The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!
UserSpice   ›   Support Center   ›   UserSpice 4.3 and Below   ›   Restrict # pages

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Restrict # pages
lordtyla
User
Joined: Sep 2017
Posts: 4

Reputation: 0
#1
09-17-2017, 12:02 PM
Hiya I am developing a site that uses ajax to load pages, so everything runs off index.php but it just changes the content of the page when you press a navigation button rather than reloading the entire page. I have run into a little problem with restricting these pages

I am trying to restrict http://localhost/#13
I have included the following at the top of the 13.php page:
<pre>
Code:
<?php require_once 'users/init.php'; ?>
<?php if (!securePage($_SERVER['PHP_SELF'])){die();}?>
</pre>


When I go to localhost/13.php it is restricted as intended but if I go to localhost/#13 it is not restricted

Any ideas?
  Reply
Brandin
Lead Developer
*******
Joined: Oct 2016
Posts: 1,297

Reputation: 7
#2
09-17-2017, 12:21 PM
This is because you're calling index.php, not 13.php (I think!)

I would wrap your call in 13.php in ajax with with a checkMenu or hasPerm function.
  Website
  Reply
mudmin
Lead Developer
*******
Joined: Dec 2015
Posts: 2,285

Reputation: 17
#3
09-17-2017, 12:27 PM
Yep. That's exactly how I do it.

You don't even have to use the "userspice" page permissions. Just setup the permission levels themselves and then wrap entire php in if/else statements.

There is a description of hasPerm here...

https://userspice.com/documentation-functions/
  Reply
lordtyla
User
Joined: Sep 2017
Posts: 4

Reputation: 0
#4
09-17-2017, 02:20 PM
Thanks for the replies
[Image: 5G5O3U4.png]
Using the hasPerm function seems to show up as text on the actual webpage (localhost/#13) and it hasn't stoppped me from accessing the page


13.php

<pre>
Code:
<?php require_once 'users/init.php'; ?>

<?php if (!securePage($_SERVER['PHP_SELF'])){die();}?>

<?php if (hasPerm([2],$user->data()->id)){ ?>

<script type="text/javascript">
    $(document).ready(function () {
      $('#doneimg3').fadeIn(1000);
    });
</script>

<script type="text/javascript">
  $(document).ready(function(){  
   $("#redirectvideo").bind('ended', function(){
      location.href="#14";  
   });
  });
</script>

<span style="display: none;" id="doneimg3">

<div class="video-background"><video autoplay id="redirectvideo">
    <source src="/video/vaultopen.mp4" type="video/mp4" />
</video></div>

</span>

<div class="row">
    <div class="col-xs-12">
    
    <div align="center"><a class="btn btn-warning " href="#14" role="button">Skip</a></div>
    
    </div>
</div>

<?php } ?>
</pre>
  Reply
mudmin
Lead Developer
*******
Joined: Dec 2015
Posts: 2,285

Reputation: 17
#5
09-17-2017, 07:03 PM
Try reversing the logic by killing the page or redirecting somewhere if the user is not logged in or does not have permission first. Here's a an example with die();

Code:
<?php
Code:
if (!$user->isLoggedIn() || !hasPerm([2],$user->data()->id)){
Code:
die();  //or something
Code:
}else{
Code:
//the rest of your script
Code:
?>
  Reply
lordtyla
User
Joined: Sep 2017
Posts: 4

Reputation: 0
#6
09-18-2017, 02:09 PM
Is this code correctly laid out?
[Image: 8qaej7J.png]
When I load the page it is the same issue as before where the code actually shows up on the page and doesn't function.
[Image: BwgzV0H.png]
  Reply
karsen
User
Joined: Mar 2017
Posts: 150

Reputation: 0
#7
09-19-2017, 07:19 PM
It seems that for some reason PHP is interpreting
Code:
->
as a closing tag, although I have no idea how that could happen. What version of PHP are you using?
  Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)