Using

pettsogn

Hi.

Does anyone know if its possible to deny/grant useraccess to certain areas by using the full url like this?:

URL = http://mysite/foum/show_forum.php?id=3

$Groupid = 3

If it does, how? If not, does anyone know the proper way?

Thanks!

Please excuse my bad language, its 3am here now, and i'm having the most incredible headache... 😛

LoganK

I'm confused a bit by your post...if the group ID is in the URL, why not use a simple if...else statement to deny/grant access to the page?

// ex. page.php?id=3

if ($_GET['id'] == 3)
{
     echo "Access granted";
}
else
{
     echo "Access denied";
}

Alternatively what you could do is use an include() statement instead of echoing the entire page. Like include("restrictedPage.php"). Just make sure to put something to restrict users from going directly to that page, like a constant which must be defined.

pettsogn

yeah, sorry about the last post... 😛

The thing is that i'm comparing to different tables, "userid" and "forum_id" and i dont know the $ for 'forum_id'...

pettsogn

I think i'm going for your last solution there.. Couldn't get the first to work.. :S and i've tried a lot..

But can u tell me how i restrict users from going dircetly to that file? didnæt get that constant thing..

thanks

planetsim

Its impossible from within your web root. However if you can have the files located outside e.g. webroot = /home/uname/public_html (where the php/html files are stored)

If we have them in say /home/uname/myfiles then unless they have access to the server they shouldnt be able to access them directly.

pettsogn

ok, but they are supposed to view the page when it's icluded, so i guess it wont work then...

leatherback

Hi,

Have a look at the $_server variables. One of them, checks the called filename. You can check whether the called filename is correct. If they directly try to acces the script, the called filename would be wrong.

Or you can create a folder script_includes or something, and call all the include files from there. You can limit acces to that folder using an .htacces script.

(I actually use a combination of both, since I do not trust the provider with my .htacces file.. Theyu modify servers too often..
J.

pettsogn

ok, but where do i find $_server variables?

Weedpacket

http://www.php.net/manual/en/reserved.variables.php#reserved.variables.server

LoganK

$SERVER variables are just that - $SERVER['name_of_parameter']. But what I meant by a constant is that in the file which is including other files, define a constant at the top of the file, like INCLUDE. Then on every page which is included (and shouldn't be directly accessible), check to make sure the INCLUDE constant is defined. If it is, then the page was included, and you can let the page be shown. Otherwise, it was directly accessed, and you could die() with an error message to the user.

Page which includes others:

define("__INCLUDE", true);

Page to be included (restrictedContent.php):

if (!defined("__INCLUDED"))
     die("Direct access to this script is not allowed.");

leatherback

Hi Logan -> Sexy.

Think I'll start doing that from now on.. Lot shorter then my script!

LoganK

Thanks for the review and comment...although we're both guys...😉

leatherback

Hehe,

I am dutch&open-minded.

And.. in case you are a bit intimidated & confused.. I meant the code.
😃

LoganK

I understand now 🙂

/me is embarrased

pettsogn

Thanks for the replies! 🙂

In the file that includes the forum i put this at the top of my page (forum.php):

<?php
define("__INCLUDE", true);
?>

And on the page that's being included i put this (main_header.php):

<?php
if (!defined("__INCLUDED"))
die("Direct access to this script is not allowed.");
?>

both files are in the same folder.

But now i cant access forum.php... i get the same message (cant access....) as if i'm trying to access main_header.php... :S

LoganK

Try doing the same thing, but eliminate everything else in the forum.php. Example: create a test.php and include.php. Define the constant in test.php and include include.php. Once you make sure that works, then you go on to debug forum.php step by step.

Sorry, but I can't do much more without any code.

Hope this helps!

pettsogn

ok ,thanks! i'll try that!

halojoy

...... define("INCLUDE", true);
if (!defined("INCLUDED"))
die("Direct access to this script is not allowed.");

hmmmm .........

LoganK

Simply a typo... 🙂

pettsogn, if you see this be sure to change the code to use the same constants!