I am working on an admin panel and admin divides tasks among various users so i want specific users to use specific pages only which they are permitted to use (all other page's links should not be clickable).
I am passing a unique page ID with every page's URL and the page's IDs to which users are permitted to use are stored in database so I need to compare my session variable with URL value, in session variable i am fetching page's id to which user are permitted to use.
I am trying this code but getting no success
if (isset($_SESSION['pageID']) && isset($_GET['page'])) {
if ($_SESSION['pageID'] == (int)$_GET['page']){
// Proceeding code
}
else {
// return fail
}
}
Any help would be appreciated as i spent hours working on this.
Thanks in advance !
You should store the roles in the database not in the session. In a roles table you can store the privileges of users. For instance you can say that this kind of users shall access this page id. Once you created this when user wants to access your page you should send a query to your table to learn if this user have access to this specific page.
Example pseudo code:
$available_pages_for_user = select * from table_roles where user_id = $_SESSION['user_id']
if $_GET['page'] in $available_pages_for_user
//Proceed
else
//401 error or smt..
if (isset($_SESSION['pageID']) && isset($_GET['page'])) {
$s = $_SESSION['pageID']; //check what is coming
$p = $_GET['page'];
if ($s == $p){
// Proceeding code
}
else {
// return fail
}
}
Related
I have 2 websites. Now I want to login a user on my second website only if my first website has a logged in session.
For Example:
$checkSiteLogin = //check if my first website has a logged in user and return the $_SESSION['id'] or false if not.
if(!$checkSiteLogin)
$_SESSION['id'] = $checkSiteLogin
I don't know if it's really what you want but as you show in your example, you want to check if your user has already or not a login session opened in your first site. Then, with the result of your test, login the user on your second website.
First, to check if there is already a session, you need to use the function isset to ensure that there is an existing id session like this :
if(isset($_SESSION['id'])) {
//There is an existing id session so log the user on your second website
} else {
//Create a new session id
$_SESSION['id'] = //id session
}
Remember, when you use session supervariables, you have to put at the beginning of your scrip, the command session_start();
Hope it will help you partially.
Good luck !
I am using Swift mailer to generate a email that gets sent to the user when the admin user creates an account for that user. I want that email to contain a link that leads to a account registration page which only that user can access.
What do I have to do to make the registration page only accessible to that user?
The page will always be accessible to any user (as it will be a GET request if clicked through the mail link), so the trick is to make it a difficult URL for a regular visitor to find. Simply create a random string of your choice (preferably uniquely-correlated to each user in the database) and append it to the page you want the user to visit:
$id = rand(1, 100000); // Grab the unique string from your database here
echo "Registration link";
Then, to check if this ID variable is set when someone accesses the page, you can check the $_GET parameter:
if(isset($_GET['id'] && !empty($_GET['id'])) {
// Code here will be executed on any ID in page.php?id=[any]
}
If you want to check for a specific string, you can use:
$id = 1337;
if($_GET['id'] == $id) {
// Code here will only trigger when visiting page.php?id=1337
}
You can also check if a particular user is visiting the page, by setting checking that the logged-in user's ID matches the $_GET parameter:
$id = '' // Grab the user's ID from your database here
if(isset($_GET['id'] && !empty($_GET['id']) && $_GET['id'] == $id) {
// Code here should be written based on the user being logged in
}
There's unfortunately no way to stop someone 'guessing' that you have code pertaining to an ID $_GET, as E-mails can't open links in POST. Restricting the content based on a specific GET request is your best bet, as someone will have difficulty guessing the exact value the parameter needs.
For your specific situation, you should be perfectly fine just using something like the 1337 code above. Simply set the <a href> link in the E-mail to use that specific value.
Hope this helps! :)
I want to hide certain pages on my navigation bar for users that are not registered, not to see those certain pages.
If a user is not registered, no access will be given on some pages.
Meaning if you are not a registered member you will be limited to seeing some pages. Otherwise if you a member you have access to all the pages.
I'm using PHP.
How can I accomplish this?
