Restricting files to certain users?

@DanUKJan 20.2006

Hello! Okay, big question for you. I really hope I’m going to explain it properly and fully for you to understand. ?
I will appreciate any help you can provide me with this.

Okay, just to introduce the current setup, I have a staff area which is restricted, and has a PHP login system, which in turn sends our a PHP session stating an account name (of ~~[b]~~$_SESSION[‘account’];[/b]).

What I want to do now, is restrict certain pages within that staff area to certain account names, but because I want to do this on multiple ones… here is what I’d like to happen.

On a ‘groups.php’ I’d like to state arrays for about 3 groups, each containing account names – some of these account names need to be used in other groups too (for people that belong to more than just 1).

I was wondering then if on the pages I want to restrict to certain groups, I can use a same if statement to check if their username belongs in that group, and if so, allow them to see the page, or if not to echo out a message of ‘Sorry, you do not have permissions to view this page’?)

Example groups.php:

[code] $manager = array(‘name1’, ‘name2’, ‘name3’); $hr = array(‘name1’); $sales = array(‘name1’, ‘name2’, ‘name3’, ‘name4’, ‘name5’); $support = array(‘name1’, ‘name2’, ‘name3’, ‘name4’, ‘name5’); [/code]

Any help with this would be appreciated! Thank you.

to post a comment

PHP

33 Comments(s) _↴

@NogDogJan 20.2006 — #Probably simpler(?) would be one array. You could put this in an include file:

[code=php]
 function in_group($user, $group)
 {
 $groups = array("manager" => array('name1', 'name2', 'name3'),
 "hr" => array('name1'),
 "sales" => array('name1', 'name2', 'name3', 'name4', 'name5'),
 "support" => array('name1', 'name2', 'name3', 'name4', 'name5'));
 return(in_array($user, $groups[$group]));
 }
 [/code]

In each controlled file:

[code=php]
 require "include_file.php";
 if( ! in_group($_SESSION['account'], "manager") )
 {
 // output "not allowed" message
 }
 else
 {
 // display the page
 }
 [/code]

@DanUKauthorJan 20.2006 — #Hey! Thank you so much for that.

I wanted to ask two more questions if that's OK.

How can I add it for more than one group? For example:

if( ! in_group($_SESSION['account'], "manager") )

how could we do this for "manager" and "sales"?

Also another question, where the code would go for the successful output, is it possible to not have it within PHP? All my code is standard HTML with some <?php bits, but if it's in PHP I'll have to edit all the code to work within the php tages, i.e. "something"

Thanks!

@DanUKauthorJan 20.2006 — #Hi, just to follow up from my last post, could I use this?

[code=php]
 
 <?php
 include_once('/home/us/staff/protect.php');
 include_once('/home/us/staff/header.php');
 require "/home/us/staff/include_file.php"; 
 
 if( ! in_group($_SESSION['account'], "manager") ) 
 { 
 // output "not allowed" message 
 } 
 else 
 { 
 ?>
 
 The HTML content here.
 
 <?php
 } 
 include_once('/home/us/staff/footer.php');
 ?>
 [/code]

If so, then I just need a bit of help with more than one group, as specified in my previous post. ? Thank you!

@NogDogJan 20.2006 — #

[code=php]
 if( ! in_group($_SESSION['account'], "manager") and ! in_group($_SESSION['account', "hr"))
 {
 // output "not allowed" message
 }
 else
 {
 // display the page
 } 
 [/code]

@DanUKauthorJan 21.2006 — #Okay, fab, thanks!!!

Was my above code ok, so I could just use my standard HTML?

?

@DanUKauthorJan 21.2006 — #Just tried the code, all working perfectly, 100% what I wanted!

Thank you so much! ?

@LiLcRaZyFuZzYJan 21.2006 — #

[code=php]
 if( ! in_group($_SESSION['account'], "manager") and ! in_group($_SESSION['account', "hr"))
 {
 // output "not allowed" message
 }
 else
 {
 // display the page
 } 
 [/code]

[/QUOTE]
in_group($_SESSION['account'[B]][/B], "hr"))

@DanUKauthorJan 21.2006 — #Yep I fixed that one. ?

One last question if I may, is it possible on one page to echo out which account a group belongs in, from the required file? Just wondered if that would be easy to do?

Thanks!

@LiLcRaZyFuZzYJan 21.2006 — #what does the required file contain?

isn't the account type present as a session variable?

