Home/ Questions/Q 8255895
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T01:41:04+00:00

I’ve got a make-do page authenticator which defines what usergroups are allowed to access

  • 0

I’ve got a “make-do” page authenticator which defines what usergroups are allowed to access that page, however, some of my scripts allow the user to pass if that page is, say, his user edit page but not touch any other users edit page. For that, I disabled access to the usergroups except if you’re an admin or the user edit page you are currently on is your own.

I tried to create a function to do this, but the allowOnly usergroups function deals out the punishment without checking to see if the other function is defined elsewhere on the page.

Here’s the “make-do” functions and an example of how I’d like them to work:

    public function allowOnly($officer, $administrator, $superuser)
{
    $authority = 0;
    if ($officer == true && $this->session->isOfficer()) {
        $authority++;
    }
    elseif ($administrator == true & $this->session->isAdmin()) {
        $authority++;
    }
    elseif ($superuser == true & $this->session->isSuperuser()) {
        $authority++;
    }
    if ($authority != 0) {
        return true;
    }
    else {
        header("Location: ../incorrectRights.php");
        exit;
    }
}
function allowCurrentUser()
{
    global $authority;
    $authority++;
}

This changes the users location if they’re not any of the allowed usergroups, but since that code is executed before “allowCurrentUser”, it changes the location before the function gets the chance to allow the user through.

I’d like it to work like this:

<?php
     include("functions.php");
     $functions->allowOnly(false, false, true);
     if($session->username == $allowedUserName) {
          $functions->allowCurrentUser();
      }

I’m sorry if I’m not descriptive enough, or my code lacks efficiency, heck, even if I’ve missed a built-in php function which does this for me!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    you should check out PHP’s function_exists(), this will tell you wether or not the function already exist.

    you have some error in your code too.

    $administrator == true & $this->session->isAdmin()

    should be

    $administrator == true && $this->session->isAdmin()

    as you have used only single & whereas it should be &&

    and also change

    $superuser == true & $this->session->isSuperuser()

    to 

    $superuser == true && $this->session->isSuperuser()

    after reading your code, i realized you are using $authority variable to hold the value and to check wether to authorize user or not. and plus you are using global. i would never have done that way, instead i would declare $authority as class property below is the example of how you could do it.

    class functions 
{
    //declare class propert and set default value to 0
    protected $_authority = 0;

    public function allowOnly($officer, $administrator, $superuser)
    {
        if ($officer == true && $this->session->isOfficer()) {
            $this->_authority++;
        }
        elseif ($administrator == true && $this->session->isAdmin()) {
            $this->_authority++;
        }
        elseif ($superuser == true && $this->session->isSuperuser()) {
            $this->_authority++;
        }
        if ($this->_authority != 0) {
            return true;
        }
        else {
            header("Location: ../incorrectRights.php");
            exit;
        }
    }

    public function allowCurrentUser()
    {
        $this->_authority++;
        return $this->_authority;
    }
}

    UPDATE:

    instead of redirecting the page why not return false and redirect during function call, you can do it this way.

    class functions 
{
    //declare class propert and set default value to 0
    protected $_authority = 0;

    public function allowOnly($officer, $administrator, $superuser)
    {
        if ($officer == true && $this->session->isOfficer()) {
            $this->_authority++;
        }
        elseif ($administrator == true && $this->session->isAdmin()) {
            $this->_authority++;
        }
        elseif ($superuser == true && $this->session->isSuperuser()) {
            $this->_authority++;
        }

        return ($this->_authority != 0) ? true : false;
    }

    public function allowCurrentUser()
    {
        $this->_authority++;
        return $this->_authority;
    }
}

    and while in function call.

    include("functions.php");
if($functions->allowOnly(false, false, true)) {
    //person is allowed access
} 
//else allow current user
elseif($session->username == $allowedUserName) {
    $functions->allowCurrentUser();
} 
else {
    //redirect here
    header("Location: ../incorrectRights.php");
    exit;
}
    • 0