Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Aug 2012
    Posts
    142
    Thanks
    39
    Thanked 3 Times in 3 Posts

    Redirect users based on their access level.

    I have a users table with id(primary key), userName, password, and access fields. I've set up the log-in to pass userName, password and access to a session variable to validate the user.

    There are 3 access levels now. 0, 1, & 2. I would like to add a redirect similar to the error redirect to push users with 0 to the error page (that works now) send users with access level 1 to another page, and access level 2 to a third page.

    Here's the restrict access code:
    PHP Code:
    <?php 
    if (!isset($_SESSION)) {
      
    session_start();
    }
    $MM_authorizedUsers "1, 2";
    $MM_donotCheckaccess "false";

    // *** Restrict Access To Page
    function isAuthorized($strUsers$strGroups$UserName$UserGroup) { 
      
    // For security, start by assuming the visitor is NOT authorized. 
      
    $isValid False

      
    // No log-in if Session variable is blank. 
      
    if (!empty($UserName)) { 
        
    //Restrict access
        // Parse the strings into arrays. 
        
    $arrUsers Explode(","$strUsers); 
        
    $arrGroups Explode(","$strGroups); 
        if (
    in_array($UserName$arrUsers)) { 
          
    $isValid true
        } 
        
    // Or, you may restrict access only by username. 
        
    if (in_array($UserGroup$arrGroups)) { 
          
    $isValid true
        } 
        if ((
    $strUsers == "") && false) { 
          
    $isValid true
        } 
      } 
      return 
    $isValid
    }

    $MM_restrictGoTo "../error.php";

    // I think this is where the argument that validates user level 2 goes here:

    /* $MM2_restrictGoTo = "../dashboard2.php";
      (check user access level)
    */

    if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers$_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
      
    $MM_qsChar "?";
      
    $MM_referrer $_SERVER['PHP_SELF'];
      if (
    strpos($MM_restrictGoTo"?")) $MM_qsChar "&";
      if (isset(
    $_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0
      
    $MM_referrer .= "?" $_SERVER['QUERY_STRING'];
      
    $MM_restrictGoTo $MM_restrictGoTo$MM_qsChar "accesscheck=" urlencode($MM_referrer);
      
    header("Location: "$MM_restrictGoTo); 
      exit;    
    }
     
    ?>
    I can't figure out how to put in a redirect so that upon successful login access level 1 keeps you on the dashboard.php page but access level 2 sends you to the dashboard2.php page.

    I'm beginning to think that I need a dummy page that uses a simple if (access = '1') {go to here} else if (access - '2') go somewhere else.
    Last edited by rgEffects; 01-30-2013 at 02:03 PM.

  • #2
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,620
    Thanks
    0
    Thanked 645 Times in 635 Posts
    Where you have the call:

    isAuthorized("",$MM_authorizedUsers, ...

    you have $MM_authorizedUsers as a comma separated list containing both 1 and 2.

    If you were to call it with just one of those values then you can put code that is specific to people who have that level of access into an if statement that does that call.

    Code:
    if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",'2', $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {    
     header("Location: dashboard2.php );  
      exit;     
    }
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • Users who have thanked felgall for this post:

    rgEffects (01-29-2013)

  • #3
    Regular Coder
    Join Date
    Aug 2012
    Posts
    142
    Thanks
    39
    Thanked 3 Times in 3 Posts
    Thanks for the suggestion. I put it in and it redirects every user to the new page... I must be missing something. Not having very good luck with this so far.
    PHP Code:
     // ======= same as above
        
    if (($strUsers == "") && false) { 
          
    $isValid true
        } 
      } 
      return 
    $isValid
    }

    $MM_restrictGoTo " ../au243/error.php";

    if (!((isset(
    $_SESSION['MM_Username'])) && (isAuthorized("",'2'$_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {    
     
    header("Location: ../au243/netAdmin/userDashboard.php" );  
      exit;     
    }

    if (!((isset(
    $_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers$_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
      
    $MM_qsChar "?";
      
    $MM_referrer $_SERVER['PHP_SELF'];
      if (
    strpos($MM_restrictGoTo"?")) $MM_qsChar "&";
      if (isset(
    $_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0
      
    $MM_referrer .= "?" $_SERVER['QUERY_STRING'];
      
    $MM_restrictGoTo $MM_restrictGoTo$MM_qsChar "accesscheck=" urlencode($MM_referrer);
      
    header("Location: "$MM_restrictGoTo); 
      exit;    
    }
     
    ?> 
    Changing the (isAuthorized("",'2', $_SESSION['MM_Username'] to '4' or 'foo' has no effect so I don't think the method is doing anything except pointing to the userDashboard.php page.
    Last edited by rgEffects; 01-29-2013 at 11:48 PM.

  • #4
    Regular Coder
    Join Date
    Aug 2012
    Posts
    142
    Thanks
    39
    Thanked 3 Times in 3 Posts
    I was way over thinking this problem I ended up simplifying the code substantially and just dropping it to the bottom of the php that runs before the HTML starts. The code that works is amazingly simple.
    PHP Code:
    if(!session_id()) session_start(); 
    switch(
    $_SESSION['MM_UserGroup']) { 
    case 
    "2"
    header("Location: ../au243/netAdmin/userDashboard.php"); 
    break; 

    I also discovered that I could add as many 'cases and header locations ad I want for various levels.

    I hope this solution solves problems for others. As is my usual practice, I tend to make things way too complicated.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •