php - User permissions custom cms -


looking advice on current setup , if there better approach (this first attempt @ building app this) @ point need user roles, 2 user , admin.

i have users table , groups table , join table takes id users table , id groups table , can allocate group user belongs too.

i wanting set way couple of things, prevent 'users' accessing admin area typing in url /admin/index.php , show link on index page if admin , not see it if normal user.

here code demonstrate can show users role title struggling @ point:

<?php $user = $_session['user'];     try{         $results = $dbh->query("select *                                 groups                                 inner join user_group_link_table                                 on groups.id = user_group_link_table.group_id                                 user_group_link_table.user_id = $user");  }catch(exception $e) {     echo $e->getmessage();     die(); }  $group = $results->fetchall(pdo::fetch_assoc);  foreach($group $groups){    echo         $groups["name"]       // show link admins user not see?     ;} ?>

i wondering if approach totally wrong?

update

<? include('session.php'); if (!isset($_session['user'])) {   header("location: index.php"); } if(!ini_get('date.timezone')) {     date_default_timezone_set('gmt'); } // include file admin pages $isadmin = false; foreach($group $groups){     if($groups['name'] === 'admin'){         $isadmin = true;         break;     } }  if(!$isadmin){     header('location: index.php'); // or other arbitrary location     die(); } ?>

and error:

notice: undefined variable: group in /applications/mamp/htdocs/dashboardr v3.2.3/admin/header.php on line 12

warning: invalid argument supplied foreach() in /applications/mamp/htdocs/dashboardr v3.2.3/admin/header.php on line 12

i wanting set way couple of things, prevent 'users' accessing admin area typing in url /admin/index.php , show link on index page if admin , not see it if normal user.

i'll give solution that'll work in current setup; it's not the way go, i'll job done now. if you're worried user being in specific role, you're better off specifying role in query rather iterating through potential roles.

// include file admin pages $isadmin = false; foreach($group $groups){     if($groups['name'] === 'admin'){         $isadmin = true;         break;     } }  if(!$isadmin){     header('location: index.php'); // or other arbitrary location     die; }

you'll want place @ top of page, before spit out kind of html.


Comments

Post a Comment

Popular posts from this blog

angularjs - ADAL JS Angular- WebAPI add a new role claim to the token -

i have created angular spa webapi backend using adal js authentication.as there no roles in ad, need manually add role claims in order give users access different api controllers. the roles stored in database. expecting inject claim through call webapi after authentication ad. webapi code might this. identity.addclaim(new claim("role", "user")); var ticket = new authenticationticket(identity, props); var accesstoken = startup.oauthbeareroptions.accesstokenformat.protect(ticket); is possible replace adal idtoken new token? is viable solution or there other better way handle this? as initial token generated azuread, possible edit token add new claim? appreciated. graph api supporting group claims. see here: http://justazure.com/azure-active-directory-part-4-group-claims/ if @ examples on page, users assigned groups , app can check group in claims. in current version of portal, need app manifest , modify it.
Read more

php - CakePHP HttpSockets send array of paramms -

i problem when make request (i can request). $link = 'http://uri/path/?param1=1&sid=2&sid=3&sid=4' $http = $httpsocket = new httpsocket(); $res = $httpsocket->get($link); if check request pr($http); i see : [line] => /url/path/?param1=1&sid%5b0%5d=2&sid%5b1%5d=3&sid%5b2%5d=4 http/1.1 and i'm getting empty response because server doesn't know parameters sid%5b0%5d=2 when try send parameters array : $data = array('param1' => '1', 'sid' => array('2','3', '4')); i see same changes %5b0%5d - additional indexes. how fix it? unfortunately , can not change server side, if send request in browser, i'll normal response in json format. when make request, can parameters this: $param1 = $_get['param1']; $sid= $_get['sid']; tip: use diferente names parameters. have multiples sid. use sid1, sid2, sid3... update: can parameters this:
Read more

node.js - Using Node without global install -

i'm working on few node & electron (atom shell) projects , i'm curious how them work without user having install node globally. i've seen few applications including node directory in project contains node.exe binary. how go setting node project use binary? edit: thought should add, i've searched everywhere answer this, unrelated results.
Read more