External PHP page (on same domain) only accessible for logged in members.

External PHP page (on same domain) only accessible for logged in members. Started by Esteffano · February 25, 2024, 12:03:06 pm · Read 11066 times 0 Members and 1 Guest are viewing this topic. previous topic - next topic

External PHP page (on same domain) only accessible for logged in members.

February 25, 2024, 12:03:06 pm

Hello,

as the title says, I am looking for a simple way to have an external PHP page (rendering HTML) but only accessible/readable when the visitor is a member and logged in.

What would be the best way for me to do that?
Thank you.

Best regards,
Esteffano

Re: External PHP page (on same domain) only accessible for logged in members.

Reply #1 – February 25, 2024, 03:28:50 pm

There are several ways to do this. I'll provide a quick example below, you would place this in a xyz.php file in the same directory as you SSI.php Read the comments I provided in the script for futher details

Code: [Select]

<?php

/**
 * Define $ssi_guest_access variable before including SSI.php to handle guest access to your script.
 * false: follows the forum setting of "Allow guests to browse the forum"
 */
$ssi_guest_access = false;

// Include the SSI file.
require(__DIR__ . '/SSI.php');

/**
 * If you have "Allow guests to browse the forum" enabled but still do not want guest to access this script
 * then use the is_not_guest(); function after including SSI.  If they are a guest their journey ends at the next line.
 */
is_not_guest();

echo '<!DOCTYPE html>
<html>
	<head>
	</head>
	<body>
		Guests can not see this
	</body>
</html>';

In both cases they will be redirected to the login screen

Re: External PHP page (on same domain) only accessible for logged in members.

Reply #2 – February 25, 2024, 05:47:56 pm

Wow, thank you.
This really helps me do what I want.

Is there also a way to make the output only visible to a certain group (based on group ID)?

Best regards,
Esteffano

Re: External PHP page (on same domain) only accessible for logged in members.

Reply #3 – February 25, 2024, 09:15:58 pm

Sure, I'll show you a quick snip that should work. But first a notice.

The permission system is based on named permissions and not simple group access. This is because being in a group may be additive or may be subtractive to your permissions. You could be in a group and "loose" permissions. So with that warning out of the way ...

Code: [Select]

<?php

/**
 * Define $ssi_guest_access variable before including SSI.php to handle guest access to your script.
 * false: follows the forum setting of "Allow guests to browse the forum"
 */
$ssi_guest_access = false;

// Include the SSI file.
require(__DIR__ . '/SSI.php');

/**
 * If you have "Allow guests to browse the forum" enabled but still do not want guest to access this script
 * then use the is_not_guest(); function after including SSI.  If they are a guest their journey ends at the next line.
 */
is_not_guest();

global $user_info;

$exists = false;

// 1 is the admin, always allowed
// 2 is a global moderator, generally allowed
// 99 is just some group id that you have defined
foreach ([1, 2, 99] as $value)
{
	if (in_array($value, $user_info['groups'], true))
	{
		$exists = true;
		break;
	}
}

if (!$exists)
{
	redirectexit();
}

echo '<!DOCTYPE html>
<html>
	<head>
	</head>
	<body>
		Guests can not see this
	</body>
</html>';

Here you provide a list of allowed groups, is put in 1, 2, 99 as an example, and the code simply checks if you are in one of those groups. But as I stated this simply means your in a group, not that a necessary you have some permission, it all depends on how you have setup your forum. But for simple cases its just OK, certainly not ideal.

Re: External PHP page (on same domain) only accessible for logged in members.

Reply #4 – February 26, 2024, 06:28:59 am

Thank you very much, I really appreciate it!
Will try it out later tonight.

Best regards,
Esteffano

Re: External PHP page (on same domain) only accessible for logged in members.

Reply #5 – February 26, 2024, 01:36:53 pm

Thank you again,

it really worked well.

I made a little function based on you code to simplify working with the mechanism.

Code: [Select]

<?php

$ssi_guest_access = false;

// Include the SSI file.
require(__DIR__ . '/SSI.php');


/**
 * isVisitorLoggedIntoGroup
 *
 * Check whether or not visitor is in at least one of specified groups
 * @param mixed $mGroups may be string or array
 * @return bool TRUE if is in any of the groups, FALSE if in none at all
 */
function isVisitorLoggedIntoGroup($mGroups) {
    global $user_info;

    // Ensure $mGroups is always an array
    $groupsToCheck = (is_array($mGroups)) ? $mGroups : [$mGroups];

    // Check if the user is in any of the specified groups
    foreach ($groupsToCheck as $group) {
        if (in_array($group, $user_info['groups'], true)) {
            return true;
        }
    }

    // If none of the specified groups match, return false
    return false;
}

echo 'Something anyone can see.<br>';

// Check if the user in any of the specified groups
$allowedGroup = isVisitorLoggedIntoGroup([1, 2, 99]);
if($allowedGroup){
	echo 'Something that\'s only meant to be seen by $allowedGroup.';
} else {
	echo '<a href="#">Login</a>';
}

Best regards,
Esteffano