Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    New Coder
    Join Date
    Jul 2009
    Location
    Most of the time - internet
    Posts
    85
    Thanks
    0
    Thanked 1 Time in 1 Post

    Question Basic Authentication System - Need ideas/help

    Hello, thanks for opening the thread!

    I'm making a blog site and I need to be able to authenticate the pages.
    This is the second or maybe even third time I have written this post because it's pretty confusing...

    My blog contains 3 main files when loading a page.
    globalHeader.php - this page has all the SQL stuff and variables etc...
    the content page (eg: index.php) - this page contains the content and has globalHeader and globalFooter INCLUDED in it using the include function
    globalFooter.php - this page closes everything up to make it work

    I need some pages to be authenicated and only certain user groups can view them.
    Here are the user groups;
    0 - guest
    1 - admin
    2 - mod
    3 - user

    I need a script that can authenticate each page to more then one user group (eg; Admin Control Panel can be viewed by Mod and Admin eg2; member profiles can be viewed by admin, mod, user)
    So far I have this...
    PHP Code:
    if($_SESSION['blogUsername'] != 'guest' && $_SESSION['blogAccess'] = '1' && $_SESSION['blogGroup'] = $pageView) {
     echo
    "nice";
    }
    else {
     echo
    "oh no!";

    How it works...
    It checks if blogUsername is not equal to guest,
    if blogAccess is equal to 1 (meaning they have logged in),
    if $pageView is equal to blogGroup

    Explanation...
    - all session variables are in the globalHeader all set, ready to go!
    - $pageView will be on every single CONTENT page BUT the script is above it in the globalHeader (so that I don't need to insert it into every page) but that means; if the variable is under the script it doesn't apply because the server reads it top to bottom. So if the variable is below the checking IF statement it wont exist.
    If you can help me fix it somehow and get it to work or completely make a new one that's really helpful!
    Just make sure multiple user groups can view pages depending on my choice.

    --
    Later on I might have to add these variables to a database so that I can change who can view which page from a control panel without having to change all the coding but this is just a basic site and it is my first time to use so much PHP so I'm having just a little trouble.

    Thanks for viewing the thread and reading it. I hope it wasn't to confusing because my first one I wrote was really over the place!

  • #2
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    Then you could define bit flags for the groups:
    PHP Code:
    define('GROUP_GUEST',1);
    define('GROUP_ADMIN',2);
    define('GROUP_MOD',4);
    define('GROUP_USER',8); 
    Each page could be allowed to be viewed by some groups e.g.
    PHP Code:
    $page_permissions GROUP_ADMIN|GROUP_MOD
    Each user could belong to different groups, e.g.
    PHP Code:
    $user_permissions GROUP_MOD|GROUP_USER
    If at some particular page the condition
    PHP Code:
    if($page_permissions $user_permissions)
    {


    evaluates to true, then the user is allowed to view this particular page.

  • #3
    New Coder
    Join Date
    Jul 2009
    Location
    Most of the time - internet
    Posts
    85
    Thanks
    0
    Thanked 1 Time in 1 Post
    Thanks but that script will be going in the global header so that I don't have to put it in every page. The page permission variable will be on the actual page (eg; index.php) so that means it won't work because the variable is created after it is needed.

    Is there another way or should I just store who can view what page in the database that way it can be retrieved from anywhere?? How would I do that?
    I'm guessing you just have to replace the page permission variable with a SQL query

  • #4
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by dacoder96 View Post
    - $pageView will be on every single CONTENT page BUT the script is above it in the globalHeader (so that I don't need to insert it into every page) but that means; if the variable is under the script it doesn't apply because the server reads it top to bottom. So if the variable is below the checking IF statement it wont exist.
    Make sure it's set before you do the auth checks then. You can call it Mary and it still won't work otherwise.

  • #5
    New Coder
    Join Date
    Jul 2009
    Location
    Most of the time - internet
    Posts
    85
    Thanks
    0
    Thanked 1 Time in 1 Post
    Yes, but if it is before then the variable would be in the globalHeader not on the content pages.
    The variable needs to be on the content page not the global ones.

  • #6
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    If you need the page permissions not only at the pages but in some other places (e.g. you would like to make some menu hyperlinks available or not available depending on permissions) then yes, you would need to separate permissions setting from the actual page code.

    You could define permissions for pages in a database or even in an array (for small systems only of course). You could even do it in a switch block
    PHP Code:
    <?php
    // separate file for inclusion
    function getPermissions($pagename)
    {
     
    $pagename strtolower(trim($pagename));
     
    $permissions GROUP_GUEST;
     switch(
    $pagename)
     {
      case 
    'page1.php':
      case 
    'page2.php':
      case 
    'page3.php':
       
    $permissions GROUP_USER|GROUP_ADMIN|GROUP_MOD;
       break;
      case 
    'page4.php':
      case 
    'page5.php':
      case 
    'page6.php':
       
    $permissions GROUP_ADMIN|GROUP_MOD;
       break;
      default:
       
    $permissions GROUP_GUEST;
     }

     return 
    $permissions;
    }
    ?>
    It is convenient for small systems only of course. For bigger systems you would simply create a table with 2 fields: pagename and permissions. pagename would be a primary key. The function would extract the permissions by pagename with a simple SELECT statement
    Code:
    SELECT pagepemissions FROM permissions WHERE pagename='page1.php';
    If no pagename is found, the most restricted permissions should be returned by default.

  • #7
    New Coder
    Join Date
    Jul 2009
    Location
    Most of the time - internet
    Posts
    85
    Thanks
    0
    Thanked 1 Time in 1 Post
    Ok, i've decided im going to do it from a database
    i can code it myself but all i need to know is...
    I want the permissions to be in one piece of data,
    eg:
    groups; 0 = guest
    1 = admin
    2 = mod
    3 = user
    when a pagePermission is set it is done like this in the database...
    so for example, this is according to the control panel (only viewable by admin and mod)
    eg) 1|2
    notice they are seperated by '|'
    now all i need to do it get the number and place them in an array and check if they exist in the array when loading the page

    how can i seperate the numbers and put them in an array?

    thanks!
    Last edited by dacoder96; 02-02-2010 at 10:48 AM.

  • #8
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    If you do it as I have described in post #2 and define the constants as powers of 2, you would not need to separate the numbers.

    I mean e.g. you set your constants as 1,2,4,8. E.g. bitwise OR 1|4 would give you 5. Then 1&5 would evaluate to true (taking into account PHP automatic type casting), 4&5 would evaluate to true too. But e.g. 5&2 would evaluate to false.

    Just define your constants as bit flags and use bitwise AND ("&") to see if a user has permissions to access the page or not (similar to the thing I have described in post #2).

    If I have not described it clearly enough, please ask questions. I would be glad to answer.
    Last edited by SKDevelopment; 02-02-2010 at 11:57 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •