users to assume an admin role and others to be standard users without the ability to carry out admin functions.
Well I have kind of solved this problem. Basically I have an include file which carries over the users username and password from thier login to to the organisations intranet.[obviously I have no control over the orgs intranet and username or passwords]
But this file carries over the data they input in their initial login and can then be used for my purpose. (this works for another system currently being used for the organistaion)
Heres how it works. I have an include file called 'permissions.inc'. all users login to the site using their current username and password[again which I have no control over - think the org does it using something called 'htaccess'] anyway when the user then tries to access the 'add', 'edit', 'delete', 'download' functions he/she is prompted with a username and password box. if the username exists in the include file they are given access if it doesnt they are sent to another page.
The include file codes like this:
Code: Select all
<?php
$ADMIN_USERS = array ('xxssxx','xxxr','xxxxan');
/* PHP4
function permcheck ($user, $ValidUser) {
while ( $a = array_shift($ValidUser))
if ($user == $a) return 1;
return 0;
}
*/
// PHP3 version
function permcheck ($user,$ValidUser) {
while (list ($k,$v) = each ($ValidUser) )
if ($user == $v) return 1;
return 0;
}
?>Code: Select all
<?php
include "../perm.inc";
if ( permcheck($REMOTE_USER,$ADMIN_USERS)) {
//Do nothing and carry on rendering the page
}
else {
header("Location: https://somewebsite/");
exit;
}
?>all im getting is a blank screen.
Code: Select all
<?php include "dyn.header"; ?>
<!-- Please don't remove these comments -->
<!-- Content Start -->
<?php
include "../perm.inc";
if ( permcheck($REMOTE_USER,$ADMIN_USERS)) {
//Do nothing and carry on rendering the page
}
else {
header("Location: https://wwws.soi.city.ac.uk/intranet/plo/test/");
exit;
}
?>
<h1>Administration</h1>
<?php
if ((isset($_GET['Sent'])) and ($_GET['Sent'] == 'true')) { echo '<b><font color="#FF0000">New Organisation Added, Add Another? Remember to Search for the Organisation and note the OID before Adding the Person Linked to the created Organisation</font></b>'; }
?>
<p>
<br>
<p><strong><font size="4">Edit Organisation Details</font></strong>
<SCRIPT LANGUAGE="javascript">
<!--
function focus()
{
document.forms[0].orgname.focus();
}
function checkme() //check for required fields
{
if (document.forms[0].orgname.value == "")
{alert("You did not enter The Organisation. Please provide it.");
document.forms[0].orgname.focus();return(false)
}
}
//-->
<?php
/* Connecting, selecting database */
$link = mysql_connect("vxxxx", "xxx", "0xxxxx")
or die("Could not connect : " . mysql_error());
echo "";
mysql_select_db("contact_management_system") or die("Could not select database");
?>
</SCRIPT>
</head>
<body onLoad="focus()">
<form method="post" action="processorgs.html"
onSubmit="return checkme()" name=Feedback>
<p> </p>
<table width="100%" height="176" border="0">
<tr>
<td width="17%" height="24"><font face="Times New Roman, Times, serif"><strong>Web
Link</strong></font></td>
<td width="20%"><font face="Times New Roman, Times, serif">
<input name="web_url" type="text"size="20"style="color: #000000;
background-color: #FFFF00">
</font></td>
<tr>
<td><font face="Times New Roman, Times, serif"><strong>Organisation</strong></font></td>
<td><font face="Times New Roman, Times, serif">
<input name="orgname" type="text"style="color: #000000;
background-color: #FFFFCC" size="30" maxlength="100">
</font></td>
<td><font face="Times New Roman, Times, serif"> </font></td>
<td> </td>
</tr>
<tr>
<td><font face="Times New Roman, Times, serif"> <strong>Notes</strong></font></td>
<td><font face="Times New Roman, Times, serif">
<textarea name="notes"style="color: #000000;
background-color: #FFFF00"></textarea>
</font><font face="Times New Roman, Times, serif">
<td> </td>
</tr>
<tr>
</table>
<p>
<input type="submit" name="submit" value = "Enter Information">
<input type="reset" name="reset" value="clear" style= "color:#000000 ">
</p>
</form>