By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,636 Members | 1,693 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,636 IT Pros & Developers. It's quick & easy.

what is the code that to block certain user to acess the certain page

P: 65
Dear all,

in my application, after user login with their password then some user just can view certain page and some page is confidential. What is the command that i need to add in?
Aug 23 '07 #1
Share this Question
Share on Google+
10 Replies


pbmods
Expert 5K+
P: 5,821
Heya, Wish.

Have a look at this thread.
Aug 23 '07 #2

Atli
Expert 5K+
P: 5,058
That is much more complicated than just entering a single command and nobody can answer that except the one who designed the application. Not without looking through the code, at least.

Did you design this application yourself?
Aug 23 '07 #3

ak1dnar
Expert 100+
P: 1,584
Dear all,

in my application, after user login with their password then some user just can view certain page and some page is confidential. What is the command that i need to add in?
As I feel there is no ready-made command for this.Have to Hard code them.

The way you should code, will depend on the design of the application.

If I am suggesting a way for this, you can do something similar to this.
With the user credentials you can assign a some privileges to the account.
As a example say there are two users Named user1, user2. And we will add this user1 to Level1 users and user2 to the Level2 users.
So this Level1 and Level2 is something like a Group who have the different privileges of the Application.

So we will say there are 5 Pages of your Application. And for Level1 users I am giving the Access to all the pages. For Level2 Only Page1,2.
So You Have to Start these on the Database Level.

So This only a Example. Coding is Up to you.

[More: If this is unclear please feel free to ask]
Aug 23 '07 #4

P: 65
Hi Ajaxrand;

let say i have one table is keep the user limitation
cos same level user doesn't mean the user can view the thing as manager if both of them is manager.

i remember that in asp i can use the "HTTP REFER" to check flow of the page like login.php then should go to menu.php..can't go directly to menu.php.In PHP, got such command?
Aug 23 '07 #5

nathj
Expert 100+
P: 938
Hi Ajaxrand;
i remember that in asp i can use the "HTTP REFER" to check flow of the page like login.php then should go to menu.php..can't go directly to menu.php.In PHP, got such command?

Hi wish,

The quivalent in PHP is $_SERVER['HTTP_REFERER'].

However, this in itself is not very secure, it is essentially checking user entered data so if you use it to see where theuser has come from you would need other checks as well to ensure it is all valid and correct.

Cheers
nathj
Aug 23 '07 #6

ReekenX
P: 3
Its very simple. Just add to user table column "access" and write here permissions. Then, when page will load, check if user have these permissions before :)
Aug 23 '07 #7

ak1dnar
Expert 100+
P: 1,584
Hi Ajaxrand;

let say i have one table is keep the user limitation
cos same level user doesn't mean the user can view the thing as manager if both of them is manager.

i remember that in asp i can use the "HTTP REFER" to check flow of the page like login.php then should go to menu.php..can't go directly to menu.php.In PHP, got such command?
My Previous post is about role based user privileges.As I feel in your application you need to assign different type of access levels(Pages Here) for the same Level of users it self.

We will try like this;

In the Table where you have stored user Credentials, add the another column named allowed pages. Then when user logs in to the application get the allowed pages for the user from the column and store them in the array for allowed pages.
Then Once user accessing a certain page get the name of the page and check whether that page is on the allowed pages array.Based on the condition set the privilages as this example

page1.php

Expand|Select|Wrap|Line Numbers
  1. // only the pages listed here in the array can be accessed and this Array elements shpoul comes to this place from the database table. as I said ealier.
  2. // any other pages will result in error or redirect to another error page.
  3.  
  4. $allowedPages = array('page1.php', 'page2.php', 'page3.php');
  5.  
  6. // assign the name of the Current page here $thisPage 
  7. $thisPage='page1.php';           
  8. if (in_array($thisPage, $allowedPages)) {
  9. //  Can Access 
  10. }else{
  11. //  Can't Access
  12. }
Aug 23 '07 #8

P: 65
One more question,

how to i know the user at which page(e.g. page1.php)? Or how to i detect the user direction and location?
Aug 24 '07 #9

nathj
Expert 100+
P: 938
One more question,

how to i know the user at which page(e.g. page1.php)? Or how to i detect the user direction and location?
Use $_SERVER['SCRIPT_NAME'] to tell you where you are. this will return the page you are on and the subdirectory if it is in one.

For more information read up on the $_SERVER array

Cheers
nathj
Aug 24 '07 #10

pbmods
Expert 5K+
P: 5,821
Heya, Wish.

$_SERVER['SCRIPT_NAME'] is fine for now, but once you want to start working on site security, you'll want to use basename(__FILE__) instead, as most of the $_SERVER variables can be spoofed.
Aug 24 '07 #11

Post your reply

Sign in to post your reply or Sign up for a free account.