I'm developing a custom page where I only want certain groups to be able to access. Inside my PHP file, I'm trying to have the script check whether the user is part of a group, if not then an error_no_permission occurs. Here is my code that isn't working so far:
global $db, $mybb;
if ($mybb->user['usergroup'] != 4 || $mybb->user['usergroup'] != 6|| $mybb->user['usergroup'] != 3 )
{
error_no_permission();
}
If I have it just check if the user is an admin:
global $db, $mybb;
if ($mybb->user['usergroup'] != 4)
{
error_no_permission();
}
The code works fine. It's when I'm trying to check a few different groups.
Any help is appreciated!
I generally just write my own function for my plugins. If you are trying to check the user who is viewing the page, the following should work.
function check_permissions ($allowed_groups) {
global $mybb;
if (empty($allowed_groups)) {
return false; // no need to check for permissions if no groups are allowed.
}
if ($allowed_groups == "-1") {
return true; // no need to check for permissions if all groups are allowed.
}
$usergroup = $mybb->user['usergroup'];
$allowed = explode(",", $allowed_groups);
$groups = array();
$groups[0] = (int)$usergroup;
$add_groups = explode(",", $mybb->user['additionalgroups']);
$count = 1;
foreach($add_groups as $new_group) {
$groups[$count] = $new_group;
$count++;
}
foreach ($allowed as $allowed_group) {
if (in_array($allowed_group, $groups)) {
return true;
}
}
return false;
}
If you are trying to check the permissions for a user who may or may not be the viewer of the page, the following should work:
function check_permissions ($allowed_groups, $usergroup, $additionalgroups) {
global $mybb;
if (empty($allowed_groups)) {
return false; // no need to check for permissions if no groups are allowed.
}
if ($allowed_groups == "-1") {
return true; // no need to check for permissions if all groups are allowed.
}
$allowed = explode(",", $allowed_groups);
$groups = array();
$groups[0] = (int)$usergroup;
$add_groups = explode(",", $additionalgroups);
$count = 1;
foreach($add_groups as $new_group) {
$groups[$count] = $new_group;
$count++;
}
foreach ($allowed as $allowed_group) {
if (in_array($allowed_group, $groups)) {
return true;
}
}
return false;
}
I'm sure there is a cleaner way to do this, but that's how I do it in my plugins. The groups are passed as strings, so $allowed_groups might be something like "3,4,6" for example.
Thanks for the reply. So if I use your first answer, I would call the function by performing: check_permissions("3,4,6,12");
After I do that, would I then check if it returned true by doing something like this?
if(check_permissions() == true)
{
//Show the page
}
else
{
$error_no_permission;
}
Thank you very much.
Yep, pretty much. In fact, the error_no_permission() and error() functions stop execution and output the page, so you could really do something like this:
if(!check_permissions("3,4,6,12"))
{
error("you do not have access to view this page");
}