raknuth
Posts: 67
|
| Posted: 06/18/2011, 4:35 PM |
|
Can anyone tell me how to protect an external PHP page with the same security as is used by the pages in my CCS project?
If that can't be done, can I test for a CCS session variable in an external page?
Thank you.
|
 |
 |
jjrjr2
Posts: 131
|
| Posted: 06/19/2011, 6:03 AM |
|
Hi
The way I usually do this is include Common.php in the external pages..
I then have all the CCS calls available to me and then can use all the familiar CCS functions to do just about anything I want.
Hope that helps
PS. U won't have the same native security page behavior that a CCS page does but you will have access to all the session functions such as using CCS session variables (Even all the Database access functions) thus allowing you to set up your security behavior as needed.
You will also be able to employ the security calls in Common.php if you scan Common.php for what U need. I have not explored those functions myself. I usually use the CCSGetSession() call to get the group and if not the proper group just re-direct the external page.
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
raknuth
Posts: 67
|
| Posted: 06/19/2011, 10:04 AM |
|
I have included Common.php. How can I test to see if I am in the same PHP session as the CCS pages when I call this external page?
|
|
|
|
jjrjr2
Posts: 131
|
| Posted: 06/19/2011, 12:49 PM |
|
Same way you do it in CCS now.
U probably are not wanting to know if you are in the same PHP Session as a CCS Page.
What you wanna know is the Security Group you are in to ensure the page security.
Like so.
if(CCGetSession("GroupID","")!=YOURSECURITYGROUPVALUE) {
Any Code U Wanna DO.
}
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
jjrjr2
Posts: 131
|
| Posted: 06/19/2011, 2:48 PM |
|
Correction the CCS call to check sessions is
CCGetSession("GroupID","");
Sorry for the typo before
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
raknuth
Posts: 67
|
| Posted: 06/20/2011, 11:48 AM |
|
If I include the Common.php file in my external script, nothing dispays beyond the point at which it is included. If placed in the <head>, the entire page shows as an empty white canvas. if placed anywhere in the <body>, any text before the 'include' is presented but nothing follows the 'include'.
|
|
|
|
jjrjr2
Posts: 131
|
| Posted: 06/20/2011, 7:59 PM |
|
Hmmmm.
Well rather than trying to debug that issue try something like this for your page security check
$Auth=$_SESSION['GroupID'];
if($Auth!=CASINO && $Auth!=MODERATOR && $Auth!=ADMIN) exit("You Have Been Pound!!!");
OR
$Auth=$_SESSION['GroupID'];
if($Auth!=CASINO && $Auth!=MODERATOR && $Auth!=ADMIN) {
What Ever Code U Wanna do like a redirect to a login page or something...
}
Note: CASINO, MODERATOR, & ADMIN are defines created in my custom include file for this project. If U R not using defines for your security groups in the code.. Just put the values as numbers that match your Security Groups set up in your CCS project.
Incidentally this also tells U if someone is signed on if you are using CCS Security. If $Auth is null.. nobody is logged on..
Also you have access to all CCS Session values like:
$_SESSION['UserID']
Gives you the logged in users ID
$_SESSION['UserLogin']
Gives you the logged in users Login Id
Again, if any of these are null... nobody is logged in.
Hope this helps
John
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
raknuth
Posts: 67
|
| Posted: 06/21/2011, 3:26 AM |
|
Thank you - that did it. Here is the code I placed on the 1st 6 lines of the external page:
<?
session_start();
$Auth=$_SESSION['UserLogin'];
if ($Auth == "") {
header('location: ../../index.php');
}
'index.php' is my login page. The redirect works flawlessly.
I took this opportunity to review Common.php top to bottom - very enlightening. Some very clever coding.
Thanks, John.
|
|
|
|
jjrjr2
Posts: 131
|
| Posted: 06/21/2011, 6:18 AM |
|
Hi again
Glad that helped..
I would consider making this change to your redirect,
I think without this the rest of the PHP is still running on your page till it exits entirely at the end.
<?
session_start();
$Auth=$_SESSION['UserLogin'];
if ($Auth == "") {
header('location: ../../index.php');
exit();
}
Just to be safe...
_________________
John Real - More CodeCharge Studio Support at - http://CCSElite.com
Real Web Development At: http://RealWebDevelopment.us |
|
|
|
