Scribd
Upload
32 views

Manual Del Programador

This document contains code for a PHP application that manages user logins and access control. It includes code to start user sessions, log users out by clearing session variables, restrict access to pages based on user and group authorization, and insert new records into a database table using user-submitted form data.

Uploaded by

Krlos Cely
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
32 views

Manual Del Programador

This document contains code for a PHP application that manages user logins and access control. It includes code to start user sessions, log users out by clearing session variables, restrict access to pages based on user and group authorization, and insert new records into a database table using user-submitted form data.

Uploaded by

Krlos Cely
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

MANUAL DL PROGRAMADOR

Presemtamos una muestra de el codigo que utilizamos para el


diseño de la aplicacion.

<?php require_once('Connections/conectar.php'); ?>

<?php

//initialize the session

if (!isset($_SESSION)) {

session_start();

// ** Logout the current user. **

$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";

if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){

$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){

//to fully log out a visitor we need to clear the session varialbles

$_SESSION['MM_Username'] = NULL;

$_SESSION['MM_UserGroup'] = NULL;

$_SESSION['PrevUrl'] = NULL;

unset($_SESSION['MM_Username']);

unset($_SESSION['MM_UserGroup']);

unset($_SESSION['PrevUrl']);

$logoutGoTo = "index.php";

if ($logoutGoTo) {

header("Location: $logoutGoTo");
exit;

?>

<?php

if (!isset($_SESSION)) {

session_start();

$MM_authorizedUsers = "";

$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {

// For security, start by assuming the visitor is NOT authorized.

$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their
username.

// Therefore, we know that a user is NOT logged in if that Session variable is blank.

if (!empty($UserName)) {

// Besides being logged in, you may restrict access to only certain users based on an ID established
when they login.

// Parse the strings into arrays.

$arrUsers = Explode(",", $strUsers);

$arrGroups = Explode(",", $strGroups);

if (in_array($UserName, $arrUsers)) {

$isValid = true;

// Or, you may restrict access to only certain users based on their username.

if (in_array($UserGroup, $arrGroups)) {
$isValid = true;

if (($strUsers == "") && true) {

$isValid = true;

return $isValid;

$MM_restrictGoTo = "index.php";

if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers,


$_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {

$MM_qsChar = "?";

$MM_referrer = $_SERVER['PHP_SELF'];

if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)

$MM_referrer .= "?" . $_SERVER['QUERY_STRING'];

$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

header("Location: ". $MM_restrictGoTo);

exit;

?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

if (PHP_VERSION < 6) {

$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) :
mysql_escape_string($theValue);

switch ($theType) {

case "text":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "long":

case "int":

$theValue = ($theValue != "") ? intval($theValue) : "NULL";

break;

case "double":

$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

break;

case "date":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "defined":

$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

break;

return $theValue;

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {

$insertSQL = sprintf("INSERT INTO documento (codigo, fecha_act, tipo, descripcion, dependencia,


no_caja, no_carpeta, sub_serie) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)",

GetSQLValueString($_POST['codigo'], "int"),

GetSQLValueString($_POST['fecha_act'], "text"),

GetSQLValueString($_POST['tipo'], "text"),

GetSQLValueString($_POST['descripcion'], "text"),

GetSQLValueString($_POST['dependencia'], "text"),

GetSQLValueString($_POST['no_caja'], "text"),

GetSQLValueString($_POST['no_carpeta'], "text"),

GetSQLValueString($_POST['sub_serie'], "text"));

mysql_select_db($database_conectar, $conectar);

$Result1 = mysql_query($insertSQL, $conectar) or die(mysql_error());

$insertGoTo = "ok.php";

if (isset($_SERVER['QUERY_STRING'])) {

$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

$insertGoTo .= $_SERVER['QUERY_STRING'];

header(sprintf("Location: %s", $insertGoTo));

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"


"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Concejo minicipal beteitiva</title>

You might also like