Forum Moderators: coopster
I am working on a project (not really small anymore) which requires a password protected section as well as a publicly accessible one.
From searching the web I gather that most commonly this is done by username / password checking and then using "header redirect" to access a closed section.
Now with this method I loose $_POST and $_GET vars.
I always link to index.php?"something",
check for 'logged',
and then if true I redirect and do whatever needs to be done.
I have found out how to pass $_SESSION beyond redirect and of course I can store POST and GET in SESSION, but it is quite uncomfortable to carry all POST/GET Data around with me in SESSION and also I am not sure if this is not maybe a security problem.
My question is, is there a better method (general architecture) for a site with a complex public area and also a complex protected area?
They need to accessible via the same uri, need to be hosted on the same site (using a common database).
I hope my question makes any sense, otherwise, please tell me so.
Thanks,
Dennis (from sunny Tenerife Island)
$_SESSION['valid_user'] = '1';$_SESSION['perm_level'] = mysql_result($result,0,"permission");Assuming permission levels are in use, and in numerical format, with lower numbers equating to greater permissions; you can do:
<?phpsession_start();
$user_valid = $_SESSION['valid_user'];
$user_perm = $_SESSION['perm_level'];
$page_perm = '10';
if($user_valid == 1 && $user_perm <= $page_perm) {
echo 'Protected page content';
} else {
echo 'You do not have permission to view this page. / Publicly available content';
}
?>
Edit:
Wish I was from sunny Tenerife Island too :(
Regards,
Readie
