[SOLVED] function help

[Brian W]

Need help with this function to check user access level.

User levels: Admin = 1, Moderator = 2, User = 3, Guest = 4

here is my function

functions.php:

//Check User Level
function check($rank = "1, 2, 3", $mode ="home.php"){
session_start();
$rank_a = explode(',', $rank);
if(!in_array($_SESSION['Group'], $rank_a)){
	return header('Location: '.$mode);
	return die();
}
}

Okay, so it likely doesn't look right to you. Reason why is cuz it doesn't work.

I place this in my header

Home.php (Line 1):

<?php include('functions.php'); check("1, 2, 3", 'SignIn.php'); ?>

 

Any input appreciated. Thanks

[Brian W]

Sorry, forgot to say what it is doing right now. "Nothing"

it seriously just acts like I didn't even ask.

[xtopolis]

Well, you are splitting on "," when the string is separated by ", " <-- notice the space you have between numbers.  That may or may not be causing trouble.

 

Also, you need to be sure that $_SESSION['Group'] contains a 1-4 value.

 

Secondly, I don't think you need "return" before header if you're causing a header redirect... nor the return die() since a header redirect should make it never reach that point.. maybe just leave the die() in there.

 

Thirdly, you could pass an array instead of string.

 

Also, you should put at the top of the page:

error_reporting(E_ALL);

to see if it outputs any errors or warnings

[networkthis]

$rank = "1";

 

if ($rank==1){

header("location: http://www.mapquest.com");

die(); }

 

if ($rank==2){

header("location: http://www.monster.com");

die(); }

 

if ($rank==3){

header("location: http://www.google.com");

die(); }

if ($rank==4){

header("location: http://www.msn.com");

die(); }

[Brian W]

Thanks for the reply, xtopolis.

Well, the explode on "," I think is working because the in_array is returning true.

Checking if the session value is between 1-4 is done by me defining the array of okay numbers.

Here is my revision with an additional piece check for Username which does work.

function check($rank = "1, 2, 3", $mode ="Home.php"){
session_start();
	if($_SESSION['Username'] = '' || !isset($_SESSION['Username'])){header('Location: SignIn.php'); }
$rank_a = explode(',', $rank);
if(!(in_array($_SESSION['Group'], $rank_a))){
	header('Location: '.$mode);
}
}

 

I have the die() just in case the header() don't work, just in case.

 

What do you mean by "you could pass an array instead of string";

 

E_ALL is set in my .ini on this server. But never hurts to suggest when trouble shooting.

 

I'm 90% sure that I'm coming is as Group = 5. I'm going to run an experiment though.

[xtopolis]

• First, this code takes an array, and also has a default of an array for the argument $rank.
  
• Second, I ran into a scope problem when testing this function... I placed the var $g (in place of $_SESSION['Group']) outside the function, and above it, and it was not defined.  So double check that $_SESSION['Group'] has the right value in your function.
  
• Third, you had some extra () btwn ! and in_array, perhaps removing them helps, perhaps not.
  

 

<?php
function check($rank = array('1', '2', '3'), $mode ="Home.php"){
session_start();
    if($_SESSION['Username'] = '' || !isset($_SESSION['Username'])){header('Location: SignIn.php'); }
   if(!in_array($_SESSION['Group'], $rank)){
      header('Location: '.$mode);
   }
}

check(array(1,2,3,4), 'SignIn.php');
?>

[Brian W]

Well, I'm definitely coming in with $_SESSION['Group'] = 5, so that's not it.

 

I'd like not to have to make an array every time I want to use the function, so that is why I used explode which to my understanding makes an array out of the values.

 

I've modified the script a bit

function check($rank = "1, 2, 3", $mode ='Home.php'){
session_start();
	if($_SESSION['Username'] = '' || !isset($_SESSION['Username']) || !isset($_SESSION['Group'])){header('Location: SignIn.php'); }
$rank_a = explode(',', $rank);
if(in_array($_SESSION['Group'], $rank_a) == FALSE){
	header('Location: '.$mode);
	die();
}
}

 

Thanks again xtopolis. Appreciate the help.

[xtopolis]

Ok, so I think I know what's up.  (maybe)

 

You're saying in this function: If the Group # is not in rank, redirect them to signup.  However you're not giving them a condition if their number IS in the array.

 

<?php
function check($rank = "1, 2, 3", $mode ='Home.php'){
session_start();
    if($_SESSION['Username'] = '' || !isset($_SESSION['Username']) || !isset($_SESSION['Group'])){header('Location: SignIn.php'); }
   $rank_a = explode(',', $rank);
   if(!in_array($_SESSION['Group'], $rank_a)){
      header('Location: '.$mode);
      die();
   }else{
      header('Location: Home.php');
   }
}
?>

 

Perhaps modify your function to take 2 argument urls, a success and failure url, success perhaps being home.php, and failure being signin.php.  Or is that not it?  I tested it with two simple pages as you described in your main post, and it seemed to function as written.

[Brian W]

Well, the intent of the function is to be placed as the first item in ever page to be sure that people are signed in. If it were to redirect you to a new page if you are in the list, then that page would also need to be secured hence being pointless. lol

The function should simply take no action if they are okay to be viewing the page.

 

Question though, is session_start() allowed to be called in a function?

I'm going to do some testing.

 

Thanks again.

[Brian W]

F***, you know how I said I was 90% sure, I was. That 10 percent nicked me in the ass I'd say. At some point, my wires got crossed and the Rank/Group was being pulled from the wrong column which when I signed in made the rank 1. F***

 

sorry for the waist of time.

 

Thanks again xtopolis

[xtopolis]

Ha, nice.  Well then, it was working as written :3

[Brian W]

face, palm. forehead, desk.