...

View Full Version : Basic Authentication System - Need ideas/help



dacoder96
02-01-2010, 12:11 PM
Hello, thanks for opening the thread!

I'm making a blog site and I need to be able to authenticate the pages.
This is the second or maybe even third time I have written this post because it's pretty confusing...

My blog contains 3 main files when loading a page.
globalHeader.php - this page has all the SQL stuff and variables etc...
the content page (eg: index.php) - this page contains the content and has globalHeader and globalFooter INCLUDED in it using the include function
globalFooter.php - this page closes everything up to make it work

I need some pages to be authenicated and only certain user groups can view them.
Here are the user groups;
0 - guest
1 - admin
2 - mod
3 - user

I need a script that can authenticate each page to more then one user group (eg; Admin Control Panel can be viewed by Mod and Admin eg2; member profiles can be viewed by admin, mod, user)
So far I have this...

if($_SESSION['blogUsername'] != 'guest' && $_SESSION['blogAccess'] = '1' && $_SESSION['blogGroup'] = $pageView) {
echo"nice";
}
else {
echo"oh no!";
}
How it works...
It checks if blogUsername is not equal to guest,
if blogAccess is equal to 1 (meaning they have logged in),
if $pageView is equal to blogGroup

Explanation...
- all session variables are in the globalHeader all set, ready to go!
- $pageView will be on every single CONTENT page BUT the script is above it in the globalHeader (so that I don't need to insert it into every page) but that means; if the variable is under the script it doesn't apply because the server reads it top to bottom. So if the variable is below the checking IF statement it wont exist.
If you can help me fix it somehow and get it to work or completely make a new one that's really helpful!
Just make sure multiple user groups can view pages depending on my choice.

--
Later on I might have to add these variables to a database so that I can change who can view which page from a control panel without having to change all the coding but this is just a basic site and it is my first time to use so much PHP so I'm having just a little trouble.

Thanks for viewing the thread and reading it. I hope it wasn't to confusing because my first one I wrote was really over the place!
:thumbsup:

SKDevelopment
02-01-2010, 01:14 PM
Then you could define bit flags for the groups:


define('GROUP_GUEST',1);
define('GROUP_ADMIN',2);
define('GROUP_MOD',4);
define('GROUP_USER',8);

Each page could be allowed to be viewed by some groups e.g.


$page_permissions = GROUP_ADMIN|GROUP_MOD;

Each user could belong to different groups, e.g.


$user_permissions = GROUP_MOD|GROUP_USER;

If at some particular page the condition


if($page_permissions & $user_permissions)
{

}

evaluates to true, then the user is allowed to view this particular page.

dacoder96
02-01-2010, 09:30 PM
Thanks but that script will be going in the global header so that I don't have to put it in every page. The page permission variable will be on the actual page (eg; index.php) so that means it won't work because the variable is created after it is needed.

Is there another way or should I just store who can view what page in the database that way it can be retrieved from anywhere?? How would I do that?
I'm guessing you just have to replace the page permission variable with a SQL query

MattF
02-02-2010, 12:00 AM
- $pageView will be on every single CONTENT page BUT the script is above it in the globalHeader (so that I don't need to insert it into every page) but that means; if the variable is under the script it doesn't apply because the server reads it top to bottom. So if the variable is below the checking IF statement it wont exist.

Make sure it's set before you do the auth checks then. You can call it Mary and it still won't work otherwise.

dacoder96
02-02-2010, 08:20 AM
Yes, but if it is before then the variable would be in the globalHeader not on the content pages.
The variable needs to be on the content page not the global ones.

SKDevelopment
02-02-2010, 09:42 AM
If you need the page permissions not only at the pages but in some other places (e.g. you would like to make some menu hyperlinks available or not available depending on permissions) then yes, you would need to separate permissions setting from the actual page code.

You could define permissions for pages in a database or even in an array (for small systems only of course). You could even do it in a switch block


<?php
// separate file for inclusion
function getPermissions($pagename)
{
$pagename = strtolower(trim($pagename));
$permissions = GROUP_GUEST;
switch($pagename)
{
case 'page1.php':
case 'page2.php':
case 'page3.php':
$permissions = GROUP_USER|GROUP_ADMIN|GROUP_MOD;
break;
case 'page4.php':
case 'page5.php':
case 'page6.php':
$permissions = GROUP_ADMIN|GROUP_MOD;
break;
default:
$permissions = GROUP_GUEST;
}

return $permissions;
}
?>

It is convenient for small systems only of course. For bigger systems you would simply create a table with 2 fields: pagename and permissions. pagename would be a primary key. The function would extract the permissions by pagename with a simple SELECT statement


SELECT pagepemissions FROM permissions WHERE pagename='page1.php';

If no pagename is found, the most restricted permissions should be returned by default.

dacoder96
02-02-2010, 11:44 AM
Ok, i've decided im going to do it from a database
i can code it myself but all i need to know is...
I want the permissions to be in one piece of data,
eg:
groups; 0 = guest
1 = admin
2 = mod
3 = user
when a pagePermission is set it is done like this in the database...
so for example, this is according to the control panel (only viewable by admin and mod)
eg) 1|2
notice they are seperated by '|'
now all i need to do it get the number and place them in an array and check if they exist in the array when loading the page

how can i seperate the numbers and put them in an array?

thanks!

SKDevelopment
02-02-2010, 12:54 PM
If you do it as I have described in post #2 and define the constants as powers of 2, you would not need to separate the numbers.

I mean e.g. you set your constants as 1,2,4,8. E.g. bitwise OR 1|4 would give you 5. Then 1&5 would evaluate to true (taking into account PHP automatic type casting), 4&5 would evaluate to true too. But e.g. 5&2 would evaluate to false.

Just define your constants as bit flags and use bitwise AND ("&") (http://www.php.net/manual/en/language.operators.bitwise.php) to see if a user has permissions to access the page or not (similar to the thing I have described in post #2).

If I have not described it clearly enough, please ask questions. I would be glad to answer.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum