CodingForums.com

CodingForums.com (http://www.codingforums.com/index.php)
-   PHP (http://www.codingforums.com/forumdisplay.php?f=6)
-   -   Resolved Redirect users based on their access level. (http://www.codingforums.com/showthread.php?t=286677)

rgEffects 01-29-2013 09:00 PM
Redirect users based on their access level.
 
I have a users table with id(primary key), userName, password, and access fields. I've set up the log-in to pass userName, password and access to a session variable to validate the user.

There are 3 access levels now. 0, 1, & 2. I would like to add a redirect similar to the error redirect to push users with 0 to the error page (that works now) send users with access level 1 to another page, and access level 2 to a third page.

Here's the restrict access code:
PHP Code:
<?php 
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers "1, 2";
$MM_donotCheckaccess "false";

// *** Restrict Access To Page
function isAuthorized($strUsers$strGroups$UserName$UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid False

  // No log-in if Session variable is blank. 
  if (!empty($UserName)) { 
    //Restrict access
    // Parse the strings into arrays. 
    $arrUsers Explode(","$strUsers); 
    $arrGroups Explode(","$strGroups); 
    if (in_array($UserName$arrUsers)) { 
      $isValid true
    } 
    // Or, you may restrict access only by username. 
    if (in_array($UserGroup$arrGroups)) { 
      $isValid true
    } 
    if (($strUsers == "") && false) { 
      $isValid true
    } 
  } 
  return $isValid
}

$MM_restrictGoTo "../error.php";

// I think this is where the argument that validates user level 2 goes here:

/* $MM2_restrictGoTo = "../dashboard2.php";
  (check user access level)
*/

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers$_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar "?";
  $MM_referrer $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo"?")) $MM_qsChar "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0
  $MM_referrer .= "?" $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo $MM_restrictGoTo$MM_qsChar "accesscheck=" urlencode($MM_referrer);
  header("Location: "$MM_restrictGoTo); 
  exit;    
}
 ?>
I can't figure out how to put in a redirect so that upon successful login access level 1 keeps you on the dashboard.php page but access level 2 sends you to the dashboard2.php page.

I'm beginning to think that I need a dummy page that uses a simple if (access = '1') {go to here} else if (access - '2') go somewhere else.

felgall 01-29-2013 09:22 PM
Where you have the call:

isAuthorized("",$MM_authorizedUsers, ...

you have $MM_authorizedUsers as a comma separated list containing both 1 and 2.

If you were to call it with just one of those values then you can put code that is specific to people who have that level of access into an if statement that does that call.

Code:
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",'2', $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
 header("Location: dashboard2.php ); 
  exit;   
}

rgEffects 01-29-2013 11:45 PM
Thanks for the suggestion. I put it in and it redirects every user to the new page... I must be missing something. Not having very good luck with this so far.
PHP Code:
 // ======= same as above
    if (($strUsers == "") && false) { 
      $isValid true
    } 
  } 
  return $isValid
}

$MM_restrictGoTo " ../au243/error.php";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",'2'$_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {    
 header("Location: ../au243/netAdmin/userDashboard.php" );  
  exit;     
}

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers$_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar "?";
  $MM_referrer $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo"?")) $MM_qsChar "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0
  $MM_referrer .= "?" $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo $MM_restrictGoTo$MM_qsChar "accesscheck=" urlencode($MM_referrer);
  header("Location: "$MM_restrictGoTo); 
  exit;    
}
 ?> 
Changing the (isAuthorized("",'2', $_SESSION['MM_Username'] to '4' or 'foo' has no effect so I don't think the method is doing anything except pointing to the userDashboard.php page.

rgEffects 01-30-2013 01:38 PM
I was way over thinking this problem I ended up simplifying the code substantially and just dropping it to the bottom of the php that runs before the HTML starts. The code that works is amazingly simple.
PHP Code:
if(!session_id()) session_start(); 
switch($_SESSION['MM_UserGroup']) { 
case "2"
header("Location: ../au243/netAdmin/userDashboard.php"); 
break; 

I also discovered that I could add as many 'cases and header locations ad I want for various levels.

I hope this solution solves problems for others. As is my usual practice, I tend to make things way too complicated.


All times are GMT +1. The time now is 09:26 AM.

Powered by vBulletin®
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.