Jump to content

[SOLVED] Techniques for requiring authentication for only certain parts of a webpage…

cgm225

By cgm225
in PHP Coding Help

 Share

Recommended Posts

cgm225 Advanced Member

cgm225

Posted
Posted

Currently, when I want to authenticate someone so they can view the FULL content of a particular webpage, I just toss a “general_permissions()” at the top of the page, and use the following function::

 

function general_permissions(){
    if (!$_SESSION['username'] || !$_SESSION['password']) {
        exit(); 
        } else {
        db_connect();
        $result = mysql_query("SELECT count(id) FROM users WHERE password='$_SESSION[password]' AND username='$_SESSION[username]'") or die("Couldn't query the user-database.");
        $num = mysql_result($result, 0);
        mysql_close();
        if (!$num) {
            echo "\t\t<h2>First you need to <a href='index.php?id=login' style='text-decoration:underline;'>login</a>!</h2>";
            exit(); 
            } else {}
     }
     }

 

However, when I want to authenticate someone so they can view the public content of a webpage PLUS let’s say some additional administrative links in the footer of the page, I do not have an elegant way of doing that.  I generally code it for each particular instance, without using functions.

 

Of course, I could make a function like general_permissions($footer_links), and have it include the code I put in $footer_links if the user is authenticated.  However, I feel like that is not the best way to do it… ot is it?  any suggestions?

 

Thank you all in advance for you help!

 

cgm225

 

Wildbug Newbie

Wildbug

Posted
Posted

I'd add an "admin" column in the database, say a BOOLEAN type.  Include it in the $_SESSION and use an if() or switch/case to choose between non-logged-in, regular user, and admin user.

 

switch($_SESSION['admin']) {
  case 1:
    echo $admin_footer;
    break;
  case 0:
    echo $user_footer;
    break;
  default:
    echo $other_footer;
}

Wildbug Newbie

Wildbug

Posted
Posted

See the switch() control structure for more info.

 

It's based on the value of $_SESSION['admin'] which, in my example, was a MySQL BOOLEAN column value.  It should be 0 for FALSE, 1 for TRUE, and neither if it's not set.

cgm225 Advanced Member

cgm225

Posted
  • Author
Posted

Ok, I follow.. thank you so much.

 

Final question, after I use the switch to figure out someone's security level, what is the best way to include the unique code for each user level?

 

So, for example, in case 1, would it be best to have::

  case 1:
    include 'admin_footer.php';
    break;

 

Or include the unique code in a variable::

  case 1:
    $admin_footer;
    break;

 

I ask because I feel like it is bad technique to put multiple lines of code in a single variable (like with example 2), and I don't want to make an entire new file for just a few lines of code (like with example 1).  I guess my question then really boils down to, what is the best most efficiant way to do this?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.