Jump to content

Restricted Access problems

levidyllan

By levidyllan
in PHP Coding Help

 Share

Recommended Posts

levidyllan Member

levidyllan

Posted
Posted

I am trying to do a restricted page with regards to access levels, but seems to be having a problem.

 

HISTORY: On a Mac using Localhost, and using Dreamweaver to impliment the code.

 

It does the log in page with no problems then goes to the associated page.

 

Then when I add the restrict user with access level, to this page and it just goes to the failed access page

 

Please see the code(s) below, so can someone guide me in the right way.  I beleive the Sessions are not being passed to this page??

 

 

 

CODE FOR RESTRICTED PAGE:

<?php
session_start();
$MM_authorizedUsers = "Administrator";
$MM_donotCheckaccess = "false";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "FailedPage.php";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>

 

 

to help the code fro the log in page is below as well.

 

LOG IN PAGE CODE:

<?php// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['userN'])) {
  $loginUsername=$_POST['userN'];
  $password=$_POST['passsW'];
  $MM_fldUserAuthorization = "ref_id";
  $MM_redirectLoginSuccess = "refPrivate.php";
  $MM_redirectLoginFailed = "noPage.htm";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_reConn, $reConn);
  	
  $LoginRS__query=sprintf("SELECT ref_name, ref_pass, ref_id FROM ref_members WHERE ref_name='%s' AND ref_pass='%s'",
  get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 
   
  $LoginRS = mysql_query($LoginRS__query, $reConn) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'ref_id');
    
    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
    $GLOBALS['MM_UserGroup'] = $loginStrGroup;	      

    //register the session variables
    session_register("MM_Username");
    session_register("MM_UserGroup");

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

 

Thanks in advance

 

 

Link to comment
https://forums.phpfreaks.com/topic/83609-restricted-access-problems/
Share on other sites
hitman6003 Newbie

hitman6003

Posted
Posted

You are checking to see if the username is in an array of "valid" usernames:

 

if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    }

However, the $arrUsers, which is generated here:

 

$arrUsers = Explode(",", $strUsers);

 

Will always be an empty array because you are not passing anything for it to create itself from:

 

//The function expects the parameters as follows:
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup)

 

//you are passing the paramaters here:
isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])

 

So, you will always get a false result.

levidyllan Member

levidyllan

Posted
  • Author
Posted

thanks for the reply, but I put one name in that I have in my db,

 

isAuthorized("steve,",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])

 

But it still diverts to the not authorised page.

 

Surley if I put an echo out such as "echo $_SESSION['MM_Username']" this should display the session variable that should be passed through my log in page, but nothing displays... aaaarrhhhg!

 

thanks

 

 

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.