Hello! Okay, big question for you. I really hope I’m going to explain it properly and fully for you to understand. ?
I will appreciate any help you can provide me with this.
Okay, just to introduce the current setup, I have a staff area which is restricted, and has a PHP login system, which in turn sends our a PHP session stating an account name (of [b]$_SESSION[‘account’];
What I want to do now, is restrict certain pages within that staff area to certain account names, but because I want to do this on multiple ones… here is what I’d like to happen.
On a ‘groups.php’ I’d like to state arrays for about 3 groups, each containing account names – some of these account names need to be used in other groups too (for people that belong to more than just 1).
I was wondering then if on the pages I want to restrict to certain groups, I can use a same if statement to check if their username belongs in that group, and if so, allow them to see the page, or if not to echo out a message of ‘Sorry, you do not have permissions to view this page’?)
Example groups.php:
[code]
$manager = array(‘name1’, ‘name2’, ‘name3’);
$hr = array(‘name1’);
$sales = array(‘name1’, ‘name2’, ‘name3’, ‘name4’, ‘name5’);
$support = array(‘name1’, ‘name2’, ‘name3’, ‘name4’, ‘name5’);
Any help with this would be appreciated! Thank you.
[code=php]
function in_group($user, $group)
{
$groups = array("manager" => array('name1', 'name2', 'name3'),
"hr" => array('name1'),
"sales" => array('name1', 'name2', 'name3', 'name4', 'name5'),
"support" => array('name1', 'name2', 'name3', 'name4', 'name5'));
return(in_array($user, $groups[$group]));
}
[/code]
[code=php]
require "include_file.php";
if( ! in_group($_SESSION['account'], "manager") )
{
// output "not allowed" message
}
else
{
// display the page
}
[/code]
[code=php]
<?php
include_once('/home/us/staff/protect.php');
include_once('/home/us/staff/header.php');
require "/home/us/staff/include_file.php";
if( ! in_group($_SESSION['account'], "manager") )
{
// output "not allowed" message
}
else
{
?>
The HTML content here.
<?php
}
include_once('/home/us/staff/footer.php');
?>
[/code]
[code=php]
if( ! in_group($_SESSION['account'], "manager") and ! in_group($_SESSION['account', "hr"))
{
// output "not allowed" message
}
else
{
// display the page
}
[/code]
[code=php]
if( ! in_group($_SESSION['account'], "manager") and ! in_group($_SESSION['account', "hr"))
{
// output "not allowed" message
}
else
{
// display the page
}
[/code]
[/QUOTE]
in_group($_SESSION['account'[B]][/B], "hr"))
[code=php]
function in_group($user, $group, &$member_of = array())
{
$groups = array("manager" => array('name1', 'name2', 'name3'),
"hr" => array('name1'),
"sales" => array('name1', 'name2', 'name3', 'name4', 'name5'),
"support" => array('name1', 'name2', 'name3', 'name4', 'name5'));
foreach($groups as $group => $members)
{
if(in_array($user, $members))
{
$member_of[] = $group;
}
}
return(in_array($user, $groups[$group]));
}
[/code]
[code=php]
if(in_group($_SESSION['account'], "manager", $groups))
{
echo "<p>You are a valid user and a member of the group(s): ";
echo implode(", ", $groups);
echo ".</p>n";
}
else
{
echo "<p>Danger, Will Robinson! Invalid user!</p>n";
exit;
}
// rest of page....
[/code]
[code=php]function in_group($user, $group)
{
$member_of = array();
$groups = array("manager" => array('name1', 'name2', 'name3'),
"hr" => array('name1'),
"sales" => array('name1', 'name2', 'name3', 'name4', 'name5'),
"support" => array('name1', 'name2', 'name3', 'name4', 'name5'));
foreach($groups as $group => $members)
{
if(in_array($user, $members))
{
$member_of[] = $group;
}
}
return(in_array($user, $groups[$group]));
}
[/code]
or this[code=php]function in_group($user, $group, $member_of = array())
{
$groups = array("manager" => array('name1', 'name2', 'name3'),
"hr" => array('name1'),
"sales" => array('name1', 'name2', 'name3', 'name4', 'name5'),
"support" => array('name1', 'name2', 'name3', 'name4', 'name5'));
foreach($groups as $group => $members)
{
if(in_array($user, $members))
{
$member_of[] = $group;
}
}
return(in_array($user, $groups[$group]));
}
[/code]
[code=php]if(in_group($_SESSION['account'], "manager", $groups))[/code]
have you set the session on this new page?[code=php]
function in_group($user, $group, &$member_of)
{
// rest the same
}
[/code]
[code=php]
if(in_group($_SESSION['account'], "manager", $groups) or
in_group($_SESSION['account'], "hr", $groups))
{
// etc.
