Fixed security issues on pages

Fixed pages to certain levels of security only can see them otherwise it redirects back to index.html
CheddarCheeze · Dec 9, 2014 · 36492d0 · 36492d0
1 parent 6503793
commit 36492d0
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 23 deletions.
diff --git a/frontend/add.php b/frontend/add.php
@@ -3,7 +3,7 @@
 
 //if not logged in set security settings to guest
 if(!isset($_SESSION['username'])){
-	$_SESSION['security'] = 0;
+	$_SESSION['security'] = "0";
 }
 
 //if logout button is clicked, supposed to unset login info
@@ -57,6 +57,11 @@
 	<script src="//netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
 	<link rel="stylesheet" type="text/css" href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css">
 
+	<?php if($_SESSION['security'] <= 1){
+		?><meta http-equiv="refresh" content="1; url=index.html"><?php
+	}
+	?>
+
 	<script>
 	function turnOff()
 	{
@@ -103,7 +108,7 @@ function turnOff()
                 <li><a href="#about">About</a></li>
 				<?php 
 				//only show My Desk if person is logged in
-				if($_SESSION['security'] != 0){	
+				if($_SESSION['security'] >= "1"){	
 				?>
 				<li><a href="first.php">My Desk</a></li>
 				<?php }?>
@@ -113,11 +118,10 @@ function turnOff()
                     <li><a href="search.php">Search</a></li>
 					<?php 
 					//only show if person logged in is a patron or admin
-					if($_SESSION['security'] > 3){?>
+					if($_SESSION['security'] >= "2"){?>
                     <li><a href="add.php">Add Material</a></li>
-					<li><a href="#">Delete Material</a></li>
 					<?php }
-					if($_SESSION['security'] == 4){
+					if($_SESSION['security'] >= "3"){
 					?>
 					<li><a href="create.php">Create Table</a></li>
 					<li><a href="#">Modify Table</a></li>
@@ -151,12 +155,11 @@ function turnOff()
 						?>
 						<form  name="logout" class="navbar-form navbar-right" action="index.html">
 							Welcome, <?php echo $_SESSION['username'];?><br>
-							<input type="submit" name="logout" id="logout" class="btn btn-default" value="Log Out"></form><?
+							<button class="btn btn-default" name="logout"><a href="logout.php">Log Out</a></button></form><?
 					}?>
             </div>
           </div>
         </div>
-
       </div>
     </div>
 	<div id="backg">

diff --git a/frontend/create.php b/frontend/create.php
@@ -3,7 +3,7 @@
 
 //if not logged in set security settings to guest
 if(!isset($_SESSION['username'])){
-	$_SESSION['security'] = 0;
+	$_SESSION['security'] = "0";
 }
 
 //setting path name to variable
@@ -77,6 +77,11 @@
 	<script src="//netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
 
 	<link rel="stylesheet" type="text/css" href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css">
+
+	<?php if($_SESSION['security'] <= 2){
+		?><meta http-equiv="refresh" content="1; url=index.html"><?php
+	}
+	?>
 
     <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
     <!--[if lt IE 9]>
@@ -117,7 +122,7 @@
                 <li><a href="#about">About</a></li>
 				<?php 
 				//only show My Desk if person is logged in
-				if($_SESSION['security'] != 0){	
+				if($_SESSION['security'] >= "1"){	
 				?>
 				<li><a href="first.php">My Desk</a></li>
 				<?php }?>
@@ -127,11 +132,10 @@
                     <li><a href="search.php">Search</a></li>
 					<?php 
 					//only show if person logged in is a patron or admin
-					if($_SESSION['security'] > 3){?>
+					if($_SESSION['security'] >= "2"){?>
                     <li><a href="add.php">Add Material</a></li>
-					<li><a href="#">Delete Material</a></li>
 					<?php }
-					if($_SESSION['security'] == 4){
+					if($_SESSION['security'] >= "3"){
 					?>
 					<li><a href="create.php">Create Table</a></li>
 					<li><a href="#">Modify Table</a></li>

