Jump to content

Recommended Posts

can any one help me with a problem, i have done a login script which works fine but when i am setting a user permission on a link it does not load any pages...

 

the code im using is below.

 

<?php
require_once('functions.php');
checkLogin ( '1' );
?>

above is put at the top of the file in which im hiding.

 

<?php
if ( $_SESSION['logged_in'] ):
?>

<?php
endif;
?>

above is what im using to hide content.

 

<?php
// ------------------------------------------------------------------------

/**
 * checkLogin
 *
 * Applies restrictions to visitors based on membership and level access
 * Also handles cookie based "remember me" feature
 *
 * @access	public
 * @param	string
 * @return	bool TRUE/FALSE
 */


function checkLogin ( $levels )
{
	session_start ();
	global $db;
	$kt = split ( ' ', $levels );

	if ( ! $_SESSION['logged_in'] ) {

		$access = FALSE;

		if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie

			$query =  'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] );

			if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match that query
				$row = $db->getRow ( $query );

				//let's see if we pass the validation, no monkey business
				if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) {
					//we set the sessions so we don't repeat this step over and over again
					$_SESSION['user_id'] = $row->ID;				
					$_SESSION['logged_in'] = TRUE;

					//now we check the level access, we might not have the permission
					if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
						//we do?! horray!
						$access = TRUE;
					}
				}
			}
		}
	}
	else {			
		$access = FALSE;

		if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
			$access = TRUE;
		}
	}

	if ( $access == FALSE ) {
		header ( "Location: " . REDIRECT_TO_LOGIN );
	}
}

// ------------------------------------------------------------------------

/**
 * get_level_access
 *
 * Returns the level access of a given user
 *
 * @param	string
 * @access	public
 * @return 	string
 */

function get_level_access ( $user_id )
{
	global $db;
	$row = $db->getRow ( 'SELECT Level_access FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $user_id ) );
	return $row->Level_access;
}

// ------------------------------------------------------------------------

/**
 * logout
 *
 * Handles logouts
 *
 * @param	none
 * @access	public
 */

function logout ()
{
	//session must be started before anything
	session_start ();

	//if we have a valid session
	if ( $_SESSION['logged_in'] == TRUE )
	{	
		//unset the sessions (all of them - array given)
		unset ( $_SESSION ); 
		//destroy what's left
		session_destroy (); 
	}

	//It is safest to set the cookies with a date that has already expired.
	if ( isset ( $_COOKIE['cookie_id'] ) && isset ( $_COOKIE['authenticate'] ) ) {
		/**
		 * uncomment the following line if you wish to remove all cookies 
		 * (don't forget to comment ore delete the following 2 lines if you decide to use clear_cookies)
		 */
		//clear_cookies ();
		setcookie ( "cookie_id", '', time() - KEEP_LOGGED_IN_FOR, COOKIE_PATH );
		setcookie ( "authenticate", '', time() - KEEP_LOGGED_IN_FOR, COOKIE_PATH );
	}

	//redirect the user to the default "logout" page
	header ( "Location: " . REDIRECT_ON_LOGOUT );
}

// ------------------------------------------------------------------------

/**
 * clear_cookies
 *
 * Clears the cookies
 * Not used by default but present if needed
 *
 * @param	none
 * @access	public
 */

function clear_cookies ()
{
	// unset cookies
	if ( isset( $_SERVER['HTTP_COOKIE'] ) ) {
		$cookies = explode ( ';', $_SERVER['HTTP_COOKIE'] );
		//loop through the array of cookies and set them in the past
		foreach ( $cookies as $cookie ) {
			$parts = explode ( '=', $cookie );
			$name = trim ( $parts [ 0 ] );
			setcookie ( $name, '', time() - KEEP_LOGGED_IN_FOR );
			setcookie ( $name, '', time() - KEEP_LOGGED_IN_FOR, '/' );
		}
	}
}

// ------------------------------------------------------------------------

/**
 * set_login_sessions - sets the login sessions
 *
 * @access	public
 * @param	string
 * @return	none
 */

function set_login_sessions ( $user_id, $password, $remember )
{
	//start the session
	session_start();

	//set the sessions
	$_SESSION['user_id'] = $user_id;
	$_SESSION['logged_in'] = TRUE;

	//do we have "remember me"?
	if ( $remember ) {
		setcookie ( "cookie_id", $user_id, time() + KEEP_LOGGED_IN_FOR, COOKIE_PATH );
		setcookie ( "authenticate", md5 ( getIP () . $password . $_SERVER['USER_AGENT'] ), time() + KEEP_LOGGED_IN_FOR, COOKIE_PATH );
	}
}

// ------------------------------------------------------------------------

/**
 * Validate if email
 *
 * Determines if the passed param is a valid email
 *
 * @access	public
 * @param	string
 * @return	bool
 */

function valid_email ( $str )
{
	return ( ! preg_match ( "/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str ) ) ? FALSE : TRUE;
}

