I've read quite a few posts that are very similar to the question I'm about to ask, but I just wanted to be sure that there wasn't a more sophisticated way to do this. Any feedback is greatly appreciated.
I want to create a mechanism to check whether or not a logged-in user has access to the php script that is currently being called. If so, the script will continue on; if not, the script just fails out using something like die('you have no access')
.
I came up with two ways of accomplishing this:
(please assume my session stuff is coded/working fine - i.e. I call session_start(), set up the session vars properly and etc)
Define a global variable first, then check the global variable in a required header file. For example:
Content of current_executing_script.php:
// the role the logged in user must have to continue on
$roleNeedToAccessThisFile = 'r';
require 'checkRole.php''
Content of checkRole.php:
if ($_SESSION['user_role'] != $roleNeedToAccessThisFile) die('no access for you');
Define a function within the header file and call the function immediately after including/requiring it:
Content of checkRole.php:
function checkRole($roleTheUserNeedsToAccessTheFile) {
return ($_SESSION['user_role'] == $roleTheUserNeedsToAccessTheFile);
}
Content of current_executing_script.php:
require 'checkRole.php';
checkRole('r') or die('no access for you');
I'm wondering if there is a way to basically just pass a parameter to checkRole.php as part of the include or require construct?
Thanks in advance.
There isn't a way to pass parameters to include or require.
However the code that is included joins the program flow at the point where you include it, so it will inherit any variables that are in scope. So for example if you set $myflag=true immediately before the include, your included code will be able to check what $myflag is set to.
That said, I wouldn't suggest using that technique. Far better for your include file to contain functions (or a class) rather than code that gets run straight off. If you've included a file containing functions then you can call your functions with whatever parameters you want at any point in your program. It's much more flexible, and generally a better programming technique.
Hope that helps.
Include with parameters
This is something I've used on my recent Wordpress project
Make a function functions.php
:
function get_template_partial($name, $parameters) {
// Path to templates
$_dir = get_template_directory() . '/partials/';
// Unless you like writing file extensions
include( $_dir . $name . '.php' );
}
Get parameters in cards-block.php
:
// $parameters is within the function scope
$args = array(
'post_type' => $parameters['query'],
'posts_per_page' => 4
);
Call the template index.php
:
get_template_partial('cards-block', array(
'query' => 'tf_events'
));
If you want a callback
For example, the total count of posts that were displayed:
Change functions.php
to this:
function get_template_partial($name, $parameters) {
// Path to templates
$_dir = get_template_directory() . '/partials/';
// Unless you like writing file extensions
include( $_dir . $name . '.php' );
return $callback;
}
Change cards-block.php
to this:
// $parameters is within the function scope
$args = array(
'post_type' => $parameters['query'],
'posts_per_page' => 4
);
$callback = array(
'count' => 3 // Example
);
Change index.php
to this:
$cardsBlock = get_template_partial('cards-block', array(
'query' => 'tf_events'
));
echo 'Count: ' . $cardsBlock['count'];
In the past, many people have disagreed with this approach. But I think it is a matter of opinion.
You can't pass _GET or _POST param via a require() or include() , but you can you first set a _SESSION key/value and pull it on the other side.