Restricted access to confidential documents in DMS

Hello Gurus,
Need your expert guidance on the following requirement.
The requirement is to restrict the access of the document to users like Author, Reviewer and Approver, for all the documents.
I am confused which authorization object will work in my case and what settings I've to maintain for this.
Authorization Object C_DRAW_BGR u2014 Authorization Group
Authorization Object C_DRAW_DOK u2014 Document Access
Authorization Object C_DRAW_TCD u2014 Activities for Documents
Say I am having document types to us those are confidential.
ABC (finance docs)
LMN (Legal docs)
XYZ (design docs)
We want to allow only the users who are having below roles.
DMS_APPROVER
DMS_REVIEWER
For rest of the user we don't want to allow change/display acccess to the above documents.
Please guide me how to proceed, what need to be done.
Regards,
Ganesh

Hello Ravindra/DMS Gurus,
Sorry, but still my requirement is not met.
Actually our business scenario is as below:
Say there is a special document Type APR (Employee appraisal document)
And for 5 different employee created (Authors) the document giving their self-inputs.
Now these employee are assigned to say 3 different Supervisors (Reviewers) and one Manager (Approver)
{Author; Reviewer and Approver are maintained in Additional Data of the document.}
So each document will have a Reviewer and Approver assigned along with the Author.
Our requirement is to restrict the access of these 5 documents to the Employees (Authors), so that none of these employee can view each others document. And allow display/change to respective Supervisor (Reviewer) and Manager (Approver) only.
We need to restrict document access based on the above scenario
After checking, I think using authorization object the above requiremment can not be met. Can we use any user exit?
Your valuable comments are appreciated.
Regards,
Ganesh
Edited by: ganesh sarasvati on Aug 12, 2010 5:35 PM
Edited by: ganesh sarasvati on Aug 12, 2010 5:37 PM

Similar Messages

Restrict access to bw_metadata documents in WAD NW04S

Dear All,
We are deploying a new reporting and analysis application on NW04S BI.
In this application we set in a toolbar an access to some help documentation that are stored in KM as bw_metadata documents for the concerned web template (command OPEN_DIALOG_DLG_DOC_BROWSER).
But the problem is that every one is able to create, change and delete these documents !
I would like to restrict the access to these documents only in read for everyone and change for some power users.
In the permissions in KM, i cannot change access on this repository.
Did someone have an idea on how to change these permissions/authorizions ?
Thanks in advance for your suggestions.
Fred.

Fred,
sorry about that did not see the KM part...
help.sap.com still talks about setting up the BI document repository on the portal and not about KM when I did a search for OPEN_DIALOG_DLG_DOC_BROWSER ,
http://help.sap.com/saphelp_nw04s/helpdata/en/43/17348cfa923614e10000000a422035/content.htm
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/0901c9bb-0601-0010-49ab-c1770c527673
The WEB API does not seem to make a distinction betweek KM and the BDS . and not much given on single document..... maybe the single document is worth a try....
Arun
Hope it helps...
P.S BTW is the WEB API for 7.0 documented anywhere ? not able to find the same .. keep running into the 3.x version ....

Problem restricting access to additional document directory

Hi,
Plattform: Win2K + iPlanet 6sp6
I'm having a bit of a problem setting restrictions on an addtional document directory (the "manual" directory is a good example).
I have a couple of virtual servers.
I do not want to use .htaccess.
Is it at all possible ?
any pointers ?
Best wishes,
B.L

Is it possible?Yes.
Any pointers?Umm. Use the "Restrict Access" screen to select the directory you want to restrict, and then set the permissions for it.
Without knowing what kind sof problems you're having we can't really make any recommendations.
Are you following the instructions in the Admin Guide?

Restrict Access to Confidential Accounts

Hi All,
I would like to disable access for certain users so that they would not be able to view Confidential Accounts.
I went into User Authorisations - General - Access to Confidential Accounts - and granted NO AUTHORISATION
However they are still able to quote the GL ACCOUNT and perform a Search on it and view the related transactions.
Any ideas of how I can disable total access of such accounts?
Thanks.

Hi!
Mark that particular Account as Confidential and set Authorization for the same.

