Re: [psa-users] Drive Include Path Problem on new pages

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Peter Hiltz wrote:

>Output is:
>
>You do not have access rights to this content.
>page X
>Go to Page Y
>
>Obviously the fact that "page X" and "Go to Page Y" are shown is undesireable. 
>Browser source code indicates that "page X" and "Go to Page Y" are after the 
>closing </html> tag.
>
>Stepping through _restrict.php shows that on the viewing denied page, the 
>securityHeader() and  securityFooter() are called, and are output as part of 
>$PSA_OUTPUT.
>
>Then the remainder of the echo statements on pageX are called.
>
>My tentative reaction is that it looks as if _restrict.php is missing an 
>exit() call after the last call of securityFooter().
>  
>
That's right, it is... I am going to update CVS in a minute or two, but 
the end of the _restrict.php should look like:

    if(!$PSA_test && !$PSA_STOP_EXEC){
        if($PSA_DISPLAY_OUTPUT)
            securityHeader();

        echo $PSA_SYS->Error(); // Display Error

        if($PSA_DISPLAY_OUTPUT){
            securityFooter();
            exit();
        }
    }

    $PSA_OUTPUT=ob_get_contents();
    ob_end_clean();
    if($PSA_DISPLAY_OUTPUT)
        echo $PSA_OUTPUT;
?>

>However, I also don't think that I understand how the output buffering 
>functions work with respect to my code.   If my code needs to start getting 
>included in the buffering, with a test for whether the user has viewing 
>privileges, then I think I need to add more to each page (or function) than 
>just including the _restrict.php page. If so, this should be documented a bit 
>more for slow learners like me.  Or am I missing something else? 
>
I do need to create real documentation for the class and GUI, but I just 
haven't had the time to do it yet.  The way the output buffering is set 
up is so that you can use it as a standalone application as most people 
do. However, if you want to incorporate the GUI and/or login form into 
an existing framework, then setting  $PSA_DISPLAY_OUTPUT=FALSE; will 
allow you to use the $PSA_OUTPUT variable where ever you want to put it 
in your page.