Check Admin has a right for a section admin: PHPFusion 8 Support

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Code Download source

   echo"<li><a href='index.php".$aidlink."&amp;pagenum=1'> Content </a></li>
                                <li><a href='index.php".$aidlink."&amp;pagenum=2'>Users </a></li>
                                <li><a href='index.php".$aidlink."&amp;pagenum=3'>System </a></li>
                                <li><a href='index.php".$aidlink."&amp;pagenum=4'>Settings </a></li>
                                <li><a href='index.php".$aidlink."&amp;pagenum=5'>Infusions </a></li>";

Ok so that is the pages in admin.

How do I check the admin has at least an access right for something on that page?

So if an admin does not have any rights on one of those pages the link should not display.

It's no easy I now how to check rights for individual pages but that is not reasonable for this.

I mean I can not keep doing this...

checkrights("bleh") || checkrights("blah ") || checkrights("SOP") || checkrights("TG")

There must be another way?

Thanks

Edited by Craig on 29-08-2014 23:43, 10 y

0 replies

So, from what I am understanding you want to display one of the links only if the admin has the rights ?

Code Download source

 if (checkrights("M")) { 
echo "<li>Bla bla bla</li>";
}

Code Download source


if (iADMIN && checkrights("C")) {
echo "<li>Bla bla bla</li>";
}

Edited by faga on 30-08-2014 03:45, 10 y

0 replies

No, there's no registration of rights in any of the db. it's serversided file. so you gotta remember the "blah,bleh.. " abbreviation.

Open up all the files you're interested, and check their rights. :)

0 replies

I know how to use user checkrights lol

Like I said in post #1 so if we want to create links to sections of the admin do i need to do this for every access right for everything in that section?

So you guys are saying this is my only option?

That is ridiculous, so you's think this is reasonable?

You saying I must do that for every page in each admin section?

Code Download source

 if (checkrights("A")  || (checkrights("AC") || (checkrights("CP") || (checkrights("D") || (checkrights("DC") || (checkrights("FQ") || (checkrights("F") || (checkrights("IM") ||  (checkrights("N") || (checkrights("NC") || (checkrights("PO") || (checkrights("W") || (checkrights("WC") || (checkrights("PH") || ) { 
   echo"<li><a href='index.php".$aidlink."&amp;pagenum=1'> Content </a></li>";
}

0 replies

Falk

answered 30 Aug 2014 at 12:45 PM

Super Admin

Well change approach to array if you want to cut it short and make it look better.
Naturally you need to define what rights goes to a specific area.
Something like

Code Download source

$admin_rights = explode('.', $settings['admin_rights']);
if (in_array('.R1.R2.R3.ETC', $admin_rights)) {
}

Edited by N/A on 30-08-2014 12:48, 10 y

0 replies

Code Download source


function render_admin_tabs() {
            global $userdata;

            $array = array(
                '1' => 'Page 1',
                '2' => 'Page 2',
                '3' => 'Page 3',
                '4' => 'Page 4',
                '5' => 'Page 5'
            );
            /* Many to 1 checker */
            function tab_rights($page) {
                global $userdata;
                $user_rights = explode('.', $userdata['user_rights']);
                $result = dbquery("SELECT * FROM ".DB_ADMIN." WHERE admin_page='$page' ORDER BY admin_rights ASC");
                if (dbrows($result)>0) {
                    while ($data = dbarray($result)) {
                        if (in_array($data['admin_rights'], $user_rights)) {
                            return true;
                        }
                    }
return false; // edit - added this to return 0 if by end of the loop, no rights matched.
                } else {
                    return false;
                }
            }

            // now loop it.
            foreach($array as $page_num => $page_name) {
                if (tab_rights($page_num)) {
                    echo "<li ><a href='index.php".$aidlink."&amp;pagenum=$page_num'>$page_name</a></li>\n";
                }
            }
        }

Code Download source


echo render_admin_tabs();

In your page... say where Get (?pagenum=1) and if you want to check access.. use this function.

Code Download source


function tab_rights($page) {
                global $userdata;
                $user_rights = explode('.', $userdata['user_rights']);
                $result = dbquery("SELECT * FROM ".DB_ADMIN." WHERE admin_page='$page' ORDER BY admin_rights ASC");
                if (dbrows($result)>0) {
                    while ($data = dbarray($result)) {
                        if (in_array($data['admin_rights'], $user_rights)) {
                            return true;
                        }
                    }
                } else {
                    return false;
                }
            }

$_GET['sanitized_pagenum'] = isset($_GET['pagenum']) && isnum($_GET['pagenum'])) ? $_GET['pagenum'] : 0;
if (!tab_rights($_GET['sanitized_pagenum'])) { // hacker found. }

Edited by Chan on 30-08-2014 12:50, 10 y

0 replies

Thanks hien that is exactly my question answered. You done brilliant that is exactly what I was talking about.

Thanks man for taking time to code the function for me kudos and credit will be given in the final release.

1000000+ Awarded to hien

0 replies

Category Forum

Modifications and Requests - 8

Labels

None yet

Statistics

Views 0 views
Posts 6 posts
Votes 0 votes
Topic users 4 members

4 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Check Admin has a right for a section admin

6 posts

PHPFusion

Resources

Community

Development