Jump to content
Larry Ullman's Book Forums
Sign in to follow this  
Antonia

Restrict Access To Pages

Recommended Posts

Hello,

 

I have been following the book and have set-up a login system but my only problem is even if users are not logged in if they manually type the name of a page it will load.

 

There is references in the book to restrict access but no examples, I have my links in the footer with user level control and that works fine. I have tried to restrict pages from loading but I have not been successful yet.

 

Any help would be nice.

 

~Antonia

Share this post


Link to post
Share on other sites

You'd just check for the presence of a cookie or session variable and redirect the user if the variable is not present or doesn't have the correct value.

Share this post


Link to post
Share on other sites

Ok, thanks Larry. I think I have sussed it and have attached the code so others can learn from it. Placed on every page that needs protecting and it appears to work very well :)

 

// If no session variable exists, or unauthorized user_level, redirect the user:
  if (isset($_SESSION['user_id']))
  {
  // if a valid user session is found then the user level is checked, if the
  // user has level 3 access they will be granted access if not a access denied
  //message be displayed and the user will be redirected.
	 if ($_SESSION['user_level'] == 3) {}

  else
  {
	header("Refresh: 3; url=index.php");
   echo '<h3>Access deined - you do not have access to this page</h3>';
   echo 'You will be redirected in 3 seconds';
   include ('includes/footer.html');
	exit(); // Quit the script.
  }  
  }
  // if no valid session is found then the user is not logged in and will
  // receive a access denied message and will be redirected to the login page.
  else if (!isset($_SESSION['user_id'])) {

  header("Refresh: 3; url=login.php");
  echo '<h3>Access deined - you do not have access to this page</h3>';
  echo '<p>You will be redirected in 3 seconds</p>';
  include ('includes/footer.html');
  exit(); // Quit the script.
  }  

Share this post


Link to post
Share on other sites

Hi guys, i want to create access control list for one of my web application .currently i am using yii framework.Some people are suggesting to use zend framework ACL library. Which is the more secured library for ACL management. this is my   blog  http://www.popularskills.com/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...