Prevent form running for one particular user

beary

Hi,

hope this is in the right topic...

Running php5 on apache. I've setup a site where people can login as "demo", "demo" and play around with the functions of the site. Part of the functionality involves uploading files, deleting/editing using standard form fields and storing data in Mysql.

I want people *not* to be able to delete things, or upload files bigger than 100KB when they're logged in as "demo". I'm wondering if there's a much easier way to accomplish this, than doing what's below with *every* place where data is added/deleted/updated (which is a lot of places).

Expand|Select|Wrap|Line Numbers

 
if($user=="demo")

{

echo "Sorry. You cannot delete things in demo mode. Please continue to look around.";

}

else

{

// Do whatever normal stuff happens with the data

}

I was thinking of having a session variable which might restrict these things without having to alter the code on every page. Would that work?

I would appreciate any examples of how I could do this. Thanks.

dlite922

Usually when I build large application with various user rights and permissions, I created user "roles". In this case the demo user would have a guest role or lowest role.

I design my app from the get-go with this in mind.

Another thing you can do is have switches for the various functionality to turn them off an on based on a config file. In your demo install, you would turn these off.

In summary, no you cannot escape this problem without making code changes, but I hope you learned a lesson for the next time. :)

Cheers,

Dan

Markus

Assuming you have some roles/permissions set up, simply store the access level in their session. Anywhere that requires a specific access level, check it, and act on it appropriately.

Expand|Select|Wrap|Line Numbers

 
// User signs in.

$_SESSION['access_level'] =$user->access_level;
 
// Only certain people can delete.

function delete() {

    if($_SESSION['access_level'] < 4) {

        return;

    }
 
     // Do delete

}

beary

Thanks Markus for your code example. Dan, could you please say a little more about the config file idea? What does it involve?

Thanks

Quote:

Originally Posted by dlite922

Another thing you can do is have switches for the various functionality to turn them off an on based on a config file. In your demo install, you would turn these off.

dlite922

All it involves is include() a php file that has constants in it.( define(UPLOAD_ON,true); // or false

In the code you say if (UPLOAD_ON) do upload, else echo "can't upload";

That's all.

Then when you install your site on a server you change this config file and change the values based on that install. (if the users don't have access to this file, ie they're not the owner of the site, which I think what your Demo scenario is)

Dan

beary

Right. I understand what you've said, but doesn't this just get me back to where I started, of still having to have an if statement at every point on the site where a decision is to be made? That's what I was trying to avoid... (unless I've misunderstood)

Quote:

Originally Posted by dlite922

All it involves is include() a php file that has constants in it.( define(UPLOAD_ON,true); // or false

In the code you say if (UPLOAD_ON) do upload, else echo "can't upload";

That's all.

Then when you install your site on a server you change this config file and change the values based on that install. (if the users don't have access to this file, ie they're not the owner of the site, which I think what your Demo scenario is)

Dan

dlite922

Quote:

Originally Posted by beary

Right. I understand what you've said, but doesn't this just get me back to where I started, of still having to have an if statement at every point on the site where a decision is to be made? That's what I was trying to avoid... (unless I've misunderstood)

Yes, if you go back, I stated:

Quote:

Originally Posted by dlite922

no you cannot escape this problem without making code changes

If you want your program to behave. You can disable the upload functionality (for example) by changing the permissions so that the program "breaks" and doesn't successfully upload. This is hardly the type of thing you want to show in a demo though.

Dan

Prevent form running for one particular user

re: Prevent form running for one particular user

re: Prevent form running for one particular user

re: Prevent form running for one particular user

re: Prevent form running for one particular user

re: Prevent form running for one particular user

re: Prevent form running for one particular user

Similar PHP bytes

/bytes/development

/bytes/it

/bytes/about