Hello,
I am in the process of setting up a function to help with proper page
navigation/processes and page access. Basically, the way I was hoping
it could work is every time I load a page I would set a Last Page
SESSION variable with the file name. Then when another page is
targeted, I would refer to that session variable to make sure that the
navigation is allowed and if the user's level allows access to the
page (to guard against hacking, history, and bookmarks). If the two
test are not invoked, it would then reset the "LastPage" with that
current page. I am running into issue with using the BACK button and
history.
Bottom line is I want the $_SESSION['LastPage'] with the current pages
name regardless of how it's accessed. How do developer's handle this?
The function is below:
function Validate_Page_Nav($db, $CurrentPage, $LastPage, $ErrorPage) {
$resul = $db->query("SELECT * FROM Page_Access WHERE URI =
'{$CurrentPage}'") or die("failed to get access data");
$page_access = $resul->fetch_assoc();
$pa = $page_access['User_Level'];
$URI_access = explode(",", $pa);
if($_SESSION['Last_Page'] != $LastPage) {
header("location: {$ErrorPage}?message=Unable to update user
information.");
exit();
}
if(!in_array($_SESSION['Staff_level'], $URI_access)) {
header("location: {$ErrorPage}?message=Unable to update user
information.");
exit();
}
$_SESSION['Last_Page'] = $CurrentPage;
}
Thanks for any advice you can offer.
Don Wieland
D W D a t a C o n c e p t s
~~~~~~~~~~~~~~~~~~~~~~~~~
donw@xxxxxxxxxxxxxxxxxx
Direct Line - (949) 305-2771
Integrated data solutions to fit your business needs.
Need assistance in dialing in your FileMaker solution? Check out our
Developer Support Plan at:
http://www.dwdataconcepts.com/DevSup.html
Appointment 1.0v9 - Powerful Appointment Scheduling for FileMaker Pro
9 or higher
http://www.appointment10.com
For a quick overview -
http://www.appointment10.com/Appt10_Promo/Overview.html
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
