Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Simple Admin Access Control


Guest

Recommended Posts

ive got this working perfectly in firefox and chrome, using :

($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN . "orders.php") &&

 

but in IE8, its not applying any kind of security, allows the login access to all?

 

if i use the original

($PHP_SELF != DIR_WS_ADMIN . "orders.php") &&

 

it doesnt allow the login to access anything at all?

 

full code below:

if ( ($PHP_AUTH_USER=='admin1') || ($PHP_AUTH_USER=='admin2') ||
   ($_SERVER[REMOTE_USER]==admin1) || ($_SERVER[REMOTE_USER]==admin2) )
  {;
  } else {
  if ( ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "orders.php") &&
	   ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "invoice.php") &&
 ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "index.php") &&
  ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "login.php") &&
	   ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "packing_slip.php") &&
	   ($_SERVER['SCRIPT_NAME'] != DIR_WS_ADMIN  . "customers.php") )
	{ die("<br><br><center>You are not authorized to view this page.\n\n</center>"); }
  }
?>

shame as it looks to be quite useful and should be fairly simple

going to try in IE9 next see how it behaves

Edited by KomplikatedOne
Link to comment
Share on other sites

  • 1 year later...
  • Replies 102
  • Created
  • Last Reply

Top Posters In This Topic

Hopefully I can help you understand why you are getting the inconsistencies between $PHP_SELF and $_SERVER['SCRIPT_NAME'], $PHP_AUTH_USER and $_SERVER[REMOTE_USER], etc.

 

Basically, as I understand it, $PHP_SELF is the old (deprecated) method that required Register-Globals on and most hosing companies wouldn't turn it on anyway. $_SERVER seems to be the way forward and doesn't require any special server settings.

 

See here for the full explanation:

http://www.php.net/manual/en/faq.using.php#faq.register-globals

 

Dave.

Link to comment
Share on other sites

  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...