how can I restrict user access on specific pages? (Drupal, php, FileMaker Pro 10)

Question

I am working on a website which already has user access set up so that only members who are logged in can see certain pages. Now i need to go in and make the access for logged in users more specific. So, anyone who logs in can see the site, but there are 2 pages (called PDQ and Comm Plus) that should only be accessed by users that have PDQ or Comm Plus access. I use a filemaker 10 database to keep track of user information. If the user has PDQ access, then PDQ=1 in the database. the website is coded in Drupal,php, and html.

So right now I have a good idea of what to do but there are some pieces missing and im not very familiar with drupal or filemaker. I need for the page to get the user information and see what the value of PDQ is in the database. If 1 then grant access to the page, and if 0 go to the access denied page.

Here is what I have so far

<?php require_once('DatabaseName');

global $user;
//looks at the current user
$use = $user->uid;

//Not sure what goes here. I need code that looks at the filemaker database to see
//what the value of PDQ is and then stores it in a variable.

if (!session_id()) session_start();
if (!isset($variableGoesHere) || $variableGoesHere == '0'){
  drupal_goto("access-denied");
  exit();
  }
?>

Any help would be greatly appreciated. Also, let me know if im on the right track or if I need to be looking somewhere else. Thanks!

Answer 1

First of all, using Drupal and not using the Drupal system to store info is a bad idea. If you use Drupal, you can use an external source to do the login, but your users should have a drupal user.

When your users are Drupal users things get a lot easier. You can use the Drupal access control system to check access etc.

If Drupal is serving the page, you should never write code like you have shown, hook_menu which is how you register paths has a access callback option, where you can handle your access, or you can just check if the user has a permission. This stuff only applies if you are doing the stuff in a custom module, which is what it seems like you are doing.

In any regard you should use the drupal_access_denied function if you want to return access denied yourself.

Answer 2

I figured this out a long time ago, but I never got around to answering the question. So heres what I did

    $WebAuth_find = $FILMAKER->newFindCommand('WebAccess');
$Search_findCriterions = array('Access::cntdPhoneNumberDisplayCalc'=>"==".$find,'Access::phoneType'=>"E-mail",'Access::phoneMain'=>"==1",'LoginAccess'=>'1');
foreach($Search_findCriterions as $key=>$value) {
    $WebAuth_find->AddFindCriterion($key,$value);
}
$WebAuth_Result = $WebAuth_find->execute();
if (FileMaker::isError($WebAuth_Result) && $WebAuth_Result->code == 401) {
                echo "FM ERROR CODE: ".$WebAuth_Result->code."<br>"."ERROR: ".$WebAuth_Result->getMessage();

This identifies the current user in the Filemaker database under the WebAccess layout. It throws an error message if there is a problem. Now that I am looking at the current user I have it look to see what is in the Comm Plus and PDQ fields in the database, and create a session to hold the information.

else{
 $FinalResult = current($WebAuth_Result->getRecords());

 $_SESSION['district']= $district;
 $PDQ = $FinalResult->getField('PDQ_subscription');
 $_SESSION['PDQ'] = $PDQ;
 $CommPlus = $FinalResult->getField('CommPlus_subscription');
 $_SESSION['CommPlus'] = $CommPlus;

Then I just add the following code to the top of whatever page I want to restrict access to. It looks at the session to see if the current user has credentials if not they are directed to the access denied page.

$PDQ_check = $_SESSION['PDQ'];
    if (!isset($PDQ_check) || $PDQ_check == '' || $PDQ_check == '0'){


       drupal_goto("access-denied");


    exit();


       }