Skip to main content
External PHP page (on same domain) only accessible for logged in members. Started by Esteffano · · Read 10684 times 0 Members and 1 Guest are viewing this topic. previous topic - next topic

External PHP page (on same domain) only accessible for logged in members.

Hello,

as the title says, I am looking for a simple way to have an external PHP page (rendering HTML) but only accessible/readable when the visitor is a member and logged in.

What would be the best way for me to do that?
Thank you.

Best regards,
Esteffano

Re: External PHP page (on same domain) only accessible for logged in members.

Reply #1

There are several ways to do this.  I'll provide a quick example below, you would place this in a xyz.php file in the same directory as you SSI.php  Read the comments I provided in the script for futher details

Code: [Select]
<?php

/**
 * Define $ssi_guest_access variable before including SSI.php to handle guest access to your script.
 * false: follows the forum setting of "Allow guests to browse the forum"
 */
$ssi_guest_access = false;

// Include the SSI file.
require(__DIR__ . '/SSI.php');

/**
 * If you have "Allow guests to browse the forum" enabled but still do not want guest to access this script
 * then use the is_not_guest(); function after including SSI.  If they are a guest their journey ends at the next line.
 */
is_not_guest();

echo '<!DOCTYPE html>
<html>
<head>
</head>
<body>
Guests can not see this
</body>
</html>';

In both cases they will be redirected to the login screen

Re: External PHP page (on same domain) only accessible for logged in members.

Reply #2

Wow, thank you.
This really helps me do what I want.

Is there also a way to make the output only visible to a certain group (based on group ID)?

Best regards,
Esteffano

Re: External PHP page (on same domain) only accessible for logged in members.

Reply #3

Sure, I'll show you a quick snip that should work.   But first a notice.

The permission system is based on named permissions and not simple group access.  This is because being in a group may be additive or may be subtractive to your permissions.  You could be in a group and "loose" permissions.  So with that warning out of the way ...

Code: [Select]
<?php

/**
 * Define $ssi_guest_access variable before including SSI.php to handle guest access to your script.
 * false: follows the forum setting of "Allow guests to browse the forum"
 */
$ssi_guest_access = false;

// Include the SSI file.
require(__DIR__ . '/SSI.php');

/**
 * If you have "Allow guests to browse the forum" enabled but still do not want guest to access this script
 * then use the is_not_guest(); function after including SSI.  If they are a guest their journey ends at the next line.
 */
is_not_guest();

global $user_info;

$exists = false;

// 1 is the admin, always allowed
// 2 is a global moderator, generally allowed
// 99 is just some group id that you have defined
foreach ([1, 2, 99] as $value)
{
if (in_array($value, $user_info['groups'], true))
{
$exists = true;
break;
}
}

if (!$exists)
{
redirectexit();
}

echo '<!DOCTYPE html>
<html>
<head>
</head>
<body>
Guests can not see this
</body>
</html>';

Here you provide a list of allowed groups, is put in 1, 2, 99 as an example, and the code simply checks if you are in one of those groups.  But as I stated this simply means your in a group, not that a necessary you have some permission, it all depends on how you have setup your forum.  But for simple cases its just OK, certainly not ideal.

Re: External PHP page (on same domain) only accessible for logged in members.

Reply #4

Thank you very much, I really appreciate it!
Will try it out later tonight.

Best regards,
Esteffano

Re: External PHP page (on same domain) only accessible for logged in members.

Reply #5

Thank you again,

it really worked well.

I made a little function based on you code to simplify working with the mechanism.

Code: [Select]
<?php

$ssi_guest_access = false;

// Include the SSI file.
require(__DIR__ . '/SSI.php');


/**
 * isVisitorLoggedIntoGroup
 *
 * Check whether or not visitor is in at least one of specified groups
 * @param mixed $mGroups may be string or array
 * @return bool TRUE if is in any of the groups, FALSE if in none at all
 */
function isVisitorLoggedIntoGroup($mGroups) {
    global $user_info;

    // Ensure $mGroups is always an array
    $groupsToCheck = (is_array($mGroups)) ? $mGroups : [$mGroups];

    // Check if the user is in any of the specified groups
    foreach ($groupsToCheck as $group) {
        if (in_array($group, $user_info['groups'], true)) {
            return true;
        }
    }

    // If none of the specified groups match, return false
    return false;
}

echo 'Something anyone can see.<br>';

// Check if the user in any of the specified groups
$allowedGroup = isVisitorLoggedIntoGroup([1, 2, 99]);
if($allowedGroup){
echo 'Something that\'s only meant to be seen by $allowedGroup.';
} else {
echo '<a href="#">Login</a>';
}

Best regards,
Esteffano