Sharepoint 2010 restrict access to a document library unless loggin to domain

Have a requirement that has stumped me for awhile. we have a Sharepoint 2010 site that has some document libraries that have to be setup to ONLY allow users that are loggin to the domain to be able to access those libraries.
We are currently using active directory to authenicate user on login. and use active directory security groups for site, page and library access.
Any ideas if this is possible and if so where to start?

the easy answer: nothing built in can do that.
options can include: custom dev (potentially lots of it), "intelligent" app firewalls/proxies... but the practical answer is to either trust users with information, or disable public access (thus SP would *only* be accessible via LAN / VPN routing)
Scott Brickey
MCTS, MCPD, MCITP
www.sbrickey.com
Strategic Data Systems - for all your SharePoint needs

CHARM - Restrict access to other documents

Dear All,
When Change manager approves the CR & assign the developer, mail will trigger to developer & he will starts development, thats ok. If the ticket is not assigned to me and if i tried to open the UC, system should not allow me to open that ticket itself. How can we do this ? If my BP number is not assigned in that ticket, system should not allow me to open the ticket, is this possible ?
regds,
CB

Hello Kallumama
you have two different options to achieve this:
- first one is playing in CRMBS02 with the authorization codes. As a result, people will have access to tickets according to user status of ticket and not according to who the ticket is assigned to
- second one (and maybe better for you) is BAdI crm_order_auth_check. Thanks to MF 'CRM_ORDER_READ' you retrieve who is assigned to your ticket, then thank to a specific MF or to a Z evaluation path you ll have to get the BP assigned to SAP User who is trying to access to ticket; after comparaison if first is different from second then write an error message. That will not authorize User access in change mode to ticket !
Regards,
Khalil

How to restrict read access to certain document in stellent content server

Hi,
We are using stellent content server to store project documents. We would like to restrict access to certain confidential documents.
Users with Read / Write permission should not be able to access but admins with RWDA permission should be able to access these confidential documents.
Appreciate your inputs on this.
Thanks,
Nayana

Without seeing your setup and environment its a bit hard..
But...
Make sure that user has read only access to public security group.
You could setup an addition role with readOnly access and apply it those users.
Or restrict there account to have Read only access.
Remember if the user has Admin access on the Account but only readonly access on the security group then they will only have read only access on the files and visa versa.. :)
J.
Message was edited by:
JRS

Best way to restrict access to documents (outside of the group or library level)

Hi, we're thinking of implementing SharePoint Server 2013 Standard Edition for our organization. Many of our employees are research scientists working on proprietary information. From the (admittedly little) I understand about SharePoint, if a user wants
to restrict access to a particular document to the 2 or 3 people with whom they're collaborating (and also have it not appear in the search results), they will have to email their power user to request that a new document library be created in which they can
store their documents. Is that correct? In this case, what is the best way to handle item-level permissions? Users absolutely want to have the freedom to restrict access to their documents themselves rather than being forced to go to their power user. Thanks.

Hi,
Per my knowledge, if you want to restrict access to the documents to some users, then you need to have Manage Permissions permission to modify other users’ permission on the documents.
If you do not have the Manage Permissions permission, I recommend to ask the site administrator to create a workflow as below to remove the corresponding users’ permission on the documents which you uploaded. You can start the workflow on the document you
upload and then the permission of the users set on the workflow will be removed from the document.
Best regards.
Thanks
Victoria Xia
TechNet Community Support

Restricted access to attachments in SRM 7.0 web applications

Hi,
We have a very specific problem regarding the handling of attachments with SRM 7.0 web applications. The system is configured to use ArchiveLink for storing documents on a remote content server, which is working fine.
Now we have a requirement which should restrict access to certain documents to specific user groups. As an example you could say that a Purchase order has (besides others) two documents attached, e.g.
- signed contract
- meeting minutes
The contract should only be visible to a limited number of people, whereas the Meeting Minutes are accessible to everybody.
Our problem is that apparently only one Content Category ("BBPFILESYS") is used by the SRM web applications for an upload. When granting authorizations on this content category, we cannot distinguish between contracts and meeting minutes anymore.
Comparing this with the config in ECC we can freely define document types which can be used in AUTH profiles. Is there any similar solution that can be used in SRM 7.0?
Any help would be greatly appreciated.
Cheers,
Mark

Hello,
Have a look at note 1334202. It provides some inputs.
Regards,
Ricardo

Access Restriction of some confidential DMS documents.

Hello Gurus,
I need your expert guidance on the following requirement.
The requirement is to restrict the access of the document to users like Author, Reviewer and Approver for the following business scenario:
Say there is a special document Type APR (Employee appraisal document)
And for 5 different employee created (Authors) the document giving their self-inputs.
Now these employee are assigned to say 3 different Supervisors (Reviewers) and one Manager (Approver)
{Author; Reviewer and Approver are maintained in Additional Data of the document.}
So each document will have a Reviewer and Approver assigned along with the Author.
Our requirement is to restrict the access of these 5 documents to the Employees (Authors), so that none of these employee can view each others document. And allow display/change to respective Supervisor (Reviewer) and Manager (Approver) only.
We need to restrict document access based on the above scenario
After checking, I think using authorization object the above requiremment can not be met. Can we use any user exit?
Thanks in advance!
Regards,
Ganesh

Hi Ganesh,
This can be achived with help of two objects C_DRAW_DOKST and C_DRAW_BGR.
Take help from basis and make roles with having the status and authorizations groups maintained as per your requirement so that they can't access each other's documents. Make a authorization groups for type of documents and give them authorizations to specific status. This is totally maintained in roles and assign these roles to users.
I hope this will reslve the query.
Regards,
Ravindra

Best practice for securing confidential legal documents in DMS?

