Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32

Thread: Validating users

  1. #1
    Join Date
    Dec 2010
    Posts
    30
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Thumbs up Validating users

    i want to make sure that other users cant access files in directories. to do this im thinking of using some php code to validate if the current user that has logged on has the same name as their directory (named the same as the user name field). i know what i need but i cant code it.

    pseudo code

    user 1 enters users 2 directory
    the default page needs to check if the user is in their right directory.
    if the session user name (logon username) is the same as the directory name then allow them to stay
    else take them to the correct directory ($filename)


    below is what i have created to test and there are some errors as im new to php.

    <?php

    // Inialize session
    session_start();

    // Check, if username session is NOT set then this page will jump to login page
    if (!isset($_SESSION['username'])) {
    header('Location: index.php');
    }
    $filename = $_SESSION['username'];
    if !is_dir($filename) = $filename
    echo "ok"
    else
    echo "not ok"
    ?>



    any help would be appreciated

    Many Thanks
    Sam
    Last edited by arsenalbates; 12-28-2010 at 10:20 PM.

  2. #2
    Join Date
    Jul 2010
    Location
    Minnesota
    Posts
    256
    Thanks
    1
    Thanked 21 Times in 21 Posts

    Default

    What error are you getting and is it telling you it's "ok" or "not ok"?

  3. #3
    Join Date
    Aug 2009
    Posts
    399
    Thanks
    42
    Thanked 4 Times in 4 Posts

    Default

    when it is not OK write:

    exit("You are not allowed to see others information<br/><a style='text-decoration: none;' href='javascript:history.go(-1);'>| Back |</a> ");

    when it is Ok, do not write anything

  4. #4
    Join Date
    Dec 2010
    Posts
    30
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Default

    Parse error: syntax error, unexpected '=' in C:\xampp\htdocs\phpmysimplelogin\sam\index.php on line 11

  5. #5
    Join Date
    Sep 2008
    Location
    Bristol - UK
    Posts
    842
    Thanks
    32
    Thanked 132 Times in 131 Posts

    Default

    Error free version of your code:

    PHP Code:
    <?php

    // Inialize session
    session_start();

    // Check, if username session is NOT set then this page will jump to login page
    if (!isset($_SESSION['username'])) {
        
    header('Location: index.php');
    }

    $filename $_SESSION['username'];

    if(!
    is_dir($filename)) {
        echo 
    "ok";
    }
    else {
        echo 
    "not ok";
    }
    ?>
    Don't think this does what you want it to though. Let me know if it does, otherwise I can probably post something.

  6. #6
    Join Date
    Dec 2010
    Posts
    30
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Default

    thanks, this is working for the logged in users own directory although when you access someonelses directory from it still displays ok and it should display not ok.


  7. #7
    Join Date
    Jul 2010
    Location
    Minnesota
    Posts
    256
    Thanks
    1
    Thanked 21 Times in 21 Posts

    Default

    Are you somehow allowing the user to select the directory? If not you really don't need to verify the directory they are accessing. you can select it for them based on their username and then it will only show the files in their directory by default. I guess we would have to see a working page or full code to understand why you are able to access other users directories.

    Also this seems backwards to me -
    PHP Code:
    if(!is_dir($filename)) {
        echo 
    "ok";
    }
    else {
        echo 
    "not ok";

    This seems to me to say that if the directory doesn't exist then you are ok, but I would think it should be the other way. like this by simply removing the ! in the if()
    PHP Code:
    if(is_dir($filename)) {
        echo 
    "ok";
    }
    else {
        echo 
    "not ok";


  8. #8
    Join Date
    Dec 2010
    Posts
    30
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Cool

    I want to prevent users from typing in another users directory directly into the address bar and gaining access. so if they are in their own directory (folder name matches login name) then they can stay but if they access another directory that dont match their user name then i want it to divert them back to their directory.

    atm i havnt got that far as redirecting but im just testing to see if it works by using "ok" and "not ok" .

    if when a user goes into another directory other than their own it should be saying not ok at this point but with this code im getting "ok" no matter if the user accesses their own dir or someone else's !

  9. #9
    Join Date
    Jul 2010
    Location
    Minnesota
    Posts
    256
    Thanks
    1
    Thanked 21 Times in 21 Posts

    Default

    Oh ok, then you need to check if the $filename equals the SESSION username
    PHP Code:
    if(is_dir($filename) && $filename == SESSSION['username']) {
        echo 
    "ok";
    }
    else {
        echo 
    "not ok";

    EDIT
    Wait are you trying to limit access to the directory via the URL bar? That should be done through your hosting control panel to not allow direct listing of the directories for people to see. Once you have the host setup right then you will only be able to access the directory through the script, which in turn will work great if you are selecting the directory for them based on their username that is logged in.
    Last edited by fastsol1; 12-28-2010 at 04:39 PM.

  10. #10
    Join Date
    Dec 2010
    Posts
    30
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Default

    thats exactly what i want although i get

    Parse error: syntax error, unexpected '[' in

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •