RonB
Posts: 228
|
Posted: 06/22/2004, 1:13 PM |
|
Hi,
We use the security features from CCS but use , seperated strings for pages and user levels. We use our own function to authenticate a page (all pages are set to protected:no in the toolbox. Every page name and location is inserted into the database and , seperated levels can be assigned to them:
./ default.php 1,5,24,68
in the user table we add the user levels in the same way
admin 2,3,24,35
We use the login set by the security tab in project settings so when a user logs in his levels are assigned to the GroupID variable.
In the above logging in would result in a GroupID of 2,3,24,35
The next function authenticates the page (we 've added it to the common.php file at the bottom):
code]
function authenticate()
{
//breng $FileName en $Redirect in scope
global $FileName;
global $Redirect;
global $pagePath;
global $pageName;
//maak nieuwe verbinding met de database
$db=new clsDBmysql();
//Gebruikers id wordt aan $user toegewezen
$user=CCGetUserID();
//toegangsniveau's van de gebruiker worden toegewezen aan $userlevel
$userLevel=CCGetGroupID();
//pad naar de pagina wordt toegewezen aan $pagePath
$pagePath=dirname($_SERVER['PHP_SELF']) ."/";
//pagina naam wordt toegewezen aan $pageName
$pageName=$FileName;
//haal de toegangsniveau's voor deze pagina op
//$pageLevel=CCGetDBValue("select page_level_values from page_level1 where page_level_path='" .$pagePath ."' and page_level_name='" .$pageName ."' and page_level_values in (" .$userLevel .")" ,$db);
//debug=>
//echo $user ."<br>" .$userLevel ."<br>" .$pagePath ."<br>" .$pageName ."<br>" .$pageLevel;
// controleer of $user leeg is. Zo ja dan inloggen, zo nee dan toegangsniveau checken
if($user=="")
{
$Redirect="http://10.3.1.99/nieuwestijl/login.php?ret_link=" .$pagePath .$pageName;
}
elseif(CCGetDBValue("select page_level_values from page_level1 where page_level_path='" .$pagePath ."' and page_level_name='" .$pageName ."' and page_level_values in (" .$userLevel .")" ,$db) =="")
{
$Redirect="http://10.3.1.99/nieuwestijl/oops.php?ret_link=" .$pagePath .$pageName;
}
}
Sorry comments are in dutch.
This function is called on every page in a before show event.
We use an admin section on the site to administer page levels and user levels.
During development we use a different function to make sure every page get's inserted into the database without us having to do itt manualy:
function check_page()
{
global $FileName;
$db=new clsDBmysql();
$my_test=CCGetDBValue(" select page_level_name from page_level1 where page_level_path='" .dirname($_SERVER['PHP_SELF']) ."/' and page_level_name='" .$FileName ."'" , $db);
if ($my_test == "")
{
$db->query("insert into page_level1 (page_level_path,page_level_name) values('" .dirname($_SERVER['PHP_SELF']) ."/','" .$FileName ."')");
}
}
A seperate table is used to define the levels. It's a simple table that holds the id and description
id=1
desc=admin
etc.
Hope you can use this.
Ron
|