On my site I have an administrative bank where I run a page with two users < admin,editor >
and on another page I need to make a restriction to allow access only to admin, but the script I have is not restricting.
My Restriction Page:
<?php include("scripts/restrict_admin.php"); ?>
<?php include('header.php'); ?>
<div id="box">
<div id="header">
<div id="header_logo">
<a href="painel.php"><img src="imagens/logo.fw.png" alt="" border="0"/></a>
</div> <!--fecha div header_logo-->
</div><!--fecha div header-->
<div id="content">
<div id="menu">
<?php include('menu.php'); ?>
</div><!--fecha div menu-->
<div id="conteudo">
<span class="caminho">Home » Usuários Cadastro</span>
<form name="cadastro" action="" enctype="multipart/form-data" method="post">
<label>
<span>Usuário</span>
<input type="text" name="usuario" />
</label>
<label>
<span>Senha</span>
<input type="password" name="senha" />
</label>
<label>
<span>Nível</span>
<select name="nivel" id="nivel"/>
<option value="editor">Editor</option>
<option value="admin">Admin</option>
</label>
<label>
<span>Nome</span>
<input type="text" name="nome" />
</label>
<label>
<span>Email</span>
<input type="text" name="email" />
</label>
<input type="hidden" name="cadastro" value="ok" />
<input type="submit" name="Cadastrar" value="Cadastrar" class="cadastro_btn" />
</form>
</div><!--fecha div conteudo-->
</div><!--fecha div content-->
<div id="clear"></div>
</div><!--fercha div box-->
<?php include('footer.php'); ?>
My script:
<?php
session_start();
if (!isset($_SESSION)) {
}
$MM_authorizedUsers = "admin";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
if ( !function_exists('isAuthorized') ){
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}
}
$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
$MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
How do I proceed?