Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

PHP Restrict Access to Page() problem!

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

PHP Restrict Access to Page() problem!

Postby anb » Wed Oct 24, 2012 9:52 pm

Hi there,

I'm trying to make a backend for a website i'm working on so that the owner can update the info easily. I have created a login.php file which checks for the right username and password which is working fine.
Code: Select all
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "myadminpage.html";
  $MM_redirectLoginFailed = "login.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_claudechalhoubconx, $claudechalhoubconx);
 
  $LoginRS__query=sprintf("SELECT username, password FROM admins WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
   
  $LoginRS = mysql_query($LoginRS__query, $claudechalhoubconx) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
   
   if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;        

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];   
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>


If the user logs in successfully, he is taken to myadminpage.html where he gets to pick what to update(videos, press articles, etc...). For example, If he chooses videos, he is taken to the updatevideos.php page where he can view/add/delete/modify videos etc... Note that I have not included any session checks in myadminpage.html.

All was working properly, until I added the Restrict Access to Page() behaviour to all the update pages. Note that I've been working in dreamweaver cs5. In this behaviour, if the user doesn't have access to this page, he should be directed back to the login page. Otherwise, he goes to the updatevideos.php (for example)

The problem is, even after a successful login and getting to myadminpage.html, I click on videos(for example) and instead of getting to the update videos page, I am going back to the login page. I am guessing something is going wrong with the session variable.

The following is the code on the updatevideos.php. (I have pasted above the code of the login.php. I have no code for session variables on myadminpage.html (in case that could be causing the problem)).
Code: Select all
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
  // For security, start by assuming the visitor is NOT authorized.
  $isValid = False;

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
  // Therefore, we know that a user is NOT logged in if that Session variable is blank.
  if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    }
    if (($strUsers == "") && true) {
      $isValid = true;
    }
  }
  return $isValid;
}

$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo);
  exit;
}
?>


Any help is greatly appreciated! Thanks in advance.
anb
New php-forum User
New php-forum User
 
Posts: 1
Joined: Wed Oct 24, 2012 9:19 pm

Re: PHP Restrict Access to Page() problem!

Postby MeroD » Wed Oct 24, 2012 11:23 pm

Try this logic?

Code: Select all
<?php 
    if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) 
    { 
        // let the user access the restricted page 
    } 
    elseif(!empty($_POST['username']) && !empty($_POST['password'])) 
    { 
        // let the user login 
    } 
    else 
    { 
        // display the login form 
    } 
    ?>
MeroD
New php-forum User
New php-forum User
 
Posts: 53
Joined: Wed Oct 10, 2012 12:14 am


Return to PHP coding => General

Who is online

Users browsing this forum: Google [Bot] and 2 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.