// ------------------------------------------------------------------------

/**
 * Check unique
 *
 * Performs a check to determine if one parameter is unique in the database
 *
 * @access	public
 * @param	string
 * @param	string
 * @return	bool
 */


function checkUnique ( $field, $compared )
{
	global $db;

	$query = $db->getRow ( "SELECT COUNT(*) as total FROM `" . DBPREFIX . "users` WHERE " . $field . " = " . $db->qstr ( $compared ) );

	if ( $query->total == 0 ) {
		return TRUE;
	}
	else {
		return FALSE;
	}
}

// ------------------------------------------------------------------------

/**
 * Validate if numeric
 *
 * Validates string against numeric characters
 *
 * @access	public
 * @param	string
 * @return	bool
 */


function numeric ( $str )
{
	return ( ! ereg ( "^[0-9\.]+$", $str ) ) ? FALSE : TRUE;
}

// ------------------------------------------------------------------------

/**
 * Validate if alfa numeric
 *
 * Validates string against alpha numeric characters
 *
 * @access	public
 * @param	string
 * @return	bool
 */

function alpha_numeric ( $str )
{
	return ( ! preg_match ( "/^([-a-z0-9])+$/i", $str ) ) ? FALSE : TRUE;
}

// ------------------------------------------------------------------------

/**
 * Create a Random String
 *
 * Useful for generating passwords or hashes.
 *
 * @access	public
 * @param	string 	type of random string.  Options: alunum, numeric, nozero, unique
 * @param	none
 * @return	string
 */


function random_string ( $type = 'alnum', $len = 8 )
{					
	switch ( $type )
	{
		case 'alnum'	:
		case 'numeric'	:
		case 'nozero'	:

				switch ($type)
				{
					case 'alnum'	:	$pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
						break;
					case 'numeric'	:	$pool = '0123456789';
						break;
					case 'nozero'	:	$pool = '123456789';
						break;
				}

				$str = '';
				for ( $i=0; $i < $len; $i++ )
				{
					$str .= substr ( $pool, mt_rand ( 0, strlen ( $pool ) -1 ), 1 );
				}
				return $str;
		break;
		case 'unique' : return md5 ( uniqid ( mt_rand () ) );
		break;
	}
}

// ------------------------------------------------------------------------

/**
 * Get username - Returns the username of the logged in member based on session ID
 *
 * @access	public
 * @param	string
 * @return	string/bool
 */


function get_username ( $id )
{
	global $db;

	$query = "SELECT `Username` FROM `" . DBPREFIX . "users` WHERE `ID` = " . $db->qstr ( $id );

	if ( $db->RecordCount ( $query ) == 1 )
	{
		$row = $db->getRow ( $query );

		return $row->Username;
	}
	else {
		return FALSE;
	}
}

// ------------------------------------------------------------------------

/**
 * Is admin - Determines if the logged in member is an admin
 *
 * @access	public
 * @param	string
 * @return	bool
 */


function isadmin ( $id )
{
	global $db;

	$query = "SELECT `Level_access` FROM `" . DBPREFIX . "users` WHERE `ID` = " . $db->qstr ( $id );

	if ( $db->RecordCount ( $query ) == 1 )
	{
		$row = $db->getRow ( $query );

		if ( $row->Level_access == 1 )
		{
			return TRUE;
		}
		else {
			return FALSE;
		}
	}
	else {
		return FALSE;
	}
}

// ------------------------------------------------------------------------

/**
 * html2txt - converts html to text
 *
 * @access	public
 * @param	string
 * @return	string
 */

function html2txt ( $document )
{
	$search = array("'<script[^>]*?>.*?</script>'si",	// strip out javascript
			"'<[\/\!]*?[^<>]*?>'si",		// strip out html tags
			"'([\r\n])[\s]+'",			// strip out white space
			"'@<![\s\S]*?–[ \t\n\r]*>@'",
			"'&(quot|#34|#034|#x22);'i",		// replace html entities
			"'&(amp|#38|#038|#x26);'i",		// added hexadecimal values
			"'&(lt|#60|#060|#x3c);'i",
			"'&(gt|#62|#062|#x3e);'i",
			"'&(nbsp|#160|#xa0);'i",
			"'&(iexcl|#161);'i",
			"'&(cent|#162);'i",
			"'&(pound|#163);'i",
			"'&(copy|#169);'i",
			"'&(reg|#174);'i",
			"'&(deg|#176);'i",
			"'&(#39|#039|#x27);'",
			"'&(euro|#8364);'i",			// europe
			"'&a(uml|UML);'",			// german
			"'&o(uml|UML);'",
			"'&u(uml|UML);'",
			"'&A(uml|UML);'",
			"'&O(uml|UML);'",
			"'&U(uml|UML);'",
			"'ß'i",
			);
	$replace = array(	"",
				"",
				" ",
				"\"",
				"&",
				"<",
				">",
				" ",
				chr(161),
				chr(162),
				chr(163),
				chr(169),
				chr(174),
				chr(176),
				chr(39),
				chr(128),
				"ä",
				"ö",
				"ü",
				"Ä",
				"Ö",
				"Ü",
				"ß",
			);

