Hi all
I have a site which has administrators and customers. Administrators are setup and have access to all pages, and can make changes to details like customer stuff and other table attributes and is done by a session variable that looks at the admin_id and admin_password. If these are not present, then it you cant access that particular page. Problem is, as soon as I set up the customer login session, with their customer_lname and customer_password, it lets them onto the admin pages. Is there anyway of restricting access to a page for administrators and for customers? I am using Dreamweaver and it's extensions to set this up, and this is the code is creates for administration check:
<?php
// *** Restrict Access To Page: Grant or deny access to this page
$FF_authorizedUsers=" ";
$FF_authFailedURL="nopermission.php";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
if (true || !(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) || $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
$FF_grantAccess = 1;
}
}
if (!$FF_grantAccess) {
$FF_qsChar = "?";
if (strpos($FF_authFailedURL, "?"
) $FF_qsChar = "&";
$FF_referrer = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && strlen($HTTP_SERVER_VARS['QUERY_STRING']) > 0) $FF_referrer .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
$FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);
header("Location: $FF_authFailedURL"
exit;
}
Any tips to tell me how I should do this would be great, thanks.
I have a site which has administrators and customers. Administrators are setup and have access to all pages, and can make changes to details like customer stuff and other table attributes and is done by a session variable that looks at the admin_id and admin_password. If these are not present, then it you cant access that particular page. Problem is, as soon as I set up the customer login session, with their customer_lname and customer_password, it lets them onto the admin pages. Is there anyway of restricting access to a page for administrators and for customers? I am using Dreamweaver and it's extensions to set this up, and this is the code is creates for administration check:
<?php
// *** Restrict Access To Page: Grant or deny access to this page
$FF_authorizedUsers=" ";
$FF_authFailedURL="nopermission.php";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
if (true || !(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) || $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
$FF_grantAccess = 1;
}
}
if (!$FF_grantAccess) {
$FF_qsChar = "?";
if (strpos($FF_authFailedURL, "?"
) $FF_qsChar = "&";$FF_referrer = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && strlen($HTTP_SERVER_VARS['QUERY_STRING']) > 0) $FF_referrer .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
$FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);
header("Location: $FF_authFailedURL"
;exit;
}
Any tips to tell me how I should do this would be great, thanks.