}
[/code]
<i>
</i>if( ! in_group($_SESSION['account'], "manager") and ! in_group($_SESSION['account'], "hr"))
charles, why are you using this reference as 3rd argument?[/QUOTE]
[code=php]
<?php
class Group
{
// Attributes:
var $groups = array();
// Methods:
// constructor:
function Group()
{
// populate groups with users:
$this->groups = array("manager" => array("user1",
"user2",
"user3"),
"hr" => array("user3",
"user4"),
"sales" => array("user2",
"user5"),
"support" => array("user1",
"user6",
"user7") );
} // end constructor
// Determine if user is member of at least on of the specified group(s)
// Usage: in_group("username", "group1[,group2[...,groupn]]");
function in_group($user, $group)
{
$list = explode(",", $group);
foreach($list as $value)
{
if(in_array($user, $this->groups[$value]))
{
return(TRUE); // found it
}
}
return(FALSE);
} // end in_group()
// return array of groups to which user is a member, or false if not
// a member of any:
function get_groups($user)
{
$groups = array();
foreach($this->groups as $key => $value)
{
if(in_array($user, $value))
{
$groups[] = $key;
}
}
if(count($groups) == 0)
{
return(FALSE);
}
return($groups);
} // end get_groups()
} // end class Group
?>
[/code]
[code=php]
<?php
// include the class definition:
require "group.php";
// instantiate class as object $grp:
$grp = new Group();
// see if we're in manager or support group:
if($grp->in_group("user1", "manager,support"))
{
echo "<p>We're a valid user for this page.</p>n";
}
else
{
echo "<p>Uh-oh, we're not allowed here.</p>n";
}
// get a list of groups we're in:
if(($ourGroups = $grp->get_groups("user1")) !== FALSE)
{
echo "<p>We are a member of these groups: " . implode(", ", $ourGroups) . "</p>n";
}
else
{
echo "<p>We do not belong to any groups.</p>n";
}
?>
[/code]
[code=php]
//when login
$_SESSION['perms'] == $sql_result['perm'];
//when cheking for permission on each page
if ($_SESSION['perms'] == "1" || $_SESSION['perms'] == "2" || $_SESSION['perms'] == "3") {
// will let people with these permission settings view the page
}else{
echo("You cant view http://".$_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ."<br> I'm sorry");
}
[/code]
[code=php]
<?php
class Group
{
// Attributes:
var $groups = array();
// Methods:
// constructor:
function Group()
{
// populate groups with users:
$this->groups = array("manager" => array("user1",
"user2",
"user3"),
"hr" => array("user3",
"user4"),
"sales" => array("user2",
"user5"),
"support" => array("user1",
"user6",
"user7") );
} // end constructor
// Determine if user is member of at least on of the specified group(s)
// Usage: in_group("username", "group1[,group2[...,groupn]]");
function in_group($user, $group)
{
$list = explode(",", $group);
foreach($list as $value)
{
if(in_array($user, $this->groups[$value]))
{
return(TRUE); // found it
}
}
return(FALSE);
} // end in_group()
// return array of groups to which user is a member, or false if not
// a member of any:
function get_groups($user)
{
$groups = array();
foreach($this->groups as $key => $value)
{
if(in_array($user, $value))
{
$groups[] = $key;
}
}
if(count($groups) == 0)
{
return(FALSE);
}
return($groups);
} // end get_groups()
} // end class Group
?>
[/code]
[code=php]
All our other header stuff and html.
<?php
// include the class definition:
require "group.php";
// get a list of groups we're in:
if(($ourGroups = $grp->get_groups($_SESSION['account'])) !== FALSE)
{
echo "<p>We are a member of these groups: " . implode(", ", $ourGroups) . "</p>n";
}
else
{
echo "<p>We do not belong to any groups.</p>n";
}
?>
All our other html and footer stuff.
[/code]
[code=php]
<?php
// include the class definition:
require "group.php";
// instantiate class as object $grp:
$grp = new Group();
// see if we're in manager or support group:
if($grp->in_group("$_SESSION['account']", "manager,support"))
{
?>
The HTML here that they're allowed to see.
<?php
}
else
{
echo "<p>Uh-oh, we're not allowed here.</p>n";
}
?>
[/code]
0.1.9 — BETA 6.16