@DanUKauthorJan 21.2006 — #Hi. ?

The required file contains the groups people are in and is checked against when a 'protected' file is opened, as mentioned above.

Thanks.

@LiLcRaZyFuZzYJan 21.2006 — #hmm, i don't understand your last question

@DanUKauthorJan 22.2006 — #Okay, sorry I'll try to explain a bit clearer.

On NogDog's post there's the contents of the required file, which is arrays of account names.

What I want to do on one page is echo out which groups (i.e. manager, sales, hr, support) the account belongs in.

For example:

Your groups: sales, support

Any ideas? ? Thanks.

@NogDogJan 22.2006 — #Added an optional 3rd parameter which will provide an array of the user's groups:

[code=php]
 function in_group($user, $group, &$member_of = array())
 {
 $groups = array("manager" => array('name1', 'name2', 'name3'),
 "hr" => array('name1'),
 "sales" => array('name1', 'name2', 'name3', 'name4', 'name5'),
 "support" => array('name1', 'name2', 'name3', 'name4', 'name5'));
 foreach($groups as $group => $members)
 {
 if(in_array($user, $members))
 {
 $member_of[] = $group;
 }
 }
 return(in_array($user, $groups[$group]));
 }
 [/code]

Sample usage:

[code=php]
 if(in_group($_SESSION['account'], "manager", $groups))
 {
 echo "<p>You are a valid user and a member of the group(s): ";
 echo implode(", ", $groups);
 echo ".</p>n";
 }
 else
 {
 echo "<p>Danger, Will Robinson! Invalid user!</p>n";
 exit;
 }
 // rest of page....
 [/code]

@DanUKauthorJan 22.2006 — #Thanks so much!

I'm getting an error though...

Parse error: syntax error, unexpected '=', expecting ')' in /home/us/staff/groups.inc.php on line 8

for:

function in_group($user, $group, &$member_of = array())

Also NogDog, where you have "manager", does that mean it will only check users in that array? If so, I will make a new one called "staff" and put every account there. Just wondering what that "manager" bit meant?

Thanks again!

@bathurst_guyJan 22.2006 — #try this then

[code=php]function in_group($user, $group)
 { 
 $member_of = array();
 $groups = array("manager" => array('name1', 'name2', 'name3'), 
 "hr" => array('name1'), 
 "sales" => array('name1', 'name2', 'name3', 'name4', 'name5'), 
 "support" => array('name1', 'name2', 'name3', 'name4', 'name5')); 
 foreach($groups as $group => $members) 
 { 
 if(in_array($user, $members)) 
 { 
 $member_of[] = $group; 
 } 
 } 
 return(in_array($user, $groups[$group])); 
 } 
 [/code]

or this

[code=php]function in_group($user, $group, $member_of = array())
 { 
 $groups = array("manager" => array('name1', 'name2', 'name3'), 
 "hr" => array('name1'), 
 "sales" => array('name1', 'name2', 'name3', 'name4', 'name5'), 
 "support" => array('name1', 'name2', 'name3', 'name4', 'name5')); 
 foreach($groups as $group => $members) 
 { 
 if(in_array($user, $members)) 
 { 
 $member_of[] = $group; 
 } 
 } 
 return(in_array($user, $groups[$group])); 
 } 
 [/code]

@DanUKauthorJan 22.2006 — #Thank you for that. ?

That has fixed the errors, however it's just not working.

An account which is in about 3 groups just gets the

'Danger, Will Robinson! Invalid user!' message, and any account that is in a group gets that.

?

@bathurst_guyJan 22.2006 — #I dont see why if all values are being passed into the funciton in this line[code=php]if(in_group($_SESSION['account'], "manager", $groups))[/code]have you set the session on this new page?

@NogDogJan 22.2006 — #I guess you can't make a reference optional in a function declaration, so the 3rd parameter will have to be required:

[code=php]
 function in_group($user, $group, &$member_of)
 {
 // rest the same
 }
 [/code]

The 2nd param ("manager" in my example) is the group you have to belong to to view that page, while the 3rd param will be an array which will be populated with all of the groups in which the user is a member. If a page is to viewable by two groups, you could do:

[code=php]
 if(in_group($_SESSION['account'], "manager", $groups) or
 in_group($_SESSION['account'], "hr", $groups)) 
 {
 // etc.
 }
 [/code]

@DanUKauthorJan 22.2006 — #Okay cool, thanks NogDog. ?

