session_register is old method...$_SESSION['var'] is the better way. You
will still need session_start(); at the top of the page
bastien
From: MIGUEL ANTONIO GUIRAO AGUILAR <miguel.guirao@xxxxxxxxxxxxxxx>
To: Jeffrey <jeffreyb@xxxxxxxxxxx>
CC: php-db@xxxxxxxxxxxxx
Subject: Re: Retricting Access to Menu Items
Date: Mon, 06 Mar 2006 21:32:59 -0800
Now that you mention it!!
I tried to use sessions but without success, i did:
session_start();
session_register(var);
but after log in as a different user, it keeps taking the data of the
previous user. If I close the browser window and reload the page and log
in, then it takes de current user
Maybe I'm not killing the previous session! session_unset();
Do I need to propagate the Session ID on every page that use
session_start()??
Can I use session_id();?
Best Regards,
Miguel Guirao
----- Mensaje original -----
De: Jeffrey <jeffreyb@xxxxxxxxxxx>
Fecha: Lunes, Marzo 6, 2006 7:37 ombr
Asunto: Re: Retricting Access to Menu Items
> I've done this kind of thing with a number of web apps.
>
> What I usually do is create a user table in MySQL with a user-name,
> password and access level, which has an integer value.
>
> When a user logs in successfully, a session is created (see
> session_start() in php documentation), the access level is pulled
> from
> the user table and saved as a session variable. Then it is a simple
> matter of using bits of code like...
>
> if ($_SESSION['access_level'] > 7){
> echo "some stuff";
> }
>
> In your example, you will also want to check the user's access
> level on
> each restricted page - it is not enough to hide menu options. Users
> could simply type the URL in.
>
> I hope that's clear.
>
> Good luck,
>
> Jeffrey
>
> Jeff Broomall wrote:
> > Good morning everyone.
> >
> > I'm building a very simple content management site that tracks
> "tasks.">
> > The options available are:
> > 1. Add Task
> > 2. Edit Task
> > 3. View Task
> > 4. Print Task
> >
> > I need to restrict some users to only View and Print and I'm
> trying to find a way to tell the page not to load the menu options
> (the text) for those not having access to the Add and Edit functions.
> >
> > IOW, they would only see View and Print.
> >
> > I have three basic users:
> > 1. System Admin
> > 2. Subject Matter Expert (SME)
> > 3. Viewers
> >
> > Obviously the System Admin and SME will have full access so it's
> the Viewers that are to have access to only View and Print.
> >
> > I have a users table but haven't set it up for the distinction.
> What I was thinking was creating a field labeled users_group and
> assign a numeric value for each user using the numbering system above.
> >
> > I have my page load the menu options:
> >
> > Home<br />
> > View Tasks<br />
> > Edit Task<br />
> > Add Task<br />
> >
> > into here...
> >
> > <BODY>
> >
> > <table width="90%" border="1" cellspacing="10" cellpadding="0"
> align="center">>
> > <tr><td colspan="2"><h1 id="mainhead">ICAO Tasks ?
> WAFS</h1></td></tr>>
> > <tr>
> > <td align= "center" valign="top" nowrap="nowrap" width="10%">
> > Menu<br />
> > <?php include ('./includes/menu.html'); ?> <--The menu above
> inserted here.
> > </td>
> >
> > <td valign="top" class="content">
> >
> >
> > How can I tell the system not to load the last two lines unless
> they are a System Admin or SME?
> >
> > I read a chapter on Cookies/Sessions...but it wasn't that helpful
> for this case.
> >
> > Can I setcookie('user_group', '3') and use that somehow???
> >
> > Am I in the ballpark with this solution?
> >
> > Thanks.
> >
> > Jeff
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Este mensaje es exclusivamente para el uso de la persona o entidad a quien
esta dirigido; contiene informacion estrictamente confidencial y legalmente
protegida, cuya divulgacion es sancionada por la ley. Si el lector de este
mensaje no es a quien esta dirigido, ni se trata del empleado o agente
responsable de esta informacion, se le notifica por medio del presente, que
su reproduccion y distribucion, esta estrictamente prohibida. Si Usted
recibio este comunicado por error, favor de notificarlo inmediatamente al
remitente y destruir el mensaje. Todas las opiniones contenidas en este
mail son propias del autor del mensaje y no necesariamente coinciden con
las de Radiomovil Dipsa, S.A. de C.V. o alguna de sus empresas controladas,
controladoras, afiliadas y subsidiarias. Este mensaje intencionalmente no
contiene acentos.
This message is for the sole use of the person or entity to whom it is
being sent. Therefore, it contains strictly confidential and legally
protected material whose disclosure is subject to penalty by law. If the
person reading this message is not the one to whom it is being sent and/or
is not an employee or the responsible agent for this information, this
person is herein notified that any unauthorized dissemination, distribution
or copying of the materials included in this facsimile is strictly
prohibited. If you received this document by mistake please notify
immediately to the subscriber and destroy the message. Any opinions
contained in this e-mail are those of the author of the message and do not
necessarily coincide with those of Radiomovil Dipsa, S.A. de C.V. or any of
its control, controlled, affiliates and subsidiaries companies. No part of
this message or attachments may be used or reproduced in any manner
whatsoever.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
