Solved

Restricting access to certain pages

Posted on 2007-03-21
3
217 Views
Last Modified: 2008-02-20
I have several pages which are accessible by only users belonging to certain groups. I use the following lines in order to restrict access to those who have logged in:
<?php
//Start the session to retrieve access id and access level
session_start();
//Allow levels to view page
if (isset($_SESSION['access_lvl']) && ($_SESSION['access_lvl'] == 1)||
   ($_SESSION['access_lvl'] == 2) || ($_SESSION['access_lvl'] == 3) ||
   ($_SESSION['access_lvl'] == 5) || ($_SESSION['access_lvl'] == 7) ||
   ($_SESSION['access_lvl'] == 9) || ($_SESSION['access_lvl'] == 10) ||
   ($_SESSION['access_lvl'] == 11) || ($_SESSION['access_lvl'] == 12) || ($_SESSION['access_lvl'] == 8)) {
   //Do nothing
} else {
      include 'not_allowed.php';
      die();
}
I also have another form to create users and assign them the access level. Is there a way I could grant or change access the user has without having to include this type of code in every restricted page?
0
Comment
Question by:horalia
  • 2
3 Comments
 
LVL 28

Expert Comment

by:gamebits
ID: 18767808
You could cut down on some of the checks

If($_SESSION['access_lvl'] >= 7) || ($_SESSION['access_lvl'] <= 12) } else {
      include 'not_allowed.php';
      die();
}

Or you could put the level check into a file and include that file

0
 

Author Comment

by:horalia
ID: 18767858
I should have actually given more of an explanation of what I want to do. This site is an ongoing one, right now I have only 3 reports but I'll be adding more in the future. There are some reports which can be modified by a group and only viewed by another, and to make things more complicated, some users have access to change only some fields of the report. This is what I do to restrict access:

<input name="pages" type="text" size="5" class="yellow" onchange="checkNumber(this)" tabIndex="0"
            <?php if($dept!=1 and $dept!=4) echo "readonly"; ?> value="<?php printf($pages);?>">

I was wondering if there was a way to grant access to these users by using a form, thus making this more sophisticated instead of having every time that a new user will be added to the system, having to change his/her permissions by changing the code.
0
 
LVL 28

Accepted Solution

by:
gamebits earned 500 total points
ID: 18767921
The way I usually do is I gave the user an access level and I make a page to redirect to the proper page according to their access level, I use a simple switch statement each case being a level access, on each page you have to check the page referer to make sure they are comming from the page who is doing the level check and if not redirecting them to the login, etc.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now