Member Avatar for LastMitch

Hi

I having problems understand permission files. I actually took apart some cms platform that has a permission file. The issue is that how to write a simple permission file?

So far base on the CMS, I took apart.

This is always appears:

if (!$_SESSION[""]) {
   die('You do not have access to this page!');
}

I notices that a table is create for the admin login.

$id = $_GET["userID"];
$userID = $id

Plus I notice that there's a

DEBUG CODE

What is a DEBUG CODE?

The files from those platform are very complicated for me to grasp. Is there a simple way to write a simple one. I just want to learn and see how it works.

I appreciate any suggestions or any links of examples that I can read and try to understand. Thanks!

You would do well to understand what SESSIONS are COOKIES are, and how to use them. Basically, as you are using them, a permission file is a php page that can be accessed when the user is logged in, and their session data is available to the server.

Sessions are pretty simple.

To start them, you simply add:
session_start(); to the top of any page where a user will need to have persistent data available to the page.

As for logins, you can do a form/whatever flavor of validation you want, and then after you call session_start(); you can populate sessions as you would any array.

session_start()
$_SESSION['user'] = "LastMitch";

Now, any time that a user accesses a page on my server, from my http root, as long as there is a session_start() as the first line (some rules are meant to be broken) of PHP code on the page (preferrably before any code, even HTML), I can access my global (that's what $_ is for) variable $_SESSION[].

To destroy, or end a session, you can either close your browser and it should end automatically. Or, you can manually do it by unsetting/destroying the session.

if($_GET['end_session'] == "True") {
session_unset(); //remove all session data, but leave persistence
unset($_SESSION['user']); //alternatively we can unset a specific variable in the array.
session_destroy(); //in either case, we want to remove persistence, and end the session completely.
}

In the particular snippet above, it is saying:

    if(!$_SESSION[""]) {      //if no session data is set at all (the ! means 'not')
        die("message")        //then end all activity on the page, and display "message"
    }

You can learn a lot more about all of this by checking out the PHP user manual:
http://www.php.net/manual/en/function.session-start.php

You can also brows about $_GET[] and $_POST[] and see how they are used with Form handling/etc and how they are used for logins/etc....

I hope that is what you were asking...

Ryan

commented: Thanks for the link & the simple example & explanation! +0

without knowing the context of DEBUG CODE it's hard to say exactly what it is... it is either a build it command for developers to see particular errors, or it's a left over from when they were actually debugging... hard to say.

Member Avatar for LastMitch

@ryantroop

Thanks for the reply and link! Thanks for the example and explanation too! I forgot to mention that my previous post regarding about:

session_start()

Thanks for bring it up.

I will test it out and see how it works. It's looks very simple. If I have any questions or issues I will post it here.Thanks!

Member Avatar for LastMitch

@ryantroop

Thanks for the link! I appreciate that you took your time to explain the topic and gave me a simple example to see how it work. I have a better understanding how it works now. Thanks!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.