Forums

PHP

This topic is locked

Controling access to different areas of admin

Posted 19 May 2007 15:43:32
1
has voted
19 May 2007 15:43:32 David Weller posted:
Hi i am in need of some help from you guys as i am quite new to php programing and have been building an admin panel which allows several different types of user into the system. The problem i am having is checking the users level against the access level i had given to the admin section. The users data is coming from a mysql database table and the areas access level is also coming out of the mysql database.

i have a script from felixone that i have tried to load a dynamic list of allowed users which are in integer format seperated with a comma, example:

$pagerights = $row_rsMod['Rights']; // Page rights
// *** Restrict Access To Page: Grant or deny access to this page
$FX_authorizedUsers= $pagerights; // This would normaly display in the fashion "1,2,3,4" and so on to campare against the users rights.
$FX_authFailedURL="../index.php";
$FX_grantAccess=0;
if (!session_id()) session_start();
if (isset($_SESSION["url_UserName"])) session_unregister("url_UserName";
if (isset($_SESSION["UserName"])) {
if (false || !(isset($_SESSION["UserGroup"])) || $_SESSION["UserGroup"]=="" || strpos($FX_authorizedUsers, $_SESSION["UserGroup"])) {
$FX_grantAccess = 1;
}
}
if (!$FX_grantAccess) {
$url_UserName = "".$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'];
if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != "" $url_UserName .= "?".$_SERVER['QUERY_STRING'];
session_register("url_UserName";
$FX_qsChar = "?";
if (strpos($FX_authFailedURL, "?") $FX_qsChar = "&";
$FX_denymsg = "Restricted Area";
$FX_authFailedURL = $FX_authFailedURL . $FX_qsChar . "accessdeniedmsg=" . urlencode($FX_denymsg);
header("Location: $FX_authFailedURL";
exit;
}

Can anyone please give me a way of loading the pages dynamic access numbers into the $FX_authorizedUsers variable.

Thank you guys!

Reply to this topic