Validating users

**fastsol1** · 12-28-2010, 04:59 PM

Yeah, I usually assign variables to everything so I don't have to concatenate. Try this or some variation of, or assign another variable to the username too like $u_name = SESSION['username'], then use $u_name to compare against the $filename in the if()

PHP Code:


if(is_dir($filename) && $filename ==  . SESSSION['username'] . ) {

**fastsol1** · 12-28-2010, 05:23 PM

Honestly I think you are still going about this the wrong way, but without knowing the full purpose and exactly how you are allowing users to get access to the files I can't say for sure. The code I gave you will always work for the logged in user but from what I know of your purpose it won't stop the issue you are asking about, simply cause the $filename will always equal the username cause you are setting that in the script.

If you need to limit access to the directory directly then you need to use you hosting panel to disallow that. Basically you wold then get a 403 Forbidden error when you tried to got directly to a directory that does not contain a index page.

**Schmoopy** · 12-28-2010, 05:24 PM

PHP Code:


<?php



if(is_dir($filename) && $filename == $_SESSION['username']) {

    echo "ok";

}

else {

    echo "not ok";

}



?>

**arsenalbates** · 12-28-2010, 06:03 PM

Thanks for the replies, the webstite im creating is just for testing and learning purposes. its nothing major. im using apache, so by changing the permissions in windows to ??? will stop it being accessed by others unless its requested by the code.

As i say its nothing big, im just messing around with the code to try and learn php and create users and logins.

I will try the code above in a sec and let you know how i get on.

**arsenalbates** · 12-28-2010, 06:23 PM

the code runs but dont change to not ok when accessing another users area.

**Schmoopy** · 12-28-2010, 06:44 PM

It's not working because at the moment, you're assigning $filename to whatever the $_SESSION['username'] value is - so they're always going to be the same.

The $filename should be set by the actual directory, and not the session.

So you need to use:

PHP Code:


<?php

// Inialize session
session_start();

// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
    header('Location: index.php');
}

// Get the directory we're currently in
$fulldir = dirname(__FILE__);

// Get the deepest directory
$dir = substr(strrchr($fulldir, '\\'), 1);

if(is_dir($dir) && $dir == $_SESSION['username']) {
    echo "ok";
}
else {
    echo "not ok";
} 
?>

Depending on whether you're using windows or not, you may need to change this line:

PHP Code:


$dir = substr(strrchr($fulldir, '\\'), 1);

to

PHP Code:


$dir = substr(strrchr($fulldir, '/'), 1);

I'm using WAMP, so paths come out like: C:\wamp\www\DIR\DIR\file.php

**arsenalbates** · 12-28-2010, 07:03 PM

still no change in the text

Is there an alternate way altogether to stop the typed in url from being shown unless requested by the php code?

or another code i could use ?

it seems simple , "if the session name is the same as the dir then do nothing else redirect to the correct dir"

**Schmoopy** · 12-28-2010, 07:10 PM

This code will work, you've just got to figure out where it's going wrong.

Try outputting the $_SESSION['username'] variable and the $dir variable on screen.

See what it outputs and post it on here.