We have a requirement to store confidential legal documents in DMS and are looking at options to secure access to those documents. We are curious to know. What is the best practice? And how are other companies doing it?
TIA,
Margie
Perrigo Co.

Hi,
The standard practice for such scenarios is to use 'authorization' concept.You can give every user to use authorization to create,change or display these confidential documents. In this way, you can control access authorization.SAP DMS system monitors how you work, and prevents you from displaying or changing originals if you do not have the required authorization.
The below link will provide you with an improved understanding of authorization concept and its application in DMS
http://help.sap.com/erp2005_ehp_04/helpdata/en/c1/1c24ac43c711d1893e0000e8323c4f/frameset.htm
Regards,
Pradeepkumar Haragoldavar

Check in new documents in DMS with specific access permissions

Hi,
we have an RFC which creates new documents in DMS.
This calls one after another these FBs:
- CVAPI_DOC_CREATE
- CVAPI_DOC_CHECKIN
- BAPI_DOCUMENT_CHANGE2 for a additional classification of the new document
Now we have a new request from our customer: to give the document specific access permissions.
We try the following:
- manually check in a document template with the necessary permissons.
- the permissions are given in a classification ("O,MW-T-D*,IB,02/03/52/53")
- This is named "authority characteristic" and is checked somewhere else, I do not really know how this works in detail ( but it works)
- check in a new document with a reference to the template and in expectation that the new document has the same classification and therefore the same access permissions
- If I do this manually in CV03N is does work
- We do this with CVAPI_CHECK_IN_WITH_TEMPLATE - but this FB does not copy the classification ( only the description and the attached original documents , and the documentnumber of the new document is an mandatory parameter which is not allowd in our case since we use internal creation of document numbers)
My question is: Is this a possible way to create new documents with specific permissions
Is there a possibility to give the permissions to the documenttype instead of give them to every single document of this documenttype ?
Thanks
Kerstin

My guess is that at some point you propagated the ACL entry for "everyone deny delete" to all your folders and sub-folders and their contents by selecting Apply to All in a GetInfo window. Try doing a search in the Leopard forums for
ACL chmod
and you'll find a whole raft of discussions about the problem and suggestions for fixes.
Francine
Francine
Schwieder

Restrict access to bid invitation cFolder documents

SRM Experts,
I have a requirement to restrict access to bid invitation cFolder documents.
Here is the scenario:
Buyer1 creates a bid invitation and a cFolder. We do not want any other buyers within our organization to access this bid invitation cFolder.
How can this be achived?
At this time, if a buyer (ex: Buyer2) has access to create a bid invitation or view a bid invitation, the system is automatically gives Buyer2 access to cFolder created by Buyer1.
This needs to be restricted, any advice would be appreciated.
Note: BADI BAdI BBP_CFOLDER_BADI is already deactivated in the system
Please let me know if you have any ideas.
Thanks

Hi,
You can restrict the access through Product categories in the PPOMA_BBP for each user .
So that he can create Bid invitation only to that product category..
please check this link
you can find the customization guide for Cfolders on
https://websmp202.sap-ag.de/~form/sapnet?_FRAME=CONTAINER&_OBJECT=011000358700007402242002E
Please check with SAP PLM consultant . You can controlled through Authorisation role
This is the role used :User
- Role name: SAP_CFX_USER
Better check with the above link
Regards
G.Ganesh Kumar

Access to appraisal document via ESS is restricted by status

Our requirement is for the appraisee to record their objectives (via ESS) and then select a 'To Manager' pushbutton to send a workflow to the manager requesting them to approve the objectives. The problem is that once the workflow has gone to the manager the appraisee cannot access the appraisal document until the manager has approved the objectives and the appraisal status has changed from 'In Planning' to 'In Process'. How can the appraiser view the appraisal document (via ESS) whilst it has the status In Planning?
We also have a similar issue later in the process. When the appraisee selects the <Close Part Appraisal> pushbutton to signify that they have completed their self appraisal the appraisal document has status In Process. The appraisee cannot access the appraisal (via ESS) until the appraiser also completes their part appraisal and sets the status to Completed. Is there a setting to allow the appraisee to have read access to the document during this part of the process?
Thanks and regards,
Janet

Hi again Maurice.
Once the appraisal status has been set to 'Completed' the appraisee needs to Accept or Reject the appraisal but the appraisal now appears as display only (both in ESS and ECC). We are using BSP documents_received.htm for ESS
The 'Accept' and 'Reject' pushbuttons are not active in ESS
The 'Accept' and 'Reject' pushbuttons are active in ECC and update the appraisal status as required. However if the appraisal is rejected and the status is set back to 'In Process' the appraisal document is still display only.
Any ideas?

