runnerjp Posted April 5, 2008 Share Posted April 5, 2008 i want to restrict access to only admin so i entred this onto my page at http://www.mywebsite.com/members/index.php?section=news <?php session_start(); require_once '../settings.php'; checkLogin ('1'); ?> on setting.php i have it as function checkLogin ( $levels ) { session_start (); global $db; $kt = split ( ' ', $levels ); if ( ! $_SESSION['logged_in'] ) { $access = FALSE; if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie $query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] ); if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match that query $row = $db->getRow ( $query ); //let's see if we pass the validation, no monkey business if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) { //we set the sessions so we don't repeat this step over and over again $_SESSION['user_id'] = $row->ID; $_SESSION['logged_in'] = TRUE; //now we check the level access, we might not have the permission if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { //we do?! horray! $access = TRUE; } } } } } else { $access = FALSE; if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { $access = TRUE; } } if ( $access == FALSE ) { header('Location: http://runningprofiles.com/error.php'); } } my error is Warning: Cannot modify header information - headers already sent by (output started at /home/runningp/public_html/members/index.php:6) in /home/runningp/public_html/functions.php on line 57 which is here if ( $access == FALSE ) { header('Location: http://runningprofiles.com/error.php'); Quote Link to comment Share on other sites More sharing options...
Hearnah Posted April 5, 2008 Share Posted April 5, 2008 i would use to redirect in that instance if ( $access == FALSE ) { echo "<meta http-equiv=Refresh content=0;url=http://runningprofiles.com/error.php>"; i found (just now) when i tried using header() that you generally need it at the top of the page, before anything else Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 5, 2008 Author Share Posted April 5, 2008 i entred that and it redirects me if im user or admin :S... Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 5, 2008 Author Share Posted April 5, 2008 ok i made ti so it just says error if not 1 but stargle it shows error if not an admin as well as the rest of the data :S Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 5, 2008 Author Share Posted April 5, 2008 i think i best recap so we know where i am i want to restrict access to only admin so i entred this onto my page at http://www.mywebsite.com/members/index.php?section=news Code: <?php session_start(); require_once '../settings.php'; checkLogin ('1'); ?> on setting.php i have it as function checkLogin ( $levels ) { session_start (); global $db; $kt = split ( ' ', $levels ); if ( ! $_SESSION['logged_in'] ) { $access = FALSE; if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie $query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] ); if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match that query $row = $db->getRow ( $query ); //let's see if we pass the validation, no monkey business if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) { //we set the sessions so we don't repeat this step over and over again $_SESSION['user_id'] = $row->ID; $_SESSION['logged_in'] = TRUE; //now we check the level access, we might not have the permission if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { //we do?! horray! $access = TRUE; } } } } } else { $access = FALSE; if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { $access = TRUE; } } if ( $access == FALSE ) { echo "error"; } } the problem is that when i user who is not the admin enters the page it shows error at the top then the rest of the page benith... surly it shud just say error and protect the rest of the information if i loggin as admin the the word error does not show :S Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 bmp Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted April 6, 2008 Share Posted April 6, 2008 you cant use header() to redirect after any output, unless you turn on output buffering.. Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 ah ok what would u suggest is the right path to go?? Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted April 6, 2008 Share Posted April 6, 2008 use a frontend controller and do your access checks before including page specific scripts. or a simple die('Ur haxoring me!'); on false... Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 sorry could u go more into it if thats ok with an example Quote Link to comment Share on other sites More sharing options...
benjaminbeazy Posted April 6, 2008 Share Posted April 6, 2008 hope this gives you a better understanding and some place to start. if(isset($_GET['page']) && !empty($_GET['page'])){ $page = $_GET['page']; }else{ //no page provided in url, use your home page $page = 'home'; } //list of acceptable pages $pages = array('about','home','contact'); //check to see if user is admin. if so add admin pages // this assumes checklogin returns true when user is admin // modify as needed... if(checklogin()){ array_push($pages, 'restrictedpage1','restrictedpage2'); } //include your header here //see if $page is acceptable. if not show an error page if(in_array($page,$pages)){ include('/path/to/includes/'.$page.'.php'); }else{ include('/path/to/includes/error_page.php'); } //include your footer here Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 i have had a go with it and dont really know what i am doing with it Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 ok i tried this if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { $access = TRUE; } } else( $access ==TRUE ) { echo "error"; } } but get unexpected T_ELSE i thought this would do it as i think then i need an else staement Quote Link to comment Share on other sites More sharing options...
paul2463 Posted April 6, 2008 Share Posted April 6, 2008 too many braces if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { $access = TRUE; } else( $access ==TRUE ) { echo "error"; } Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 hmm with that i get Parse error: syntax error, unexpected '{' in /home/runningp/public_html/functions.php on line 56 -- else( $access ==TRUE ) { Quote Link to comment Share on other sites More sharing options...