I'm now getting:

Warning: Missing argument 3 for in_group()

I will also add to the viewgroups.php a 'or' line as you mentioned for every group, because all users will be able to load it (providing they have a login to our staff area which is protected) and then to have each group they are in echo'ed out in the way you described.

Hopefully it will work!!!

Ahh edit. I'm still using:

<i>
 </i>if( ! in_group($_SESSION['account'], "manager") and ! in_group($_SESSION['account'], "hr"))

on top of the pages I'm restricting.

Do I need to add the new style?

@LiLcRaZyFuZzYJan 22.2006 — #charles, why are you using this reference as 3rd argument?

@NogDogJan 22.2006 — #charles, why are you using this reference as 3rd argument?[/QUOTE]
Long explanation:

The 3rd arg is an array which gets populated with each of the groups to which the user is a member. By passing it as a reference, it is sort of like using a global variable for it within the function, as any modifications to it are also available outside of the function. So the function does two things: it returns a true/false as to whether the user is in the specified group (2nd arg) and also provides an array (3rd arg) with all of the user's memberships.

Short explanation:

I've created a monster by making a quick change to an existing function to try to meet "moving target" requirements, instead of starting fresh and doing it right. ?

@NogDogJan 22.2006 — #OO version:

group.php (include file):

[code=php]
 <?php
 class Group
 {
 // Attributes:
 var $groups = array();
 
 // Methods:
 
 // constructor:
 function Group()
 {
 // populate groups with users:
 $this->groups = array("manager" => array("user1",
 "user2",
 "user3"),
 "hr"      => array("user3",
 "user4"),
 "sales"   => array("user2",
 "user5"),
 "support" => array("user1",
 "user6",
 "user7") );
 } // end constructor
 
 // Determine if user is member of at least on of the specified group(s)
 // Usage: in_group("username", "group1[,group2[...,groupn]]");
 function in_group($user, $group)
 {
 $list = explode(",", $group);
 foreach($list as $value)
 {
 if(in_array($user, $this->groups[$value]))
 {
 return(TRUE);  // found it
 }
 }
 return(FALSE);
 } // end in_group()
 
 // return array of groups to which user is a member, or false if not
 // a member of any:
 function get_groups($user)
 {
 $groups = array();
 foreach($this->groups as $key => $value)
 {
 if(in_array($user, $value))
 {
 $groups[] = $key;
 }
 }
 if(count($groups) == 0)
 {
 return(FALSE);
 }
 return($groups);
 } // end get_groups()
 } // end class Group
 ?>
 [/code]

Main file:

[code=php]
 <?php
 // include the class definition:
 require "group.php";
 
 // instantiate class as object $grp:
 $grp = new Group();
 
 // see if we're in manager or support group:
 if($grp->in_group("user1", "manager,support"))
 {
 echo "<p>We're a valid user for this page.</p>n";
 }
 else
 {
 echo "<p>Uh-oh, we're not allowed here.</p>n";
 }
 
 // get a list of groups we're in:
 if(($ourGroups = $grp->get_groups("user1")) !== FALSE)
 {
 echo "<p>We are a member of these groups: " . implode(", ", $ourGroups) . "</p>n";
 }
 else
 {
 echo "<p>We do not belong to any groups.</p>n";
 }
 ?>
 [/code]

@LiLcRaZyFuZzYJan 22.2006 — #We do not belong to any groups[/QUOTE]
haha, poor guys! :p

@DanUKauthorJan 22.2006 — #Hi again!

Sorry to sound dumb with this, this code looks great now!

Where 'user1' is etc, why do I have to state them on the file which tells them what groups they're in?

Can't it just take the session account and find what groups they're in? I wanted everyone to be able to visit this page and find out what groups they're in from the file containing the arrays of groups / names.

TY!

@NogDogJan 22.2006 — #You can do whatever you want with the functions. I was just providing examples of how to call them.

@DanUKauthorJan 22.2006 — #Ok thanks, sorry to make this drag!

So if I wanted to not specify any users, is that possible? so it just takes their account and tells them what groups they're in, so in terms of users all I have to edit is the arrays to add / remove staff?

@NogDogJan 22.2006 — #Just substitute the applicable $_SESSION variable where I used the string literal "user1".

@DanUKauthorJan 22.2006 — #Great, thanks!

