I have an intranet website that I've setup with 2 different menus. I use PHP to show the menu based on who is logged in. This is what I've got:
<?php
if ($_SERVER['AUTH_USER'] == 'CORP\mmm976' || $_SERVER['AUTH_USER'] == 'CORP\ibb601' || $_SERVER['AUTH_USER'] == 'corp\mmm976'){
include('AdminMenu.php');
}else {
include('Menu.php');
}
?>
Sometimes it works and sometimes it doesn't. I'm one of the admins and sometimes the AdminMenu isn't available to me? What's going on and how can i fix this so it works 100%?
I did add <p class="White"><?php echo $_SERVER['AUTH_USER']; ?></p> to the page and then while the name is showing it works fine, but if I apply a style where the name is not showing, it stops working 100%. It'll be hit or miss as to whether it'll give me the AdminMenu.
I already have Windows Authentication on and Anonymous Authentication off. $_SERVER['AUTH_USER'] has a value it just doesn't always use it unless I'm printing it on the page.
EDIT
I just had an instance where I have the page setup to show my username. I was on a different page for about 20 - 30 minutes and when I came back it did not display my username and did not give me the AdminMenu. When I then navigated to my main page (where I'm able to use asp.net to see who's logged in) and then went back it again displayed my username and the AdminMenu.
EDIT2
I thought I figured it out.
It wasn't that the if wasn't always working it's that my username wasn't being sent the server every time that I refreshed the page. When I would refresh and my username wasn't sent the if did what it was supposed to and didn't give me the admin menu. To get around this I ended up using the global $_COOKIE variable to keep my username (with a duration of 7 days):
<?php setcookie("UserName",$_SERVER['AUTH_USER'],time() + (60*60*24*7)); ?>
Then had to add that into the if since it can't be used till after you refresh the first time:
<?php
$AdminUsers = array("CORP\User1","CORP\User2");
if (in_array($_SERVER['AUTH_USER'],$AdminUsers,TRUE) || in_array($_COOKIE['UserName'],$AdminUsers,TRUE))
{
include('AdminMenu.php');
}
else
{
include('Menu.php');
}
?>
However I have discovered today that the $_COOKIE value isn't being kept. I don't yet know why. I have the <?php setcookie("UserName",$_SERVER['AUTH_USER'],time() + (60*60*24*7)); ?> as the first line in the file, then the rest of my code. So that it's the first thing run when navigating to the page.
If I leave the page up, but not active, and then come back does it reset the $_COOKIE? I was using var_dump to see what was there. When I don't get the Admin Menu, there is no result in the $_COOKIE array with the name of "UserName". It just goes away after a while even though I have it set to expire a week after being set.
Here's what I ended up having to do:
Before the rest of the code for the page:
<?php
if(isset($_COOKIE['UserName']))
{
setcookie("UserName",$_COOKIE['UserName'],time() + (60*60*24*7));
}
else
{
setcookie("UserName",$_SERVER['AUTH_USER'],time() + (60*60*24*7));
}
?>
That will determine it the $_COOKIE is already set for the UserName.
Then in the body of the HTML I have this:
<?php
$AdminUsers = array("CORP\User1","CORP\User2");
if (in_array($_SERVER['AUTH_USER'],$AdminUsers,TRUE) || in_array($_COOKIE['UserName'],$AdminUsers,TRUE))
{
include('AdminMenu.php');
}
else
{
include('Menu.php');
}
?>
The $AdminUsers is an array that holds the usernames of all the admins. Then I check to see if either $_SERVER['AUTH_USER'] or $_COOKIE['UserName'] matches one of the users in the array. So far I've been able to leave the page open for a whole weekend and still come back and refresh with the Admin Menu staying in place for me.