Resolved Redirect users based on their access level.

rgEffects · 01-29-2013, 09:00 PM

I have a users table with id(primary key), userName, password, and access fields. I've set up the log-in to pass userName, password and access to a session variable to validate the user.

There are 3 access levels now. 0, 1, & 2. I would like to add a redirect similar to the error redirect to push users with 0 to the error page (that works now) send users with access level 1 to another page, and access level 2 to a third page.

Here's the restrict access code:

PHP Code:


			
<?php 

if (!isset($_SESSION)) {

  session_start();

}

$MM_authorizedUsers = "1, 2";

$MM_donotCheckaccess = "false";



// *** Restrict Access To Page

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 

  // For security, start by assuming the visitor is NOT authorized. 

  $isValid = False; 



  // No log-in if Session variable is blank. 

  if (!empty($UserName)) { 

    //Restrict access

    // Parse the strings into arrays. 

    $arrUsers = Explode(",", $strUsers); 

    $arrGroups = Explode(",", $strGroups); 

    if (in_array($UserName, $arrUsers)) { 

      $isValid = true; 

    } 

    // Or, you may restrict access only by username. 

    if (in_array($UserGroup, $arrGroups)) { 

      $isValid = true; 

    } 

    if (($strUsers == "") && false) { 

      $isValid = true; 

    } 

  } 

  return $isValid; 

}



$MM_restrictGoTo = "../error.php";



// I think this is where the argument that validates user level 2 goes here:



/* $MM2_restrictGoTo = "../dashboard2.php";

  (check user access level)

*/



if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   

  $MM_qsChar = "?";

  $MM_referrer = $_SERVER['PHP_SELF'];

  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 

  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];

  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

  header("Location: ". $MM_restrictGoTo); 

  exit;    

}

 ?>

I can't figure out how to put in a redirect so that upon successful login access level 1 keeps you on the dashboard.php page but access level 2 sends you to the dashboard2.php page.

I'm beginning to think that I need a dummy page that uses a simple if (access = '1') {go to here} else if (access - '2') go somewhere else.

felgall · 01-29-2013, 09:22 PM

Where you have the call:

isAuthorized("",$MM_authorizedUsers, ...

you have $MM_authorizedUsers as a comma separated list containing both 1 and 2.

If you were to call it with just one of those values then you can put code that is specific to people who have that level of access into an if statement that does that call.

Code:

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",'2', $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {    
 header("Location: dashboard2.php );  
  exit;     
}

rgEffects · 01-29-2013, 11:45 PM

Thanks for the suggestion. I put it in and it redirects every user to the new page... I must be missing something. Not having very good luck with this so far.

PHP Code:


			
 // ======= same as above
    if (($strUsers == "") && false) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = " ../au243/error.php";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",'2', $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {    
 header("Location: ../au243/netAdmin/userDashboard.php" );  
  exit;     
}

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;    
}
 ?>

Changing the (isAuthorized("",'2', $_SESSION['MM_Username'] to '4' or 'foo' has no effect so I don't think the method is doing anything except pointing to the userDashboard.php page.

rgEffects · 01-30-2013, 01:38 PM

I was way over thinking this problem I ended up simplifying the code substantially and just dropping it to the bottom of the php that runs before the HTML starts. The code that works is amazingly simple.

PHP Code:


			
if(!session_id()) session_start(); 

switch($_SESSION['MM_UserGroup']) { 

case "2": 

header("Location: ../au243/netAdmin/userDashboard.php"); 

break; 

}

I also discovered that I could add as many 'cases and header locations ad I want for various levels.

I hope this solution solves problems for others. As is my usual practice, I tend to make things way too complicated.