Page 1 of 2

Include file for LOGIN.

Posted: Tue Aug 15, 2006 5:11 am
by mohson
Ok guys.

A few weeks ago I was trying to work ways to solve my 'admin users' problem basically giving different users different levels of access to allow some users to assume an admin role and others to be standard users without the ability to carry out admin functions.

Well I have kind of solved this problem. Basically I have an include file which carries over the users username and password from thier login to to the organisations intranet.[obviously I have no control over the orgs intranet and username or passwords]

But this file carries over the data they input in their initial login and can then be used for my purpose. (this works for another system currently being used for the organistaion)

Heres how it works. I have an include file called 'permissions.inc'. all users login to the site using their current username and password[again which I have no control over - think the org does it using something called 'htaccess'] anyway when the user then tries to access the 'add', 'edit', 'delete', 'download' functions he/she is prompted with a username and password box. if the username exists in the include file they are given access if it doesnt they are sent to another page.

The include file codes like this:

Code: Select all

<?php

$ADMIN_USERS = array ('xxssxx','xxxr','xxxxan');



/* PHP4
function permcheck ($user, $ValidUser) {
  while ( $a = array_shift($ValidUser))
    if ($user == $a) return 1;
	return 0;

}
*/

// PHP3 version

function permcheck ($user,$ValidUser) {
  while (list ($k,$v) = each ($ValidUser) )
  if ($user == $v) return 1;
  return 0;
}
?>
Then on top of each file that needs protecting you insert this script which calls the include file.

Code: Select all

<?php

	include "../perm.inc";
	if ( permcheck($REMOTE_USER,$ADMIN_USERS)) {
	  //Do nothing and carry on rendering the page
    }
    else {
	  header("Location: https://somewebsite/");
	  exit;
	}
?>
Firstly can anyone see how this will work and secondly when I do this,
all im getting is a blank screen.

Code: Select all

<?php include "dyn.header"; ?>
<!-- Please don't remove these comments -->
<!-- Content Start -->


<?php

	include "../perm.inc";
	if ( permcheck($REMOTE_USER,$ADMIN_USERS)) {
	  //Do nothing and carry on rendering the page
    }
    else {
	  header("Location: https://wwws.soi.city.ac.uk/intranet/plo/test/");
	  exit;
	}
?>

<h1>Administration</h1>
	 <?php
if ((isset($_GET['Sent'])) and ($_GET['Sent'] == 'true')) { echo '<b><font color="#FF0000">New Organisation Added, Add Another? Remember to Search for the Organisation and note the OID before Adding the Person Linked to the created Organisation</font></b>'; }
?>
<p>
<br>
<p><strong><font size="4">Edit Organisation Details</font></strong> 


<SCRIPT LANGUAGE="javascript">

<!-- 

function focus()
{
  document.forms[0].orgname.focus();
}

function checkme() //check for required fields
{
    if (document.forms[0].orgname.value == "")
    {alert("You did not enter The Organisation. Please provide it.");
    document.forms[0].orgname.focus();return(false)
    }

}



//-->


<?php
/* Connecting, selecting database */
$link = mysql_connect("vxxxx", "xxx", "0xxxxx")
   or die("Could not connect : " . mysql_error());
echo "";
mysql_select_db("contact_management_system") or die("Could not select database");
?>

</SCRIPT>
</head>

<body onLoad="focus()"> 

<form method="post" action="processorgs.html" 

onSubmit="return checkme()" name=Feedback>
  <p>&nbsp; </p>
  <table width="100%" height="176"  border="0">
    <tr> 
      <td width="17%" height="24"><font face="Times New Roman, Times, serif"><strong>Web 
        Link</strong></font></td>
      <td width="20%"><font face="Times New Roman, Times, serif">
        <input name="web_url" type="text"size="20"style="color: #000000; 
		background-color: #FFFF00">
        </font></td>
    
