Thanks Jason,
I was initially looking for when output was being sent to the browser, but when I saw that was being altered, I used the variable and concatenated values to it to see when code was being fired. I thought it more efficient since exit stops execution and so I would have to move that around to test each stopping point.
So now my admin template has:
<?php require_once("../admin/security.php"); ?>
and the file security.php has the code:
if (!isset($_SESSION)) {
session_start();
}
require_once( $_SERVER['DOCUMENT_ROOT']."/webassist/security_assist/helper_php.php" );
// If not the login page, check permissions
if ($_SERVER['PHP_SELF'] != "/admin/index.php") {
if (!WA_Auth_RulePasses("Administrator")){
WA_Auth_RestrictAccess("/admin/index.php");
}
}
I didn't trust that paths would be adjusted in this file, and that seems to work perfectly.
Administrator is the minimum qualification and other rules determine menu items and show regions for other access, so one file allows me adjust the security of the entire admin site while using FWB.
Other uses might include arrays or session values that should be included on all pages.
It may be an unforeseen benefit, but I think the ability to template header code is a big advantage with FWB.
It seems the FWB code comes out in a variety of places in the header and sometimes is in its own code block and sometimes not, but it does seem to tend towards the bottom of the code. I would like to see it weighted to be at the top of the code for this purpose since any global code on the template tends to be code to run first.
Thanks again.
