Securing a included file

ShawnK

In my new site I have 3 access levels 0,1, 2:

0:
anonymous user:
no access at all...any page they goto redirects to the login page

1:
normal user:
can access all pages...they can add/edit thier own news posts,
photos, message board posts, and calender dates.

2:
admin:
same as normal users AND can edit/add/del users, and edit all of the above.

I also have another db field (status),

0:
banned user:
no access at all

1:
active user:
normal access

On my template page I include a navagation bar, and in that nav bar I have this code:


blah blah
normal user's nav bar

<?php

dbStart();
dbArray("SELECT level FROM users WHERE id=$_SESSION[id]");

if($_SESSION[level] == $dbReturn[level] && $_SESSION[level] == "2"){
?>

blah blah
admin nav bar

<?
}
?>

<b>note</b>:
dbStart() - connects and selects DB
dbArray() - takes the query and turns it into an array : $dbReturn

Is this secure enough?

Ceril

Ummm.... Why on earth do you place a query for rights in the middle of the page?

I would simply:
<?PHP
start session
connect to database
validate session/update timestamps/get permissions

And then:

?>
User Nav Bar

<?PHP
if($_SESSION["level"]==2)
{
?>
Admin Nav Bar
<?PHP
}
?>

So Yes, all in all it is safe. Except I dislike extra code in the middle of a page

PHPMagician

It appears secure, but obviously that only stops the appearance of the GUI to access admin controls - if you don't do security checks on each control then you are vulnerable. The thing with security is that is only takes one thing to be validated incorrectly (or not to be validated at all), and then otherwise secure code is pointless. I remember forum software I found a vulneribility in which had admin functions. They were included into the index.php file, if the user had enough privalleges. The included files could not be accessed directly - if they could the functionality of the files could be used maliciously. It was secure enough - but an include was not validated correctly, and so the admin files could be loaded via index.php before an authorisation on the user occured allowing admin functions to be carried out by any tom, dick and harry. This is common enough mistake.

So while this particular code is secure (or at a glance appears so), with out us knowing all the input which originated before the session, we can't tell if it is secure. At the moment, even if you showed the graphical interface to everyone it would have no immediate consequences, it is only display, no functionality. However, if the rest of the admin functionality is not secured, then you have problems.

RossC0

I agree with PHPMagician.

A good idea is to keep sensitive files off the webroot, so they can only be called locally. Ensure your security checks are done as soon as logically possible,

A good access and control class / library is gacl: = GACL =

I've used this library for securing my site / content and have found it robust and quick.

This library has been used for numerous projects - so check that out or keep it in mind for future projects ;-)

ShawnK

Thanks for the input. At the start of all my files I have:

<?php

session_start();
@require("core.php") OR die("File Not Found");
$pageLevel = "##";

And that number determines who can see the page, 0 being anonymous and 10 being full admin.