This code use protect function . to do permission access
I look at address bar found it still in protect page
this is "protect page":
foreach($access_level as $k => $v)
{
// print_r($v); // output 12
protect($v);// call function in loop to get the values of array
}
}
global $v ;
function protect($v){
if($_SESSION['sessionloginid']==true )
{
if( $v ==1)
{header(" location: http://localhost/database/agtdatabase/agt_site/display/display.php");}
}
}
You're passing $v as an argument to your function, but the function definition has no arguments:
function protect(){
^---no args
PHP has exactly TWO variable scopes: local, and global. The $v you're making global inside the function is probably NOT going to see the $v you defined in the foreach loop above. e.g.
$v = 1; // global scope
function foo() {
$v = 2; // local scope
bar();
}
function bar();
global $v;
echo $v; // outputs 1
}
You should have
function protect($v) {
if ($v == .....) { ... }
}
instead.
@Mark B above has it right.
Also - Headers are only able to be set if there is no output to the browser when they are run - If you print_r($v), headers are already sent out. Make sure your call to your function is the top possible line, right after session_start().
<?php
session_start();
protect();
/// Other code ///
function protect() {
if($_SESSION['sessionloginid']!==true) { header("Location: http://someplace/index.php"); }
}
Use of header("HTTP/1.1 403 Unauthorized" ); may be a good idea instead of redirecting, if you don't expect a user to see the message unless they are poking around where they shouldn't.
You may also be able to use header("Location: http://someplace/",TRUE,403); to send a 403 code and a redirect at the same time (so any APIs you may use against this site will recognize if they failed to log in correctly).