Jump to content
jcall

Simple Admin Access Control

Recommended Posts

ive got this working perfectly in firefox and chrome, using :

($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN . "orders.php") &&

 

but in IE8, its not applying any kind of security, allows the login access to all?

 

if i use the original

($PHP_SELF != DIR_WS_ADMIN . "orders.php") &&

 

it doesnt allow the login to access anything at all?

 

full code below:

if ( ($PHP_AUTH_USER=='admin1') || ($PHP_AUTH_USER=='admin2') ||
   ($_SERVER[REMOTE_USER]==admin1) || ($_SERVER[REMOTE_USER]==admin2) )
  {;
  } else {
  if ( ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "orders.php") &&
	   ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "invoice.php") &&
 ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "index.php") &&
  ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "login.php") &&
	   ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "packing_slip.php") &&
	   ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "customers.php") )
	{ die("<br><br><center>You are not authorized to view this page.\n\n</center>"); }
  }
?>

shame as it looks to be quite useful and should be fairly simple

going to try in IE9 next see how it behaves

Edited by KomplikatedOne

Share this post


Link to post
Share on other sites

Hopefully I can help you understand why you are getting the inconsistencies between $PHP_SELF and $_SERVER['SCRIPT_NAME'], $PHP_AUTH_USER and $_SERVER[REMOTE_USER], etc.

 

Basically, as I understand it, $PHP_SELF is the old (deprecated) method that required Register-Globals on and most hosing companies wouldn't turn it on anyway. $_SERVER seems to be the way forward and doesn't require any special server settings.

 

See here for the full explanation:

http://www.php.net/manual/en/faq.using.php#faq.register-globals

 

Dave.

Share this post


Link to post
Share on other sites

As the last post in this thread was 2013, is there an updated, working version of this (allegedly) simple access control script please?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×