Jump to content

one more - Permissions

jmanfffreak

By jmanfffreak
in PHP Coding Help

 Share

Recommended Posts

jmanfffreak Newbie

jmanfffreak

Posted
Posted

Alright, on my script, I have a bunch of links on the right of the page, they're called into the page from an array. In another config page, I have permission settings in another array that will coincide with a 'level' setting in a database. There are typically four levels of users: anyone, unauth, normal (logged in) and staff, though staff here really doesn't matter. Here is a snippet of the code to call these links:

 

<?php
echo "<h2>". key($frontconf['menuitems']) ." </h2><ul>";
foreach($frontconf['menuitems']['Navigation'] as $k => $v) {
	echo "<li><a href='{$v}'>$k</a></li>";
}
echo "</ul>\n
</li>";
next($frontconf['menuitems']);
echo "<h2>". key($frontconf['menuitems']) ." </h2><ul>";
foreach($frontconf['menuitems']['Account'] as $k => $v) {
echo "<li><a href='{$v}'>$k</a></li>";
}
echo "</ul>\n
</li>";
?>

 

Here are the links being called:

 

<?php
$frontconf = array(
'menuitems'		=>		array(//Links that are displayed in the front page, under navigation.
'Navigation'	=>		array(
'Home'		=>		$application['root'],
'Forums'		=>		$application['forum']
),
'Account'		=>		array(
'Register'			=>	"{$application['root']}/modules/account/register.php",
'Login'			=>	"{$application['root']}/modules/account/login.php",
'Logout'			=>	"{$application['root']}/modules/account/logout.php",
'My Account'		=>	"{$application['root']}/modules/account/account.php",
'My Storage'		=>	"{$application['root']}/modules/account/storage.php"
),
); ?>

 

And here is the section being called for the permission settings:

 

<?php
$access = 
array(
'Navigation'	=>	array(
'Home'			=>	'-2',
'Downloads'		=>	'-2'
),
'Account'		=>	array(
	'Register'		=>	'-1',	// Able to register
	'Login'			=>	array(
		'login'		=>	'-1', // Login to CP
		'lostpass'		=>	'-1'  // Use Lost pass function.
	),
	'Logout'		=>	'0',	// Able to use all logout functions.
	'View'		=>	'0',	// Able to view account information.
	'Edit'		=>	array(	// able to edit own account.			'email'			=>	'100', //Edit email
		'sex'			=>	'100', //Edit sex
		'name'			=>	'100', //Edit login name
		'pass'			=>	'100' //change pass
	),
	'Storage'		=>	'100'
),
); ?>

 

so obviously people logged in won't need to see the login link or the register link, and people not logged in don't need to see the logout link.

In this case, if you have permissions in $access['Account']['View'] You can view the link $frontconf['Account']['My Account'].

 

BTW, The format of the access file is as follows, so far:

// 100 = No one can see/use.

// -2 = EVERYONE

// -1 = Banned, Non-auth, non-logged in

// 0 = normal account

 

Stuff is disabled right now by default for security. If anyone can help me in my predicament, thanks!

Link to comment
https://forums.phpfreaks.com/topic/176342-one-more-permissions/
Share on other sites
jmanfffreak Newbie

jmanfffreak

Posted
  • Author
Posted

Hm, still haven't figured this out.

 

what I was thinking of doing was doing a check on the array in the middle of the foreach, I just don't know how to quite exactly. There's another check involved that I have no idea what it is.

 

<?php
foreach($frontconf['menuitems']['Navigation'] as $k => $v) {
if ($access['Navigation'][$k] .....?) 
	echo "<li><a href='{$v}'>$k</a></li>";
}
echo "</ul>\n
</li>";
?>

 

I'd also need to dub who is at a -1 level and who is at a -2 level. The rest of this control panel is easy stuff and I could do it in my sleep, but this part is just killing me.

 

I think I might just have it with what I posted just now, I'm going to crank my computer on and see if that does the trick.

Link to comment
https://forums.phpfreaks.com/topic/176342-one-more-permissions/#findComment-930154
Share on other sites
jmanfffreak Newbie

jmanfffreak

Posted
  • Author
Posted

alright, this is what I have so far:

 

functions.php

<?php
function GetLevel($server,$access_main) {
// If session is not set, the user is not logged in, return -1.
if (!$_SESSION['id']) {
	return '-1';
}
$s_count = count($server);
if ($s_count > 1) {
// There are multiple servers configured. We need to determine which server holds the login info.
	$ls = $access_main['LoginServer'];
	if ($ls == 0){
	// If this value is equal to 0, then there is nothing this function can do. (yet) Return -1.
		return '-1';
	}
else {
	mysql_connect($server[$ls]['DBIP'],$server[$ls]['DBUser'],$server[$ls]['DBPass']);
	mysql_select_db($server[$ls]['LoginDB']);
	$lquery = mysql_query("SELECT account_id,userid,level FROM login WHERE account_id = {$_SESSION['id']}");
	while ($lquery2 = mysql_fetch_array($lquery)) {
		extract($lquery2);
		return $level;
	}
}
}
} ?>

I am getting the correct value from this function. If I'm logged into my staff account, I get 10 (or the admin level), and if I'm a guest, I get -1. That is all true and correct. The problem comes in with the fact that all the menu links are in an array, called by a foreach. The permission settings for who can see these links is also in an array, but the permission setting key and the menu key have the same key name.