paul2463 Posted April 6, 2008 Share Posted April 6, 2008 if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { $access = TRUE; } else //what was this other check for?? { echo "error"; } Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 hummmm well now all i get is a blank page lol best recap what we are duin here ok mny news page is <?php session_start(); require_once '../settings.php'; checkLogin ('1'); ?> <p>News Page</p> this then gets checked up by this on settings.php <?php function checkLogin ( $levels ) { session_start (); global $db; $kt = split ( ' ', $levels ); if ( ! $_SESSION['logged_in'] ) { $access = FALSE; if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie $query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] ); if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match that query $row = $db->getRow ( $query ); //let's see if we pass the validation, no monkey business if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) { //we set the sessions so we don't repeat this step over and over again $_SESSION['user_id'] = $row->ID; $_SESSION['logged_in'] = TRUE; //now we check the level access, we might not have the permission if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { //we do?! horray! $access = TRUE; } } } } } else { $access = FALSE; if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { $access = TRUE; } else //what was this other check for?? { echo "error"; }?> Quote Link to comment Share on other sites More sharing options...
paul2463 Posted April 6, 2008 Share Posted April 6, 2008 if you are doing a second check i believe you have to use elseif because as far as I was aware it went if (bananas are yellow) { eat them } else { there are any colour than yellow and are not fit to eat } if you wish to add another check it should be if (bananas are yellow) { eat them } elseif (bananas are green) { leave them a while then eat them } else { there are any colour than yellow or green and are not fit to eat } hope that helps Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 ha thats ace lol but got sprolem with if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { //we do?! horray! $access = TRUE; } } } } } else { $access = FALSE; if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { $access = TRUE; } elseif //what was this other check for?? } echo "error"; } Parse error: syntax error, unexpected '{', expecting '(' in /home/runningp/public_html/functions.php on line 56 which is elseif } but all my () are closed :S i belive anyways Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 im goning toi post the code i now have together <?php // ------------------------------------------------------------------------ /** * checkLogin * * Applies restrictions to visitors based on membership and level access * Also handles cookie based "remember me" feature * * @access public * @param string * @return bool TRUE/FALSE */ function checkLogin ( $levels ) { session_start (); global $db; $kt = split ( ' ', $levels ); if ( ! $_SESSION['logged_in'] ) { $access = FALSE; if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie $query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] ); if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match that query $row = $db->getRow ( $query ); //let's see if we pass the validation, no monkey business if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) { //we set the sessions so we don't repeat this step over and over again $_SESSION['user_id'] = $row->ID; $_SESSION['logged_in'] = TRUE; //now we check the level access, we might not have the permission if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { //we do?! horray! $access = TRUE; } } } } } else { $access = FALSE; if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { $access = TRUE; } } if ( $access == FALSE ) { echo "error"; } } ?> this displays ----------------- error News Page --------------- i want it to just display error on the page it looks like so <?php session_start(); require_once '../settings.php'; checkLogin ('1'); ?> <p>News Page</p> Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 - Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 how can i edit the code so that a user who is not admin gets sent to a different page... and error page?? Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 i just get an error Warning: Cannot modify header information - headers already sent by (output started at /home/runningp/public_html/members/index.php:4) in /home/runningp/public_html/functions.php on line 57 problem is on my index.php it looks like this <?php ini_set('error_reporting', E_ALL); session_start(); ?> <style type="text/css"> <!-- body { margin-left: 1px; margin-top: 1px; margin-right: 1px; margin-bottom: 1px; } --> </style> <?php include ("../header.php"); require_once '../settings.php'; $id = $_SESSION['user_id']; ?> <table colspan='0' width="100%" cellpadding="0" bgcolor="#FFFFFF"> <tr> <td width="13%" height="505" align="center" valign="top"><table width="100%" height="505" align="center" bgcolor="#D6E0E0"> <tr> <td height="58" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><p>Menu</p> <p><? if($id == 1){ echo "<a href=\"admin/index.php\">Admin Index</a>\n"; }?></p></td> </tr> <tr> <td height="361" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><a href="http://www.runningprofiles.com/logout.php">Logout</a></td> </tr> </table></td> <td width="87%" align="left" valign="top"> <?php if (isset($_GET['section'])) { $section = $_GET['section']; } else { $section = 'main'; } $file = "include/".$section.".php"; if (file_exists($file)) { require($file); } ?></td> </tr> </table></td> </tr> </table> and there is no header on line 4 :S function checkLogin ( $levels ) { session_start (); global $db; $kt = split ( ' ', $levels ); if ( ! $_SESSION['logged_in'] ) { $access = FALSE; if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie $query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] ); if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match that query $row = $db->getRow ( $query ); //let's see if we pass the validation, no monkey business if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) { //we set the sessions so we don't repeat this step over and over again $_SESSION['user_id'] = $row->ID; $_SESSION['logged_in'] = TRUE; //now we check the level access, we might not have the permission if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { //we do?! horray! $access = TRUE; } } } } } else { $access = FALSE; if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) { $access = TRUE; } } if ( $access == FALSE ) { header('Location: http://www.runningprofiles.com/members/index.php?section=error'); } } redirected it as http://www.runningprofiles.com/membe...?section=error as in my main index i have this <?php if (isset($_GET['section'])) { $section = $_GET['section']; } else { $section = 'main'; } $file = "include/".$section.".php"; if (file_exists($file)) { require($file); } ?> Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted April 6, 2008 Share Posted April 6, 2008 You have the <style> tag on line four. That line is being sent to the browser and is considered output in the context of PHP. Ken Quote Link to comment Share on other sites More sharing options...
runnerjp Posted April 6, 2008 Author Share Posted April 6, 2008 how can i solve this? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.