I am attempting to restrict access to pages according to groups the users and members of as specified in the database. I have registered the username as a session variable but am having a problem extracting the access rights identifier. Here is some of the code I am trying:
This code is on the page I wish to restrict:
session_start();
session_register("valid_user");
if (!valid_rights($valid_user))
{
do_html_header("Access Denied:");
echo "You do not have the proper access rights to view this page.";
do_html_url("main_menu.php", "Main Menu");
do_html_footer();
exit;
}
This code fragment calls a user defined function from another page using the variable $valid_user.
Here is the function I am trying to call:
function valid_rights($valid_user)
{
$conn = db_connect();
$result = pg_exec("select rights from users where name='$valid_user'");
if ($result != 2)
return false;
else
return true;
}
Im concered that (one) my sql query may not be right and Im not getting a result back. Or (two) Im just on the wrong track altogether. Im attempting to have the page I wish to restrict to call this function, have the function extract the users access rights and return a true or false, then with the !valid_rights function call determine wether or not that user can access this page, Im assuming a return of false = not and true = "yes". Based on that return, Ill display and access denied message and exit the script, or go on to display the page. Right now it just displays the page no matter what "group" the user is part of.
Any ideas? Thanks in advance for your help.
