PDA

View Full Version : Is There A Better Way?


Bike Racer
04-26-2008, 05:54 PM
I've been using David's tutorials while creating on a site for a club. I have a login for members to access a "members only" area and from there I want some members with "admin" levels to be able to access some pages for updating databases. I've attached the following code to a page that only admin should have access to, otherwise they are redirected back. This works, but could I have written it better?

session_start();

if (!isset($_SESSION['id'])){

header("location:index.php");
exit;

}

$id = $_SESSION['id'];

////////////////////////////
$query =sprintf("SELECT * FROM member_list where mem_id='$id'");
$result =mysql_query($query);
$rowAccount =mysql_fetch_array($result);
/////////////////////////////

$level=$rowAccount['mem_level'];

if ($level!="admin"){
header("location:success.php");
exit;
}

davidj
04-26-2008, 07:06 PM
on login you could set the level to a session and handle it as you do the id

you would only be querying the db once then

pete
04-28-2008, 05:46 PM
I've been using David's tutorials while creating on a site for a club. I have a login for members to access a "members only" area and from there I want some members with "admin" levels to be able to access some pages for updating databases. I've attached the following code to a page that only admin should have access to, otherwise they are redirected back. This works, but could I have written it better?

session_start();

if (!isset($_SESSION['id'])){

header("location:index.php");
exit;

}

$id = $_SESSION['id'];

////////////////////////////
$query =sprintf("SELECT * FROM member_list where mem_id='$id'");
$result =mysql_query($query);
$rowAccount =mysql_fetch_array($result);
/////////////////////////////

$level=$rowAccount['mem_level'];

if ($level!="admin"){
header("location:success.php");
exit;
}


using header("location:success.php"); is incorrect use, you should have the domain there like this:

header("location:http://www.domain.com/success.php"); from PHP manual:

Note: HTTP/1.1 requires an absolute URI as argument to Location: (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30) including the scheme, hostname and absolute path, but some clients accept relative URIs.

davidj
04-28-2008, 08:36 PM
using header("location:success.php"); is incorrect use, you should have the domain there like this:

header("location:http://www.domain.com/success.php"); from PHP manual:never had a problem before but then again i don't build web sites.

also never had any one flag this as an issue.

if anyone has had an issue with header("location and relative paths then let me know

2bz2p
05-10-2008, 10:35 PM
I have found that I have to put in the entire url

header("location:http://www.domain.com/success.php");

Not just header("Location: success.php");

Which I dont like since I am writting an application for multiple website thats going to be a major hange up for me.

2b

pete
05-11-2008, 05:39 AM
I have found that I have to put in the entire url

header("location:http://www.domain.com/success.php");

Not just header("Location: success.php");

Which I dont like since I am writting an application for multiple website thats going to be a major hange up for me.

2b

Create a config file and include it then, so your config file might look like this:


$cfg = array(
'domain'=>'http://www.dreamweaverclub.com/'
);
Then in your network header function do this:



header('Location:'.$cfg['domain'].'success.php');
or if used within a class method or function




header('Location:'.$GLOBALS['cfg']['domain'].'success.php');
I usually have many variables in my $cfg array such as paths to image directories so I can do $cfg['images']['detail'] and no matter what site I am working on that will always give me the path to the detail image directory, same for DB $cfg['db']['user'] $cfg['db']['pwd'].

Keep the config.inc.php file out of www/ and include it with


php_value auto_prepend_file "/home/site/config.inc.php"
in your .htaccess file in www then you don't need to worry about manually adding it to every page.

I prefer a multi-dim array for my configs but you can create the classic .ini file see http://www.php.net/manual/en/function.parse-ini-file.php

2bz2p
05-11-2008, 11:38 AM
Nice thanks for the thought, that will come in handy.