On Sun, 23 Mar 2003 12:15:25 -0500, you wrote:
>Not sure why things like this are so difficult. I have an authentication
>script which allows users access to certain pages based on their user level.
>If they click on a link to go to a page their not allowed to, I want to be
First, why are the pages they can't access displayed as active links?
>able to just reload the page their on and display a message saying they are
>not authorized to view that page - do you think I can get the page to
You don't need to reload the page. At the top of each page, put your
check routine.
if (access_granted == FALSE) {
show_access_denied_message;
exit;
}
show_regular_page;
>reload.....I've tried the header thing (but can't because headers are
>already sent),
Either rewrite your page so the security check comes before any output
is sent, or use the output buffering functions (ob_start(), etc)
>I've tried playing around with $PHP_SELF with no luck, I've
That's passed to the script from its environment... changing it will
have no effect on the script's environment.
>looked for javascripts with no luck. Anyone have any ideas?
You can't rely on Javascript for security.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
