Snippet to check logged-in admin

john · May 30, 2021, 9:38pm

Hi folks

I have a snippet that checks whether the logged in user is an admin logged into the manager.

It has always worked fine on my sites but on one particular site it works on one page, and fails on another.

Here’s the code:

<?php
 
$continue = 0;

if ($disable==1) {
  $continue = 1;
}

if ($check=='get' && $_GET['admin']==1) {
  $continue = 1;
}
else
{
  if (($check=='ip'))
  {
    // only check if admin's IP is in system variable
    $ip = $modx->config['admin_ip'];
    
    if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
      $remote_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
      $remote_ip = $_SERVER['REMOTE_ADDR'];
    }
    
    if ($ip==$remote_ip)
    {
        $continue = 1;
    }
  }

  if ($check=='mgr')
  {
    
    if ($modx->user->isMember('Administrator')) { 
      log_info('admin', true); 
      $continue = 1;
    } else {
        log_info('not admin', true);
    }

  }

}
 
return $continue;

When I run this snippet on one page it outputs ‘admin’ just fine in the logfile, but on another page it outputs ‘not admin’.

Is $modx->user->isMember(‘Administrator’) breaking from one page to the next?

Any ideas?

markh · May 30, 2021, 9:48pm

Could there be a session issue, i.e. a different domain or path that the cookie isn’t configured for?

john · May 30, 2021, 9:50pm

That was it! Thanks Mark. I was launching the second page off of a link with www. The first page doesn’t have that.

bobray · May 31, 2021, 3:58am

To avoid future issues, you might want to “force” either www, or non-www in .htaccess by uncommenting the appropriate section.

john · May 31, 2021, 4:03pm

Thanks Bob, I usually do that but it wasn’t done on this site.