• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Check user/user group permissions in php

RichardKYA

Well-known member
#1
How can I check if a user (not visitor) has a certain permission in an external php file?

For example, check if a user (not visitor) has permission to upload an avatar?

How would I be able to do that in php?

Thank you for any help :)
 

wang

Well-known member
#4
First you must initialise xenforo 's framework in your external script. And enter the full path to your forum for the $fileDir variable.

PHP:
<?php

$startTime = microtime(true);
$fileDir = '/full_path_to_your_forum';

require($fileDir . '/library/XenForo/Autoloader.php');
XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library');

XenForo_Application::initialize($fileDir . '/library', $fileDir);
XenForo_Application::set('page_start_time', $startTime);

XenForo_Session::startPublicSession();

$visitor = XenForo_Visitor::getInstance()->toArray();

?>
Then you declare the $visitor variable which will give you access to all its records.

Then you check for permissions like this:

PHP:
if($visitor->hasPermission('avatar', 'allowed'))
{
   //your code
}
 

wang

Well-known member
#6
Thank you both for your responses

@wang - Can that method be used for the $user variable as well?
You can use the $visitor array. It is the same thing. E.g, you can get users names with $visitor['username']. What member information do you want to display btw?
 

RichardKYA

Well-known member
#7
You can use the $visitor array
Unless I'm misunderstanding something in your reply, I thought $visitor will give you the visitor info (eg: The member viewing the site) and $user will give you the user info (eg: Other members using the site, including the visitor also).

Example: If I was viewing your profile page, you would be $user and I would be $visitor, but if I was viewing my own profile page, I will be referred to as both $visitor and $user. OR if I was viewing a page like "Notable Members - Most Likes" - I would be $visitor and $user, and everyone else would also be $user - this is what i want, $user, so that I can check all $users on the page and not just me, $visitor.

What I want to do is check if $users have a certain permission, for example: permission to upload an avatar, have a custom user title or signature.

Using the helperAvatarUrl as an example...

Code:
public static function helperAvatarUrl($user)
   {
    if($user->hasPermission('avatar', 'allowed')) {
          Do this
    }else{
           Do that
    }
   }
...but if I do this...

Code:
public static function helperAvatarUrl($visitor)
   {
     $visitor = XenForo_Visitor::getInstance()->toArray();

    if($visitor->hasPermission('avatar', 'allowed')) {
          Do this
    }else{
           Do that
    }
   }
...won't that just check my permissions?


Thank you for help :)