I am attempting to restrict access to pages according to groups the users are members of as specified in the database. I have registered the username as a session variable but am having a problem extracting the access rights identifier. Here is some of the code I am trying:
This code is on the page I wish to restrict:
session_start();
session_register("valid_user");
$rights = valid_rights($valid_user);
if ($rights == "false")
{
do_html_header("Access Denied:");
echo "You do not have the proper access rights to view this page.";
do_html_url("main_menu.php", "Main Menu");
do_html_footer();
exit;
}
This code fragment calls a user defined function from another page using the variable $valid_user which "is" carrying a value.
Here is the function I am trying to call:
function valid_rights($valid_user)
{
$conn = db_connect();
$result = pg_exec($conn, "select rights from users where name='$valid_user'");
if ($result = 2) // 2=admin 1=user in the rights column of the database
return true;
else
return false;
}
update(10.11.01)
The function is returning a value, however it is only the value 1. No matter who I logon as, admin or user, it returns a 1. Is there something wrong with my return statments. Ive also tried to specify a number to return (2 if $result=2, else return 1), that only returns a 2 in either case. Any ideas guys?
Post(10.10.01)
Im concered that (one) my sql query may not be right and Im not getting a result back. Or (two) Im just on the wrong track altogether. Im attempting to have the page I wish to restrict to call this function, have the function extract the users access rights and return a true or false, then with the !valid_rights function call determine wether or not that user can access this page, Im assuming a return of false = not and true = "yes". Based on that return, Ill display and access denied message and exit the script, or go on to display the page. Right now it just displays the page no matter what "group" the user is part of.
Any ideas? Thanks in advance for your help.