You can do the following: Create a field in user_on = true session when the user is logged in.
And in the Menu list check if this field exists in the session so if any it shows the menu item .
Ex:
if (isset($_SESSION['user_on'])) {
echo 'Link';
}
I have accomplish this by adding the following code
if ($userid == "") {
Header("Location: index.php");
die();
}
This worked like a charm.
I want to know how I would get user 'McKenzie' to see his own unique page that he can manipulate and 'Wendy' to see her own page when she logs in.
I've created the login and the pages, connected them to a MySQL database given them ID's etc, so I can do all of this and I know about sessions etc. ;)
So can someone tell me how I would do this, would I have to make different pages for each separate user? I'm thinking something along the lines of
REGISTER PAGE:
Store data in database, get user ID and use "?pageid=1" to then take the user to the id based page.
But I'm not sure how I would make each page without making them manually, as you can imagine making a new page for each separate user would be a pain... and very inefficient. Any ideas?
And please show me an example with code, it would be GREATLY appreciated! Thank you all in advance!
My answer is assuming you want to create fully customizable user data with the added possibility of sharing the page between users (like a profile page). With that out of the way you can do this by creating one php page that searches the MySQL table by $_GET or $_POST data.
Ill expand this answer in to a couple of steps...
SQL Tables
The first thing you will need is your MySQL set-up, ill assume you have a basic set-up already done but I will go ahead and create a simple one.
The basic set-up will be the login data and the custom user data, you can view my set-up here.
php user page
The simplest way would be to get the requested user from the $_GET data. So to do this we would simply get the data and request the users information:
$requested_user = $_GET['id'];
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'root', 'MyPassword');
try {
$stmt = $db->prepare("SELECT * FROM c_userpage WHERE id = ?");
$stmt->execute(array($requested_user));
$mydata = $stmt->fetch();
} catch (Exception $e) {
//error with mysql
die();
}
Now we can simply add the users data to the page!
echo "Hello! my name is {$mydata['username']}!\n";
echo "About Me: {$mydata['custom_data']}";
Sending users to their page
We can simply just use www.page.com/user.php?id=2 And this will request the data for the user with id=2
Extras
If you want to keep user pages private you can simply request the id with $_POST or $_SESSION and then check if the user is logged in!
Full code for user.php
Full code for user.php w/ private page
Here's an example of what you could do:
<?php
if (!isset($_SESSION['user_id'])) && (!isset($_SESSION['user_name'])) {
echo '<p class="login">log in</p>';
//exit();
}
else {
$user_name = $_SESSION['user_name'];
echo('<p class="login">' . $user_name .'\'s page | Log out</p>');
}
?>
There's a lot more you could add, but this is just to generate information on whether they were logged in.. If the $_SESSION['user_id'] is set, you can then generate code based on that information. (note, you would need to create the $user_name or whatever variable, likely from an sql query)
I'm using a page count to control the number of times a user can view a page before being redirected. the page is profile.php and if a user clicks on a users profile this takes them to profile.php with the extension id=1 or id=8 etc.
at the moment this script is placed in profile.php and it works fine, it limits the number of profiles a user can view. but i want to exclude a few profiles. is this possible?
I'm new and a beginner to php so if someone could please show me that would really help.
Please and thank you.
<?php
!session_id() ? session_start() : null;
if(!isset($_SESSION['page_access_count'])){
$_SESSION['page_access_count'] = 1;
}elseif($_SESSION['page_access_count'] >= 6){
// redirect to signup page
header('Location: limit.php');
exit;
}
// increase the page access session value
$_SESSION['page_access_count']++;
?>
Use an if statement.
if(on profile foo){
do bar
}
else {
count++
}
Yeah. Use an if statement. Looks like you're familiar with them, and you've already got some decent understanding of PHP, so maybe I'm missing something?
Specifically, for ease of maintenance, I'd do:
$free_profiles = array(1,8,12,14,96); // array of profile IDs to exclude
if (! in_array($_GET['id'], $free_profiles)) {
$_SESSION['page_access_count']++;
}