Antonia Posted April 17, 2012 Share Posted April 17, 2012 Hello, I have been following the book and have set-up a login system but my only problem is even if users are not logged in if they manually type the name of a page it will load. There is references in the book to restrict access but no examples, I have my links in the footer with user level control and that works fine. I have tried to restrict pages from loading but I have not been successful yet. Any help would be nice. ~Antonia Link to comment Share on other sites More sharing options...
Larry Posted April 17, 2012 Share Posted April 17, 2012 You'd just check for the presence of a cookie or session variable and redirect the user if the variable is not present or doesn't have the correct value. Link to comment Share on other sites More sharing options...
Antonia Posted April 17, 2012 Author Share Posted April 17, 2012 Ok, thanks Larry. I think I have sussed it and have attached the code so others can learn from it. Placed on every page that needs protecting and it appears to work very well // If no session variable exists, or unauthorized user_level, redirect the user: if (isset($_SESSION['user_id'])) { // if a valid user session is found then the user level is checked, if the // user has level 3 access they will be granted access if not a access denied //message be displayed and the user will be redirected. if ($_SESSION['user_level'] == 3) {} else { header("Refresh: 3; url=index.php"); echo '<h3>Access deined - you do not have access to this page</h3>'; echo 'You will be redirected in 3 seconds'; include ('includes/footer.html'); exit(); // Quit the script. } } // if no valid session is found then the user is not logged in and will // receive a access denied message and will be redirected to the login page. else if (!isset($_SESSION['user_id'])) { header("Refresh: 3; url=login.php"); echo '<h3>Access deined - you do not have access to this page</h3>'; echo '<p>You will be redirected in 3 seconds</p>'; include ('includes/footer.html'); exit(); // Quit the script. } Link to comment Share on other sites More sharing options...
Antonia Posted April 17, 2012 Author Share Posted April 17, 2012 Just noticed I posted this in the wrong section :s Should have been in the "PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)" section. Link to comment Share on other sites More sharing options...
Larry Posted April 18, 2012 Share Posted April 18, 2012 Okay. Thanks for sharing what you figured out. Link to comment Share on other sites More sharing options...
ramu Posted July 21, 2015 Share Posted July 21, 2015 Hi guys, i want to create access control list for one of my web application .currently i am using yii framework.Some people are suggesting to use zend framework ACL library. Which is the more secured library for ACL management. this is my blog http://www.popularskills.com/ Link to comment Share on other sites More sharing options...
Recommended Posts