Prevent form running for one particular user 
June 23rd, 2009, 07:15 AM
| | Familiar Sight | | Join Date: Nov 2006
Posts: 159
| |
Hi,
hope this is in the right topic...
Running php5 on apache. I've setup a site where people can login as "demo", "demo" and play around with the functions of the site. Part of the functionality involves uploading files, deleting/editing using standard form fields and storing data in Mysql.
I want people *not* to be able to delete things, or upload files bigger than 100KB when they're logged in as "demo". I'm wondering if there's a much easier way to accomplish this, than doing what's below with *every* place where data is added/deleted/updated (which is a lot of places). -
if($user=="demo")
-
{
-
echo "Sorry. You cannot delete things in demo mode. Please continue to look around.";
-
}
-
else
-
{
-
// Do whatever normal stuff happens with the data
-
}
-
I was thinking of having a session variable which might restrict these things without having to alter the code on every page. Would that work?
I would appreciate any examples of how I could do this. Thanks.
|
June 23rd, 2009, 09:12 PM
|  | Expert | | Join Date: Dec 2007 Location: Moon, Dark Side
Posts: 1,075
| | | re: Prevent form running for one particular user
Usually when I build large application with various user rights and permissions, I created user "roles". In this case the demo user would have a guest role or lowest role.
I design my app from the get-go with this in mind.
Another thing you can do is have switches for the various functionality to turn them off an on based on a config file. In your demo install, you would turn these off.
In summary, no you cannot escape this problem without making code changes, but I hope you learned a lesson for the next time. :)
Cheers,
Dan
|
June 23rd, 2009, 09:19 PM
|  | Moderator | | Join Date: Jun 2007 Location: York, England, with wolves.
Posts: 4,859
Provided Answers: 9 | | | re: Prevent form running for one particular user
Assuming you have some roles/permissions set up, simply store the access level in their session. Anywhere that requires a specific access level, check it, and act on it appropriately. -
// User signs in.
-
$_SESSION['access_level'] =$user->access_level;
-
-
// Only certain people can delete.
-
function delete() {
-
if($_SESSION['access_level'] < 4) {
-
return;
-
}
-
-
// Do delete
-
}
-
|
June 24th, 2009, 12:16 AM
| | Familiar Sight | | Join Date: Nov 2006
Posts: 159
| | | re: Prevent form running for one particular user
Thanks Markus for your code example. Dan, could you please say a little more about the config file idea? What does it involve?
Thanks Quote:
Originally Posted by dlite922  Another thing you can do is have switches for the various functionality to turn them off an on based on a config file. In your demo install, you would turn these off. | |
June 24th, 2009, 12:26 AM
| | Expert | | Join Date: Dec 2007 Location: Moon, Dark Side
Posts: 1,075
| | | re: Prevent form running for one particular user
All it involves is include() a php file that has constants in it.( define(UPLOAD_ON,true); // or false
In the code you say if (UPLOAD_ON) do upload, else echo "can't upload";
That's all.
Then when you install your site on a server you change this config file and change the values based on that install. (if the users don't have access to this file, ie they're not the owner of the site, which I think what your Demo scenario is)
Dan
|
June 24th, 2009, 12:30 AM
| | Familiar Sight | | Join Date: Nov 2006
Posts: 159
| | | re: Prevent form running for one particular user
Right. I understand what you've said, but doesn't this just get me back to where I started, of still having to have an if statement at every point on the site where a decision is to be made? That's what I was trying to avoid... (unless I've misunderstood) Quote:
Originally Posted by dlite922 All it involves is include() a php file that has constants in it.( define(UPLOAD_ON,true); // or false
In the code you say if (UPLOAD_ON) do upload, else echo "can't upload";
That's all.
Then when you install your site on a server you change this config file and change the values based on that install. (if the users don't have access to this file, ie they're not the owner of the site, which I think what your Demo scenario is)
Dan | |
June 24th, 2009, 04:42 PM
| | Expert | | Join Date: Dec 2007 Location: Moon, Dark Side
Posts: 1,075
| | | re: Prevent form running for one particular user
Quote:
Originally Posted by beary Right. I understand what you've said, but doesn't this just get me back to where I started, of still having to have an if statement at every point on the site where a decision is to be made? That's what I was trying to avoid... (unless I've misunderstood) | Yes, if you go back, I stated: Quote: |
Originally Posted by dlite922 no you cannot escape this problem without making code changes | If you want your program to behave. You can disable the upload functionality (for example) by changing the permissions so that the program "breaks" and doesn't successfully upload. This is hardly the type of thing you want to show in a demo though.
Dan
|  |
| | |  /bytes/about
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over 225,662 network members.
|
