LIMITING FILE ACCESS AND PROTECTING INDIVIDUAL FILES - Jun 1st, 2011


If you’ve only got a few files to protect, you can use something like this:

Set up a single value list field in the user accounts table with the membership levels required, for example:

General
Committee
Board

Assign access to one of these levels to your user account.

Then use code similar to this to protect whole pages or portions of a page. If the user is not logged in, line 3 in the
code will force them to log in before they can access this page:



<?php require_once "cmsAdmin/lib/viewer_functions.php";
if (!@
$GLOBALS['WEBSITE_MEMBERSHIP_PLUGIN']) { die("You must activate the Website Membership plugin before you can
access this page."); }
if (!
$CURRENT_USER) { websiteLogin_redirectToLogin(); }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Information Access Test</title>
</head>

<body>
<?php if ($CURRENT_USER['membership_level'] == "Committee"): ?>You are logged in and are authorized to see this
Committee level information.
<?php elseif ($CURRENT_USER['membership_level'] == "Board"): ?>You Are Logged in and are authorized to see this Board of
Directors level information.
<?php elseif ($CURRENT_USER['membership_level'] == "General"): ?>You Are Logged in and are authorized to see this
General membership level information.
<?PHP else: ?> You must log in before you can see the information that is authorized for your level of membership.
<?PHP endif ?>

</body>
</html>



If you’re using a multi value list to define your authorization levels, you can’t use the == test, since your field
can actually contain more than just an exact match. You can however use the strpos function to determine if a particular
membership level is contained in the list.

Theoretically the strpos function returns the numeric position of the first occurrence of the pattern that you’re
searching for, however, before it can do that it has to decide if the pattern exists in the string.

Here’s the code using strpos



<?php if (strpos($CURRENT_USER['membership_level'], 'committee_access')): ?>
You Are Logged in and are authorized to see committee level level information.
<?PHP endif ?>




The materials on this web site have been created for use with CMS Builder content management software. CMS Builder software is published and licensed for use by InteractiveTools.com. Please contact Interactive Tools for information on the downloading of the software or the purchasing of licenses.


Terms of Service