[SOLVED] protect external pages using session variables

This topic is locked

[SOLVED] protect external pages using session variables	11/7/2011 3:58:03 AM
PHPRunner General questions
F Francesco_5000 author Hi i need to use some external php pages for my purposes, and i need to protect them from unauthorized use. To this i'm trying to use the security session variables created during the login, http://xlinesoft.com/phprunner/docs/phprunner_session_variables.htm . So the code that i'm using is this: `<?php session_start(); if ( ($_SESSION["GroupID"]=-1) \|\| ($_SESSION["GroupID"]=1) ) { ?> <?php myphpcode ?> <?php } ?>` but it don't works, it is as the variables don't exist or they were empty. Any suggestions?

Mark as Solved Mark as not solved

4 replies


C	cgphp 11/7/2011
	`session_start(); if(!@$_SESSION["UserID"]) { header("Location: login.php?message=expired"); return; }`


F	Francesco_5000 author 11/7/2011
	`session_start(); if(!@$_SESSION["UserID"]) { header("Location: login.php?message=expired"); return; }` good, but i want to grant the access only for certain groups (and to restrict the access for all the others), in this way i grant the access for all those who have logged-in.


C	cgphp 11/7/2011
	`session_start(); include("include/dbcommon.php"); global $conn; $sql = "SELECT GroupID FROM ugmembers WHERE UserName ='".$_SESSION["UserID"]."'"; $rs = db_query($sql,$conn); $authorized_groups = array(-1,1); $is_authorized = FALSE; while($data = db_fetch_array($rs)) { if(in_array($data['GroupID'],$authorized_groups)) { $is_authorized = TRUE; break; } } if( ! $is_authorized) { header("Location: login.php?message=expired"); return; }`


F	Francesco_5000 author 11/7/2011
	`session_start(); include("include/dbcommon.php"); global $conn; $sql = "SELECT GroupID FROM ugmembers WHERE UserName ='".$_SESSION["UserID"]."'"; $rs = db_query($sql,$conn); $authorized_groups = array(-1,1); $is_authorized = FALSE; while($data = db_fetch_array($rs)) { if(in_array($data['GroupID'],$authorized_groups)) { $is_authorized = TRUE; break; } } if( ! $is_authorized) { header("Location: login.php?message=expired"); return; }` thanks

4 replies

Mark as Solved Reply