Solved

Restricting access to certain pages

Posted on 2007-03-21
3
228 Views
Last Modified: 2008-02-20
I have several pages which are accessible by only users belonging to certain groups. I use the following lines in order to restrict access to those who have logged in:
<?php
//Start the session to retrieve access id and access level
session_start();
//Allow levels to view page
if (isset($_SESSION['access_lvl']) && ($_SESSION['access_lvl'] == 1)||
   ($_SESSION['access_lvl'] == 2) || ($_SESSION['access_lvl'] == 3) ||
   ($_SESSION['access_lvl'] == 5) || ($_SESSION['access_lvl'] == 7) ||
   ($_SESSION['access_lvl'] == 9) || ($_SESSION['access_lvl'] == 10) ||
   ($_SESSION['access_lvl'] == 11) || ($_SESSION['access_lvl'] == 12) || ($_SESSION['access_lvl'] == 8)) {
   //Do nothing
} else {
      include 'not_allowed.php';
      die();
}
I also have another form to create users and assign them the access level. Is there a way I could grant or change access the user has without having to include this type of code in every restricted page?
0
Comment
Question by:horalia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 28

Expert Comment

by:gamebits
ID: 18767808
You could cut down on some of the checks

If($_SESSION['access_lvl'] >= 7) || ($_SESSION['access_lvl'] <= 12) } else {
      include 'not_allowed.php';
      die();
}

Or you could put the level check into a file and include that file

0
 

Author Comment

by:horalia
ID: 18767858
I should have actually given more of an explanation of what I want to do. This site is an ongoing one, right now I have only 3 reports but I'll be adding more in the future. There are some reports which can be modified by a group and only viewed by another, and to make things more complicated, some users have access to change only some fields of the report. This is what I do to restrict access:

<input name="pages" type="text" size="5" class="yellow" onchange="checkNumber(this)" tabIndex="0"
            <?php if($dept!=1 and $dept!=4) echo "readonly"; ?> value="<?php printf($pages);?>">

I was wondering if there was a way to grant access to these users by using a form, thus making this more sophisticated instead of having every time that a new user will be added to the system, having to change his/her permissions by changing the code.
0
 
LVL 28

Accepted Solution

by:
gamebits earned 500 total points
ID: 18767921
The way I usually do is I gave the user an access level and I make a page to redirect to the proper page according to their access level, I use a simple switch statement each case being a level access, on each page you have to check the page referer to make sure they are comming from the page who is doing the level check and if not redirecting them to the login, etc.
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question