First off, if there is an easier way to do this, I'm all ears. What I've got is a page which uses group-based security. On the DB side, a user can be a member of several groups (Table: user_permissions), and the page's display changes based on whether a user is in a group the page permits.
I've got sort of a weird issue... so I'm going to post some code, then talk about it.
security.php (excerpt)
Code: Select all
function GetPagePermissions($requestor)
{
global $sqlinfo;
$query = " SELECT * FROM page_permissions WHERE page_name='". $requestor ."';";
$result = mysql_query($query);
return mysql_fetch_assoc($result);
}
function GetUserPermissions()
{
global $sqlinfo;
$query = " SELECT * FROM user_permissions WHERE user_id='". $_SESSION['user_id'] ."';";
$result = mysql_query($query);
return mysql_fetch_assoc($result);
}
function PageAuth($requestor)
{
$user = GetUserPermissions();
$page = GetPagePermissions($requestor);
$auth = false;
/*DBG*/var_dump($user);
/*DBG*/var_dump($page);
reset($user);
reset($page);
if(current($user) == current($page))
$auth = true;
for($i = 1; $i < count($user); $i++)
{
if(next($user) == 1 && next($page) == 1)
$auth = true;
/*DBG*/echo '<br>'. current($user) .' != '. current($page) .'<br>';
}
return $auth;
}Code: Select all
if(!PageAuth('exp_rep.php'))
{
include($dir['pages'] .'403.php');
}Code: Select all
array(9) {
["user_id"]=> string(1) "1"
["guest"]=> string(1) "0"
["registered"]=> string(1) "1"
["siteadmin"]=> string(1) "1"
["agent"]=> string(1) "1"
["supervisor"]=> string(1) "1"
["financeadmin"]=> string(1) "1"
["accountadmin"]=> string(1) "1"
["useradmin"]=> string(1) "1"
}
array(9) {
["page_name"]=> string(11) "exp_rep.php"
["guest"]=> string(1) "0"
["registered"]=> string(1) "0"
["siteadmin"]=> string(1) "1"
["agent"]=> string(1) "1"
["supervisor"]=> string(1) "1"
["financeadmin"]=> string(1) "1"
["accountadmin"]=> string(1) "0"
["useradmin"]=> string(1) "0"
}
0 != exp_rep.php
1 != 0
1 != 0
1 != 1
1 != 1
1 != 1
1 != 1
1 != 0As you can see, my arrays are coming unaligned as I'm reading them with PageAuth(). I know that reset() shouldn't be needed, but I am trying everything to get these to work right. However, you've probably noticed that's not my only problem... The page isn't displaying as though the user is authorized, but even with the misaligned arrays, he should still have access!
So, 2 problems:
$user and $page are somehow coming unaligned using next()
The user is unable to access the page.