	$text = preg_replace($search,$replace,$document);

	return trim ( $text );
}

// ------------------------------------------------------------------------

/**
 * send_email - Handles all emailing from one place
 *
 * @access	public
 * @param	string
 * @return	bool TRUE/FALSE
 */

function send_email ( $subject, $to, $body )
{
	require ( BASE_PATH . "/lib/phpmailer/class.phpmailer.php" );

	$mail = new PHPMailer();

	//do we use SMTP?
	if ( USE_SMTP ) {
		$mail->IsSMTP();
		$mail->SMTPAuth = true;
		$mail->Host = SMTP_HOST;
		$mail->Port = SMTP_PORT;
		$mail->Password = SMTP_PASS;
		$mail->Username = SMTP_USER;
	}

	$mail->From = ADMIN_EMAIL;
	$mail->FromName = DOMAIN_NAME;
	$mail->AddAddress( $to );
	$mail->AddReplyTo ( ADMIN_EMAIL, DOMAIN_NAME );
	$mail->Subject = $subject;
	$mail->Body = $body;
	$mail->WordWrap = 100;
	$mail->IsHTML ( MAIL_IS_HTML );
	$mail->AltBody  =  html2txt ( $body );

	if ( ! $mail->Send() ) {
		if ( RUN_ON_DEVELOPMENT ) {
			echo $mail->ErrorInfo;//spit that bug out 
		}
		return FALSE;
	}
	else {
		return TRUE;
	}
}

/**
 * ip_first - let's get a clean ip
 *
 * @access	public
 * @param	string
 * @return	string
 */

function ip_first ( $ips ) 
{
	if ( ( $pos = strpos ( $ips, ',' ) ) != false ) {
		return substr ( $ips, 0, $pos );
	} 
	else {
		return $ips;
	}
}

/**
 * ip_valid - will try to determine if a given ip is valid or not
 *
 * @access	public
 * @param	string
 * @return	bool
 */

function ip_valid ( $ips )
{
	if ( isset( $ips ) ) {
		$ip    = ip_first ( $ips );
		$ipnum = ip2long ( $ip );
		if ( $ipnum !== -1 && $ipnum !== false && ( long2ip ( $ipnum ) === $ip ) ) {
			if ( ( $ipnum < 167772160   || $ipnum > 184549375 ) && // Not in 10.0.0.0/8
			( $ipnum < - 1408237568 || $ipnum > - 1407188993 ) && // Not in 172.16.0.0/12
			( $ipnum < - 1062731776 || $ipnum > - 1062666241 ) )   // Not in 192.168.0.0/16
			return true;
		}
	}
	return false;
}

/**
 * getIP - returns the IP of the visitor
 *
 * @access	public
 * @param	none
 * @return	string
 */

function getIP () 
{
	$check = array(
			'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR',
			'HTTP_FORWARDED', 'HTTP_VIA', 'HTTP_X_COMING_FROM', 'HTTP_COMING_FROM',
			'HTTP_CLIENT_IP'
			);

	foreach ( $check as $c ) {
		if ( ip_valid ( &$_SERVER [ $c ] ) ) {
			return ip_first ( $_SERVER [ $c ] );
		}
	}

	return $_SERVER['REMOTE_ADDR'];
}

/**
 * powered_by - let's thank the man for losing nights so I can play with such tools
 *
 * @access	public
 * @param	none
 * @return	string
 */

function powered_by ()
{
	$out = '';

	$out .= '<div align="right" class="powered">' . "\n";
	$out .= '			Powered by ' . "\n";
	$out .= '			<a href="http://www.roscripts.com" title="roscripts - Programming articles, tutorials and scripts" target="_blank">' . "\n";
	$out .= '				roScripts' . "\n";
	$out .= '			</a>' . "\n";
	$out .= '		</div>' . "\n";

	return $out;
}

/**
 * sanitize - a real sanitizer
 *
 * @access	public
 * @param	none
 * @return	string
 */

function sanitize ( $var, $santype = 3 )
{
	if ( $santype == 1 ) {
		return strip_tags ( $var );
	}
	if ( $santype == 2 ) {
		return htmlentities ( strip_tags ( $var ), ENT_QUOTES, 'UTF-8' );
	}
	if ( $santype == 3 ) {
		if ( ! get_magic_quotes_gpc () ) {
			return addslashes ( htmlentities ( strip_tags ( $var ), ENT_QUOTES, 'UTF-8' ) );
		}
		else {
		   return htmlentities ( strip_tags ( $var ), ENT_QUOTES, 'UTF-8' );
		}
	}
}
?>

 

any help greatly appriciated.

above is thhe settings.php file...

 

 

Link to comment
https://forums.phpfreaks.com/topic/114426-any-help-on-this-one/
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.