 

Here is the call for all the menu links:

 

header.php

<?php 
echo "<h2>".key($frontconf['menuitems'])."</h2><br />";
echo "<ul><li>";
foreach ($frontconf['menuitems'] as $k => $v){
	foreach ($frontconf['menuitems'][$k] as $k2 => $v2){
		echo "<li><a href='{$v2}'>$k2</a></li>";
	}

	echo "<br /><h2>".key($frontconf['menuitems'])."</h2><br />";
	next($frontconf['menuitems']);
}
?>

 

And here is the permission settings (or at least a small portion of them:

 

access.php

<?php
$access_main = 
array(
'LoginServer'	=>	'1',	//Which server are we using for the main login server/database? If each server is independant of each login server, then set this to '0'.
'Navigation'	=>	array(
	'Home'			=>	'-2',
	'Downloads'		=>	'-2'
),
'Account'		=>	array(
	'Register'		=>	'-1',	// Able to register
	'Login'			=>	array(
		'login'			=>	'-1', // Login to CP
		'lostpass'		=>	'-1'  // Use Lost pass function.
	),
	'Logout'		=>	'0',	// Able to use all logout functions.
	'My Account'			=>	'0',	// Able to view account information.
	'edit'		=>	array(	// able to edit own account. (all disabled by default). [Not implemented]
		'email'			=>	'100', //Edit email
		'sex'			=>	'100', //Edit sex
		'name'			=>	'100', //Edit login name
		'pass'			=>	'100' //change pass
	),
	'My Storage'		=>	'100'	// Able to view and transfer/delete items from storage. (disabled by default) [not implemented]
),
);
?>

 

And the links array:

 

index_conf.php

<?php
'menuitems'		=>	array( //Links that are displayed in the front page, under navigation.
'Navigation'	=>		array(
	'Home'		=>		$application['root'],
	'Forums'		=>		$application['forum']
),
//Most of the stuff under here should not be changed unless you plan to add your own page to the CP.
'Account'		=>		array(
	'Register'		=>	"{$application['root']}/modules/account/register.php",
	'Login'		=>	"{$application['root']}/modules/account/login.php",
	'Logout'		=>	"{$application['root']}/modules/account/logout.php",
	'My Account'	=>	"{$application['root']}/modules/account/account.php",
	'My Storage'	=>	"{$application['root']}/modules/account/storage.php"
),
); ?>

 

So somehow I need to display all the links with a permission setting of -2 (Because if something is set as -2, EVERYONE can see no matter what). Then display all of the links with a permission setting of -1 but NOT > 0, and all the links with a permission setting > 0 but NOT -1.

 

I did try this in header.php:

<?php 
echo "<h2>".key($frontconf['menuitems'])."</h2><br />";
echo "<ul><li>";
foreach ($frontconf['menuitems'] as $k => $v){
foreach ($frontconf['menuitems'][$k] as $k2 => $v2){
	if ($access_main[$k][$k2] >= $level) {
		echo "<li><a href='{$v2}'>$k2</a></li>";
	}
	elseif ($access_main[$k][$k2] == -2){
		echo "<li><a href='{$v2}'>$k2</a></li>";
	}
	else {
	}
}

echo "<br /><h2>".key($frontconf['menuitems'])."</h2><br />";
next($frontconf['menuitems']);
}
?>

 

But that didn't work. None of the links showed up. Any other suggestions that anyone might have??

Link to comment
https://forums.phpfreaks.com/topic/176342-one-more-permissions/#findComment-930863
Share on other sites
jmanfffreak Newbie

jmanfffreak

Posted
  • Author
Posted

The problem being is that's all the relevent code....and it's trimmed down as much as it can be. The links are called into header.php from index_conf.php and then permissions should be called into header.php from access.php. The keys will match in index_conf.php and access.php, the only difference is the array name. AKA $access_main['Account']['Register'] == $index_conf['menuitems']['Account']['Register'];

 

all of the relevent code is in reply #2 of this topic.

Link to comment
https://forums.phpfreaks.com/topic/176342-one-more-permissions/#findComment-930879
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.