diff --git a/frontend/first.php b/frontend/first.php
@@ -1,5 +1,10 @@
 <?php 
-session_start()
+session_start();
+
+if(!isset($_SESSION['username'])){
+	$_SESSION['security'] = "0";
+}
+
 ?>
 <!DOCTYPE html>
 <html lang="en">
@@ -19,6 +24,15 @@
     <!-- Just for debugging purposes. Don't actually copy these 2 lines! -->
     <!--[if lt IE 9]><script src="../../assets/js/ie8-responsive-file-warning.js"></script><![endif]-->
     <script src="../../assets/js/ie-emulation-modes-warning.js"></script>
+	<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
+	<script src="//netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
+
+	<link rel="stylesheet" type="text/css" href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css">
+
+	<?php if($_SESSION['security'] == 0){
+		?><meta http-equiv="refresh" content="1; url=index.html"><?php
+	}
+	?>
 
     <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
     <!--[if lt IE 9]>
@@ -62,7 +76,7 @@
                 <li><a href="#about">About</a></li>
 				<?php 
 				//only show My Desk if person is logged in
-				if($_SESSION['security'] != "guest"){	
+				if($_SESSION['security'] >= "1"){	
 				?>
 				<li><a href="first.php">My Desk</a></li>
 				<?php }?>
@@ -72,11 +86,10 @@
                     <li><a href="search.php">Search</a></li>
 					<?php 
 					//only show if person logged in is a patron or admin
-					if(($_SESSION['security'] == "Patron") || ($_SESSION['security'] == "Administrator")){?>
+					if($_SESSION['security'] >= "2"){?>
                     <li><a href="add.php">Add Material</a></li>
-					<li><a href="#">Delete Material</a></li>
 					<?php }
-					if($_SESSION['security'] == "Administrator"){
+					if($_SESSION['security'] >= "3"){
 					?>
 					<li><a href="create.php">Create Table</a></li>
 					<li><a href="#">Modify Table</a></li>
@@ -115,7 +128,6 @@
             </div>
           </div>
         </div>
-
       </div>
     </div>
 	<div id="backg">

diff --git a/frontend/search.php b/frontend/search.php
@@ -3,7 +3,7 @@
 
 //if not logged in set security settings to guest
 if(!isset($_SESSION['username'])){
-	$_SESSION['security'] = 0;
+	$_SESSION['security'] = "0";
 }
 
 //setting path name to variable
@@ -12,6 +12,8 @@
 
 //run javac on BibliobaseDBMS.java once
 //exec("javac database_mgmt/BiblioBaseDBMS.java");
+
+$level = shell_exec("cd $path && java database_mgmt/BiblioBaseDBMS");
 
 //sets variable to search text field if set and if not to *
 if(!isset($_POST["atextsearch"]) || $_POST["atextsearch"] == null){
@@ -115,7 +117,7 @@
                 <li><a href="#about">About</a></li>
 				<?php 
 				//only show My Desk if person is logged in
-				if($_SESSION['security'] != 0){	
+				if($_SESSION['security'] >= "1"){	
 				?>
 				<li><a href="first.php">My Desk</a></li>
 				<?php }?>
@@ -125,11 +127,10 @@
                     <li><a href="search.php">Search</a></li>
 					<?php 
 					//only show if person logged in is a patron or admin
-					if($_SESSION['security'] > 3){?>
+					if($_SESSION['security'] >= "2"){?>
                     <li><a href="add.php">Add Material</a></li>
-					<li><a href="#">Delete Material</a></li>
 					<?php }
-					if($_SESSION['security'] == 4){
+					if($_SESSION['security'] >= "3"){
 					?>
 					<li><a href="create.php">Create Table</a></li>
 					<li><a href="#">Modify Table</a></li>