Hi ninjask,
In Chapter 2, User.php, lines 5-8, there are some
constants defined which are used in permissions.
PHP Code:
const CREATE_FORUM = 2;
const MOVE_MESSAGE = 4;
const DELETE_MESSAGE = 8;
const DELETE_FORUM = 16;
Permission checking is done by comparing
$user->permission to these constants.
For example this line does a bitwise
comparison to see if a user has permission
to create a forum.
PHP Code:
if ($user->permission & User::CREATE_FORUM)
If you want a user to be able to move and delete messages, but
not create or delete forums you could give them a permission
like this:
PHP Code:
$user->permission = User::DELETE_MESSAGE | User::MOVE_MESSAGE;
The author discusses permissions and bitwise operators on
page 33.
You could create additional constants for different kinds of
permissions and assign any combination of permissions you want
to a user.
There are different ways to add permissions to a user.
One way is to set user permissions directly into the database.
Another way is to modify the examples in the book to assign
permissions to a user. Perhaps you could assign permission
based on something you have the user enter on registration
such as a membership level or something like that.
There is a problem with ~$user->permission in add_forum.php
Chap 2, add_forum.php, ~$user->permission is not working properly
2) Your second question
What you want is an enhanced version of a 401.php file
that can limit access to 1 or 2 users.
We cannot alter 401.php because we use it many places, but
what you can do is create a new file, let's say 401check.php
The way you create this file is to copy 401.php to 401check.php.
Then at the bottom of this new file add additional checks to
allow only the users you want. Then in admin10.php include
401check.php instead of 401.php.
The additional checks in 401check.php can be done with an additional
if statement at the end. Here is an example..
PHP Code:
$theuser = "me";
if ( $_SESSION['username'] != $theuser ) {
define('EMAIL_ADDRESS_TO_SEND', '[email protected]');
$msg = "Someone tried to get into admin10.php. " . "Their username is " .
$_SESSION['username'];
mail(EMAIL_ADDRESS_TO_SEND, "My web site, someone tried to get in ", $
msg);
?>
<p>The resource you've requested is for my web site use. Either you have
not supplied the necessary credentials or the credentials you have supplied
do not authorize you for access.</p>
<a href="../index.php">return to main page</a>
<?php
$GLOBALS['TEMPLATE']['content'] = ob_get_clean();
include '../templates/template-page.php';
exit();
}
?>
There are some posts in this forum regarding chapter 10. They were entered
in October 2010. You may want to look at those.
Please help with chapter 10
