Prevent form running for one particular user

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • beary
    New Member
    • Nov 2006
    • 170
    #1

    Prevent form running for one particular user

    Hi,

    hope this is in the right topic...

    Running php5 on apache. I've setup a site where people can login as "demo", "demo" and play around with the functions of the site. Part of the functionality involves uploading files, deleting/editing using standard form fields and storing data in Mysql.

    I want people *not* to be able to delete things, or upload files bigger than 100KB when they're logged in as "demo". I'm wondering if there's a much easier way to accomplish this, than doing what's below with *every* place where data is added/deleted/updated (which is a lot of places).

    Code:
    if($user=="demo")
{
echo "Sorry. You cannot delete things in demo mode. Please continue to look around.";
}
else
{
// Do whatever normal stuff happens with the data
}
    I was thinking of having a session variable which might restrict these things without having to alter the code on every page. Would that work?

    I would appreciate any examples of how I could do this. Thanks.
    Tags: None
    • dlite922
      Recognized Expert Top Contributor
      • Dec 2007
      • 1586
      #2
      Usually when I build large application with various user rights and permissions, I created user "roles". In this case the demo user would have a guest role or lowest role.

      I design my app from the get-go with this in mind.

      Another thing you can do is have switches for the various functionality to turn them off an on based on a config file. In your demo install, you would turn these off.

      In summary, no you cannot escape this problem without making code changes, but I hope you learned a lesson for the next time. :)

      Cheers,



      Dan

        Comment

        • Markus
          Recognized Expert Expert
          • Jun 2007
          • 6092
          #3
          Assuming you have some roles/permissions set up, simply store the access level in their session. Anywhere that requires a specific access level, check it, and act on it appropriately.

          Code:
          // User signs in.
$_SESSION['access_level'] =$user->access_level;

// Only certain people can delete.
function delete() {
    if($_SESSION['access_level'] < 4) {
        return;
    }
    
     // Do delete
}

            Comment

            • beary
              New Member
              • Nov 2006
              • 170
              #4
              Thanks Markus for your code example. Dan, could you please say a little more about the config file idea? What does it involve?

              Thanks

              Originally posted by dlite922
              Another thing you can do is have switches for the various functionality to turn them off an on based on a config file. In your demo install, you would turn these off.

                Comment

                • dlite922
                  Recognized Expert Top Contributor
                  • Dec 2007
                  • 1586
                  #5
                  All it involves is include() a php file that has constants in it.( define(UPLOAD_O N,true); // or false

                  In the code you say if (UPLOAD_ON) do upload, else echo "can't upload";

                  That's all.

                  Then when you install your site on a server you change this config file and change the values based on that install. (if the users don't have access to this file, ie they're not the owner of the site, which I think what your Demo scenario is)




                  Dan

                    Comment

                    • beary
                      New Member
                      • Nov 2006
                      • 170
                      #6
                      Right. I understand what you've said, but doesn't this just get me back to where I started, of still having to have an if statement at every point on the site where a decision is to be made? That's what I was trying to avoid... (unless I've misunderstood)

                      Originally posted by dlite922
                      All it involves is include() a php file that has constants in it.( define(UPLOAD_O N,true); // or false

                      In the code you say if (UPLOAD_ON) do upload, else echo "can't upload";

                      That's all.

                      Then when you install your site on a server you change this config file and change the values based on that install. (if the users don't have access to this file, ie they're not the owner of the site, which I think what your Demo scenario is)




                      Dan

                        Comment

                        • dlite922
                          Recognized Expert Top Contributor
                          • Dec 2007
                          • 1586
                          #7
                          Originally posted by beary
                          Right. I understand what you've said, but doesn't this just get me back to where I started, of still having to have an if statement at every point on the site where a decision is to be made? That's what I was trying to avoid... (unless I've misunderstood)
                          Yes, if you go back, I stated:

                          Originally posted by dlite922
                          no you cannot escape this problem without making code changes
                          If you want your program to behave. You can disable the upload functionality (for example) by changing the permissions so that the program "breaks" and doesn't successfully upload. This is hardly the type of thing you want to show in a demo though.





                          Dan

                            Comment

                            Previous template Next
                            Working...