science-ation/committee_auth.php

<?

$accesscache=array();

function auth_has_access($access="")
{
	global $accesscache;

	if(in_array($access,$accesscache))
	{
		if($accesscache[$access]=='Y') return true;
		else return false;
	}
	else
	{
		$q=mysql_query("SELECT access_admin, access_config, access_super FROM committees_members WHERE email='".mysql_escape_string($_SESSION['email'])."' AND id='".$_SESSION['committee_member_id']."' AND deleted='N'"); 

		$r=mysql_fetch_object($q);
		$accesscache['admin']=$r->access_admin;
		$accesscache['config']=$r->access_config;
		$accesscache['super']=$r->access_super;
		
		switch($access)
		{
			case "config": if($r->access_config=='Y') return true; 	break;
			case "admin": if($r->access_admin=='Y') return true; break;
			case "super": if($r->access_super=='Y') return true; break;
			default:
				return false;
				break;	
		}
	}
	return false;

}

function auth_required($access="")
{
	global $config;

	if(!auth_has_access($access))
	{
		header("Location: ".$config['SFIABDIRECTORY']."/committee_login.php");
		exit;
	}
}

?>
Implement authorizaiton for admin/config sections Use committee members for authorization Add auth required checks in all admin/config sections 2005-02-16 22:50:43 +00:00			`<?`

			`$accesscache=array();`

			`function auth_has_access($access="")`
			`{`
			`global $accesscache;`

			`if(in_array($access,$accesscache))`
			`{`
			`if($accesscache[$access]=='Y') return true;`
			`else return false;`
			`}`
			`else`
			`{`
escape some email usage incase of weird characters. 2007-10-25 15:12:20 +00:00			`$q=mysql_query("SELECT access_admin, access_config, access_super FROM committees_members WHERE email='".mysql_escape_string($_SESSION['email'])."' AND id='".$_SESSION['committee_member_id']."' AND deleted='N'");`
Implement authorizaiton for admin/config sections Use committee members for authorization Add auth required checks in all admin/config sections 2005-02-16 22:50:43 +00:00
			`$r=mysql_fetch_object($q);`
			`$accesscache['admin']=$r->access_admin;`
			`$accesscache['config']=$r->access_config;`
			`$accesscache['super']=$r->access_super;`

			`switch($access)`
			`{`
			`case "config": if($r->access_config=='Y') return true; break;`
			`case "admin": if($r->access_admin=='Y') return true; break;`
			`case "super": if($r->access_super=='Y') return true; break;`
			`default:`
			`return false;`
			`break;`
			`}`
			`}`
			`return false;`

			`}`

			`function auth_required($access="")`
			`{`
			`global $config;`

			`if(!auth_has_access($access))`
if access is not allowed, make sure we exit after redirecting the script to the login page 2007-05-10 18:59:04 +00:00			`{`
Implement authorizaiton for admin/config sections Use committee members for authorization Add auth required checks in all admin/config sections 2005-02-16 22:50:43 +00:00			`header("Location: ".$config['SFIABDIRECTORY']."/committee_login.php");`
if access is not allowed, make sure we exit after redirecting the script to the login page 2007-05-10 18:59:04 +00:00			`exit;`
			`}`
Implement authorizaiton for admin/config sections Use committee members for authorization Add auth required checks in all admin/config sections 2005-02-16 22:50:43 +00:00			`}`

			`?>`