Access rights to different php pages

[alvin567]

http://forums.phpfreaks.com/index.php?topic=362350.new;topicseen#new

 

Hi there,I am trying to write codes for my login functions,

grant access rights to different php pages?

any algorithms?

database settings?

setting of flag in the database?

 

[alvin567]

example

 

directory-

  files1

  files2

 

directory2-

  files1

  files2

 

I am using mysql for my membership database,and php and html for my coding that is all

 

[ignace]

On top of each page:

 

if (!user_has_access(__FILE__)) {
    user_forbidden_handle();
}

 

If you use a single point of entry like index.php which routes to a controller/page then write this in your index.php.

[alvin567]

ok,you mean use database to set the rights?

[ignace]

Preferably, yes. How you want to handle wether a user has access to a certain page is up to you to implement in the user_has_access() function.

[alvin567]

if (!user_has_access(__FILE__)) {

    user_forbidden_handle();  // what does user_forbidden_handle(); means?

}

[ignace]

It's supposed to handle when a user tries to access something they are not authorized to. So user_forbidden_handle() should either redirect to or display a not authorized webpage. You can extend this further to also log this in the database so that you can track malicious activity.

[alvin567]

so u mean the user_forbidden_handle() i am suppose to write it myself?

[ignace]

Yes. Same with user_has_access()