Ask a Question related to Dreamweaver AppDev, Design and Development.
-
Steve Lawrie #1
Restrict access with levels using mysql and php
Hello,
I am trying to resttrict access to my admin pages on 3 levels. I can get it to
work with 1 but when I try to use the multipal level access it fails everytime.
Thanks
Login page
<?php require_once('../Connections/sculpture_connect.php'); ?>
<?php
mysql_select_db($database_sculpture_connect, $sculpture_connect);
$query_qLogin = "SELECT login_id, Username, pass, access_level FROM login";
$qLogin = mysql_query($query_qLogin, $sculpture_connect) or die(mysql_error());
$row_qLogin = mysql_fetch_assoc($qLogin);
$totalRows_qLogin = mysql_num_rows($qLogin);
?><?php
// *** Validate request to login to this site.
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
if (isset($_POST['Username'])) {
$loginUsername=$_POST['Username'];
$password=$_POST['pass'];
$MM_fldUserAuthorization = "access_level";
$MM_redirectLoginSuccess = "administration.php";
$MM_redirectLoginFailed = "fail.htm";
$MM_redirecttoReferrer = false;
mysql_select_db($database_sculpture_connect, $sculpture_connect);
$LoginRS__query=sprintf("SELECT Username, pass, access_level FROM login
WHERE Username='%s' AND pass='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername),
get_magic_quotes_gpc() ? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $sculpture_connect) or
die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'access_level');
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
The restricted page:
<?php require_once('../Connections/sculpture_connect.php'); ?>
<?php
//initialize the session
session_start();
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
session_unregister('MM_Username');
session_unregister('MM_UserGroup');
$logoutGoTo = "logout.htm";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
session_start();
$MM_authorizedUsers = "1,2,3";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable
MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable
is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users
based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their
username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "fail.htm";
if (!((isset($_SESSION['MM_Username'])) &&
(isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'],
$_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" .
urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
mysql_select_db($database_sculpture_connect, $sculpture_connect);
$query_qAdmin = "SELECT login_id, Username, pass, access_level FROM login";
$qAdmin = mysql_query($query_qAdmin, $sculpture_connect) or die(mysql_error());
$row_qAdmin = mysql_fetch_assoc($qAdmin);
$totalRows_qAdmin = mysql_num_rows($qAdmin);
?>
Steve Lawrie Guest
-
Restrict access by ip
I have an ASP page that I want to allow access from only from a certain block of address, can someone get me started? -
SECOND restrict access
I have built several databases in MySQL, in one is a table that has all the log-on information that keeps the administration side of the site... -
Restrict Access with Levels
I set up my login page to restrict by username, password, and access level. I restrict access to "Admin" on one of my pages. However, when I submit... -
restrict access to a script
Hello All , I am trying to find a way to restrict access to a php script based on the url it is being called from ,is this possable? TIA -
Restrict access to URLs?
Thanks, everybody. In answer to your questions: - This will be a standalone PC, in the museum, to be used only for accessing the 30 or so WWW...
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