    <tr> 
      <td><font face="Times New Roman, Times, serif"><strong>Organisation</strong></font></td>
      <td><font face="Times New Roman, Times, serif">
        <input name="orgname" type="text"style="color: #000000; 
background-color: #FFFFCC" size="30" maxlength="100">
        </font></td>
      <td><font face="Times New Roman, Times, serif">&nbsp; </font></td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <td><font face="Times New Roman, Times, serif">&nbsp;<strong>Notes</strong></font></td>
      <td><font face="Times New Roman, Times, serif">
        <textarea name="notes"style="color: #000000; 
	  		background-color: #FFFF00"></textarea>
        </font><font face="Times New Roman, Times, serif">
      <td>&nbsp;</td>
    </tr>
    <tr> 
  </table>
 
  <p>
    <input type="submit" name="submit" value = "Enter Information">
	<input type="reset" name="reset" value="clear" style= "color:#000000 ">

  </p>
  
</form>

Posted: Tue Aug 15, 2006 8:21 pm
by RobertGonzalez
Blank screen means syntax error and display_errors is Off. Try this as your function. It is prettier :wink:.

Code: Select all

function permcheck ($user,$ValidUser) {
  while (list ($k,$v) = each ($ValidUser) ) {
    if ($user == $v) {
      return true;
    }
  }

  return false;
}
As for this...

Code: Select all

<?php
  include "../perm.inc";
  if ( permcheck($REMOTE_USER,$ADMIN_USERS)) {
    //Do nothing and carry on rendering the page
  } else {
    header("Location: https://somewebsite/");
    exit;
  }
?>
I would only say to use full URLs instead of relative ones. And lastly, you are going to need to sift through the lines in your code to find your syntax error unless you turn display_errors to On. Although, if you can, I'd recommend developing locally with display_errors on and then moving your local development to a production server.

Posted: Wed Aug 16, 2006 12:16 am
by dibyendrah
I called the function passing both users and valid users and it worked ...

Code: Select all

<?php

$ADMIN_USERS = array ('abc','bcd','cde');


function permcheck ($user,$ValidUser) {
	while (list ($k,$v) = each ($ValidUser) ){
		if ($user == $v) {
			return true;
		}
		else {
			return false;
		}
	}
}

if(permcheck('abcc', $ADMIN_USERS)){
	print "valid users";
} else {
	print "invalid users";
}
?>
But in your case you're passing he values but i'm confused where those variables came from ?
where do the values $REMOTE_USER & $ADMIN_USERS came from ?

Dibyendra

Posted: Wed Aug 16, 2006 12:18 pm
by RobertGonzalez
If you are throwing the knowing name through an array like that, can't you just use in_array()?

Posted: Thu Aug 17, 2006 4:22 am
by mohson
Ive managed to view the error and the error states:

Call to undefined function : permcheck()

Any ideas?

Posted: Thu Aug 17, 2006 5:24 am
by bmcewan
you are calling the function permcheck before it has been defined.

Posted: Thu Aug 17, 2006 5:25 am
by mohson
but its been defined in the perm.inc file

Posted: Thu Aug 17, 2006 5:40 am
by bmcewan
Is the name right, you are including a file called perm.inc yet in you original post you call it permissions.inc

Code: Select all

<?php
  include "../perm.inc";
  if ( permcheck($REMOTE_USER,$ADMIN_USERS)) {
    //Do nothing and carry on rendering the page
  } else {
    header("Location: https://somewebsite/");
    exit;
  }
?>
Heres how it works. I have an include file called 'permissions.inc'.
Try adding an echo statement in your included file to ensure it is being called where you think it is, i do this myself to remove any doubt when things arent working how i think they should.

i.e.

Code: Select all

<?php

$ADMIN_USERS = array ('xxssxx','xxxr','xxxxan');



/* PHP4
function permcheck ($user, $ValidUser) {
  while ( $a = array_shift($ValidUser))
    if ($user == $a) return 1;
        return 0;

}
*/

// PHP3 version

echo "included file";

function permcheck ($user,$ValidUser) {
  while (list ($k,$v) = each ($ValidUser) )
  if ($user == $v) return 1;
  return 0;
}
?>

Posted: Thu Aug 17, 2006 5:55 am
by mohson
Nah its definitely called perm.inc

I tried the echo statement - still blank screen.