Last qu...

at the top of my files which I want restricting, which code should I have?

I have two different ones now.

Thank you so much for your help.

@SheldonJan 22.2006 — #Another way to do this, maybe for some one else interested.

Would be setting a permission session, then in your checking just adding a isset to see if the session permission matches the page permission.

for example

id the database when the user is registered;

perm = "2".

[code=php]
 //when login
 
 $_SESSION['perms'] == $sql_result['perm'];
 
 //when cheking for permission on each page
 if ($_SESSION['perms'] == "1" || $_SESSION['perms'] == "2" || $_SESSION['perms'] == "3") {
 // will let people with these permission settings view the page
 }else{
 echo("You cant view http://".$_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ."<br> I'm sorry");
 }
 
 [/code]

Using this method you can do other things depending on the permission set, such as display extra meny items..... etc....

Then you dont have to add the user names in to the array each time a user register's.

Maybe that will help some one else, or give you ideas.

@DanUKauthorJan 22.2006 — #that code looks good too, but for us this is perfect. ?

NogDog, to just clarify, could you look over this to ensure I have the right idea?

The groups.php which is the required file:

[code=php]
 <?php 
 class Group 
 { 
 // Attributes: 
 var $groups = array(); 
 
 // Methods: 
 
 // constructor: 
 function Group() 
 { 
 // populate groups with users: 
 $this->groups = array("manager" => array("user1", 
 "user2", 
 "user3"), 
 "hr"      => array("user3", 
 "user4"), 
 "sales"   => array("user2", 
 "user5"), 
 "support" => array("user1", 
 "user6", 
 "user7") ); 
 } // end constructor 
 
 // Determine if user is member of at least on of the specified group(s) 
 // Usage: in_group("username", "group1[,group2[...,groupn]]"); 
 function in_group($user, $group) 
 { 
 $list = explode(",", $group); 
 foreach($list as $value) 
 { 
 if(in_array($user, $this->groups[$value])) 
 { 
 return(TRUE);  // found it 
 } 
 } 
 return(FALSE); 
 } // end in_group() 
 
 // return array of groups to which user is a member, or false if not 
 // a member of any: 
 function get_groups($user) 
 { 
 $groups = array(); 
 foreach($this->groups as $key => $value) 
 { 
 if(in_array($user, $value)) 
 { 
 $groups[] = $key; 
 } 
 } 
 if(count($groups) == 0) 
 { 
 return(FALSE); 
 } 
 return($groups); 
 } // end get_groups() 
 } // end class Group 
 ?> 
 [/code]

then for the 'viewgroups.php' - where people can see which groups they belong to...

[code=php]
 All our other header stuff and html.
 
 <?php
 // include the class definition: 
 require "group.php"; 
 
 // get a list of groups we're in: 
 if(($ourGroups = $grp->get_groups($_SESSION['account'])) !== FALSE) 
 { 
 echo "<p>We are a member of these groups: " . implode(", ", $ourGroups) . "</p>n"; 
 } 
 else 
 { 
 echo "<p>We do not belong to any groups.</p>n"; 
 }
 ?>
 
 All our other html and footer stuff.
 [/code]

For the files we're simply protecting to certain groups, and don't want info about which groups they belong to:

[code=php]
 <?php 
 // include the class definition: 
 require "group.php"; 
 
 // instantiate class as object $grp: 
 $grp = new Group(); 
 
 // see if we're in manager or support group: 
 if($grp->in_group("$_SESSION['account']", "manager,support")) 
 { 
 ?>
 
 The HTML here that they're allowed to see.
 
 <?php
 } 
 else 
 { 
 echo "<p>Uh-oh, we're not allowed here.</p>n"; 
 } 
 ?>
 [/code]

@DanUKauthorJan 23.2006 — #Any idea if the above is ok? wanted to confirm before changing over all the code and mucking it up !!

Thanks. ?

@DanUKauthorJan 25.2006 — #?

@NogDogJan 26.2006 — #Looks OK to me, but I never bet the house and farm on any code until I've actually tested it. ?

Also in #PHP _↴

Truncating Paginated Page Numbers php header infinite loop How to generate link in php or javascript

Success!

Help @DanUK spread the word by sharing this article on Twitter...

Tweet This

Restricting files to certain users?

33 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Restricting files to certain users?

33 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

33 Comments(s) _↴

Also in #PHP _↴