Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Check Admin has a right for a section admin

CodeDownload  
   echo"<li><a href='index.php".$aidlink."&amp;pagenum=1'> Content </a></li>
                                <li><a href='index.php".$aidlink."&amp;pagenum=2'>Users </a></li>
                                <li><a href='index.php".$aidlink."&amp;pagenum=3'>System </a></li>
                                <li><a href='index.php".$aidlink."&amp;pagenum=4'>Settings </a></li>
                                <li><a href='index.php".$aidlink."&amp;pagenum=5'>Infusions </a></li>";



Ok so that is the pages in admin.

How do I check the admin has at least an access right for something on that page?

So if an admin does not have any rights on one of those pages the link should not display.

It's no easy I now how to check rights for individual pages but that is not reasonable for this.

I mean I can not keep doing this...

checkrights("bleh") || checkrights("blah ") || checkrights("SOP") || checkrights("TG")

There must be another way?

Thanks
So, from what I am understanding you want to display one of the links only if the admin has the rights ?

CodeDownload  
 if (checkrights("M")) { 
echo "<li>Bla bla bla</li>";
}



CodeDownload  

if (iADMIN && checkrights("C")) {
echo "<li>Bla bla bla</li>";
}

No, there's no registration of rights in any of the db. it's serversided file. so you gotta remember the "blah,bleh.. " abbreviation.

Open up all the files you're interested, and check their rights. :)
I know how to use user checkrights lol

Like I said in post #1 so if we want to create links to sections of the admin do i need to do this for every access right for everything in that section?

So you guys are saying this is my only option?

That is ridiculous, so you's think this is reasonable?

You saying I must do that for every page in each admin section?


CodeDownload  
 if (checkrights("A")  || (checkrights("AC") || (checkrights("CP") || (checkrights("D") || (checkrights("DC") || (checkrights("FQ") || (checkrights("F") || (checkrights("IM") ||  (checkrights("N") || (checkrights("NC") || (checkrights("PO") || (checkrights("W") || (checkrights("WC") || (checkrights("PH") || ) { 
   echo"<li><a href='index.php".$aidlink."&amp;pagenum=1'> Content </a></li>";
}

Well change approach to array if you want to cut it short and make it look better.
Naturally you need to define what rights goes to a specific area.
Something like
CodeDownload  
$admin_rights = explode('.', $settings['admin_rights']);
if (in_array('.R1.R2.R3.ETC', $admin_rights)) {
}

CodeDownload  

function render_admin_tabs() {
            global $userdata;

            $array = array(
                '1' => 'Page 1',
                '2' => 'Page 2',
                '3' => 'Page 3',
                '4' => 'Page 4',
                '5' => 'Page 5'
            );
            /* Many to 1 checker */
            function tab_rights($page) {
                global $userdata;
                $user_rights = explode('.', $userdata['user_rights']);
                $result = dbquery("SELECT * FROM ".DB_ADMIN." WHERE admin_page='$page' ORDER BY admin_rights ASC");
                if (dbrows($result)>0) {
                    while ($data = dbarray($result)) {
                        if (in_array($data['admin_rights'], $user_rights)) {
                            return true;
                        }
                    }
return false; // edit - added this to return 0 if by end of the loop, no rights matched.
                } else {
                    return false;
                }
            }

            // now loop it.
            foreach($array as $page_num => $page_name) {
                if (tab_rights($page_num)) {
                    echo "<li ><a href='index.php".$aidlink."&amp;pagenum=$page_num'>$page_name</a></li>\n";
                }
            }
        }



CodeDownload  

echo render_admin_tabs();



In your page... say where Get (?pagenum=1) and if you want to check access.. use this function.

CodeDownload  

function tab_rights($page) {
                global $userdata;
                $user_rights = explode('.', $userdata['user_rights']);
                $result = dbquery("SELECT * FROM ".DB_ADMIN." WHERE admin_page='$page' ORDER BY admin_rights ASC");
                if (dbrows($result)>0) {
                    while ($data = dbarray($result)) {
                        if (in_array($data['admin_rights'], $user_rights)) {
                            return true;
                        }
                    }
                } else {
                    return false;
                }
            }

$_GET['sanitized_pagenum'] = isset($_GET['pagenum']) && isnum($_GET['pagenum'])) ? $_GET['pagenum'] : 0;
if (!tab_rights($_GET['sanitized_pagenum'])) { // hacker found. }


Thanks hien that is exactly my question answered. You done brilliant that is exactly what I was talking about.

Thanks man for taking time to code the function for me kudos and credit will be given in the final release.

1000000+ Awarded to hien
Thread Information
Author
Replies
7 posts
Views
836 times
Last Post
Last updated on 5 years ago
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: Falk, Craig, Chan, faga