Theres one issue when I put the script at the top of the file the screen goes blank like so:

Code: Select all

<?php

	include "../perm.inc";
	if ( permcheck($REMOTE_USER,$ADMIN_USERS)) {
	  //Do nothing and carry on rendering the page
    }
    else {
	  header("Location: https://wwws.soi.city.ac.uk/intranet/plo/test/");
	  exit;
	}
?>

<?php include "dyn.header"; ?>
<!-- Please don't remove these comments -->
<!-- Content Start -->

<?php
rest of code..........................etc etc etc

?>
with the undefined function error

but when I shift the code inside, like so:

Code: Select all

<?php include "dyn.header"; ?>
<!-- Please don't remove these comments -->
<!-- Content Start -->

<?php

	include "../perm.inc";
	if ( permcheck($REMOTE_USER,$ADMIN_USERS)) {
	  //Do nothing and carry on rendering the page
    }
    else {
	  header("Location: https://wwws.soi.city.ac.uk/intranet/plo/test/");
	  exit;
	}
?>

<?php
Rest of code/.............. etc etc

?>
The screen doesnt go blank all my menus appear but the content of the page i.e the add organisation form dissappears.


Anyway I still cant work this out

Posted: Thu Aug 17, 2006 6:01 am
by JayBird
can you upload perm.inc, and the page that is calling it.

Ill test it on my local server, see what i can spot

Posted: Thu Aug 17, 2006 6:01 am
by bmcewan
if you don't have the contents of that echo statement printed to the screen then that suggests to me that the file is not included.

it might be worth adding this at the start of your script, it could be that the default setting for error reporting is highly suppressed.

Code: Select all

error_reporting(E_ALL);

Posted: Thu Aug 17, 2006 6:11 am
by mohson
Ive tried everything still no lcuk and blank screen. Its difficult to explain but I can viewe errors though the php log which the univeristy makes available to me through telnet.

the part of this code which goes

Code: Select all

<?php include "dyn.header"; ?>
is where formatting is coming from the universities content management system

I always become stuck here because its difficult to explain to people the kind of set up im using I create html files the univeristies server parses these files as php if they have any php script in them. I also use the universities content management system to build my menus and headers.

This info might help but im still trying to figure out how to mae this perm file work.

Code: Select all

<?php
error_reporting(E_ALL);
?>

<?php

	include "../perm.inc";
	if ( permcheck($REMOTE_USER,$ADMIN_USERS)) {
	  //Do nothing and carry on rendering the page
    }
    else {
	  header("Location: https://wwws.soi.city.ac.uk/intranet/plo/test/");
	  exit;
	}
?>

<?php include "dyn.header"; ?>
<!-- Please don't remove these comments -->
<!-- Content Start -->

<h1>Administration</h1>
	 <?php
if ((isset($_GET['Sent'])) and ($_GET['Sent'] == 'true')) { echo '<b><font color="#FF0000">New Organisation Added, Add Another? Remember to Search for the Organisation and note the OID before Adding the Person Linked to the created Organisation</font></b>'; }
?>
<p>
<br>
<p><strong><font size="4">Edit Organisation Details</font></strong>

etc etc etc

?>

Posted: Thu Aug 17, 2006 6:18 am
by bmcewan
Are these files in the same directory, if not what is the structure?

Posted: Thu Aug 17, 2006 6:41 am
by mohson
I dont think we should get in to this as I wont be able to explain it properly and it will detract from my original question.

From my understanding and the error message Its easy to see that the perm.in file isnt being called. hence the reason why it is saying the function is undefined. from the code you can see the function is defined in the perm.inc file.

Therefore can anyone help me with calling this function what am I missing? why isnt it calling the function in the perm.inc file.

Posted: Thu Aug 17, 2006 7:12 am
by bmcewan
All i am trying to find out is if the path to the file in your include statement is correct. There seems to be some issue with including that file as the echo statement does not alter the output at all.

From looking at the include statement as it is just now, it would appear that the file perm.inc is in the directory above the file calling it.