On March 23, 2003 02:34 pm, Beauford.2002 wrote:
> The link in question is there by design and should be there, but
> below is what I am talking about.
>
> > Even better, if a user cannot be validated then you can redirect
> > them back
>
> to where they
>
> > came from (referrer). That would effectively achive your goal by
> > refreshing the original page no matter where they;re coming from.
>
> This is what I have, but no matter what I do I can not get a
> message to appear on the referring page saying you have no access
> to the other page, and I have also read that 'HTTP_REFERER' is not
> very reliable....
No you shouldn't rely on it to do anything important but in your case
its just where the user will be redirected to. Even if someone fakes
the referrer to point to the restricted page it will just go into an
infinite loop.
> if($userlevel != $neededlevel) {
> include ($_SERVER['HTTP_REFERER']);
> $message = $no_permission;
> $exit;
> }
>
> ...on referring page....
>
> <? if ($message) { echo $message; } ?>
Code seems fine. You probably are never entering into that if
statement or the referrer is outputting something unexpected.
Use some print statements to debug this..
print("{$userlevel} and {$neededlevel}");
print($_SERVER['HTTP_REFERER']);
Of course make sure $no_permission actually contains a string...
Leo
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