Restrict Access To Page Not Working with Different Auth Levels

I have just started playing with the idea of using different auth levels to allow different users access to certain pages on my site.
Within my SQL database I have a authlevel table consisting of 3 possible levels (guest, user, admin)
I am using the Dreamweaver "Log in user" to log in users based on username, pass, and auth level and "Restrict access to page" set to allow user levels 'user' and 'admin'.
The problem, however, occurs when trying to log in. No matter what auth level I try I am redirected to my page where users should be redirected if they are not allowed to enter that page.
I have included below my code from my login page and the page where all authorized users (user and admin) should be directed upon entering the restricted area.
Login Page:
<?php require_once('../Connections/hondovfd.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
return $theValue;
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "authlevel";
$MM_redirectLoginSuccess = "/membersonly/membersonly.php";
$MM_redirectLoginFailed = "/membersonly/loginfailed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_hondovfd, $hondovfd);
$LoginRS__query=sprintf("SELECT username, password, authlevel FROM login WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $hondovfd) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
    $loginStrGroup = mysql_result($LoginRS,0,'authlevel');
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;
    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
    header("Location: " . $MM_redirectLoginSuccess );
else {
    header("Location: ". $MM_redirectLoginFailed );
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Log In</title>

<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />

<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
    <ul>
      <li><a href="/people.php">Our People</a></li>
      <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
      <li><a href="/medical.php">Medical</a></li>
      <li><a href="/apparatus.php">Apparatus</a></li>
      <li><a href="/training.php">Training</a></li>
      <li><a href="/volunteer.php">Volunteer</a></li>
      <li><a href="/statistics.php">Statistics</a></li>
      <li><a href="/patchtrading.php">Patch Trading</a></li>
    </ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
</div>
<div id="sidebar2">
    <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
    <p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="60%">EMS Calls</td>
    <td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
    <td>Fire Calls</td>
    <td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
    <div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
    new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
     
</div>

<div id="mainContent">
<div class="top"></div><div class="wrap">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td height="47" class="h2">Members Only Login</td>
</tr>
<tr>
    <td><form ACTION="<?php echo $loginFormAction; ?>" id="login" name="login" method="POST">
    <table width="40%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="31%">Username:</td>
    <td width="69%"><input name="username" type="text" /></td>
</tr>
<tr>
    <td>Password</td>
    <td><input name="password" type="password" /></td>
</tr>
</table>
<input name="Submit" type="submit" />
    </form></td>
</tr>
</table>

</div>
<div class="bottom"></div>
</div>
      <br class="clearfloat" />
<div id="footer">
    <p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
</div>
</div>
<script type="text/javascript">

</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
</html>
Other Page:
<?php
if (!isset($_SESSION)) {
session_start();
$MM_authorizedUsers = "user,admin";
$MM_donotCheckaccess = "false";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
      $isValid = true;
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
      $isValid = true;
    if (($strUsers == "") && false) {
      $isValid = true;
return $isValid;
$MM_restrictGoTo = "/membersonly/loginfailed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Members Only Area</title>

<meta name="description" content="Hondo Fire and Rescue serves the Arroyo Hondo and Canada Village areas of Santa Fe County, NM." />
<meta name="keywords" content="hondo, hondo fire, hondo vfd, hondo fire department, santa fe county fire department, santa fe county, volunteer fire department, hondo volunteer fire department" />
<link href="../stylesheet.css" type="text/css" rel="stylesheet" />

<script src="../SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="../SpryAssets/SpryMenuBarVertical.css" rel="stylesheet" type="text/css" />
</head>
<body class="thrColLiqHdr">
<div id="container">
<div id="header"></div>
<div id="sidebar1">
<h3>Navigation : </h3>
<ul id="MenuBar1" class="MenuBarVertical">
<li><a href="/index.php">Home</a></li>
<li><a href="/support.php">Support Hondo</a></li>
<li><a class="MenuBarItemSubmenu" href="#">Information Menu</a>
    <ul>
      <li><a href="/people.php">Our People</a></li>
      <li><a href="http://www.google.com/maps/ms?ie=UTF8&hl=en&msa=0&msid=101620713606637979698.00045b6ead4ab4ea70b78&z=11" target="_blank">Response Area</a></li>
      <li><a href="/medical.php">Medical</a></li>
      <li><a href="/apparatus.php">Apparatus</a></li>
      <li><a href="/training.php">Training</a></li>
      <li><a href="/volunteer.php">Volunteer</a></li>
      <li><a href="/statistics.php">Statistics</a></li>
      <li><a href="/patchtrading.php">Patch Trading</a></li>
    </ul>
</li>
<li><a href="/album.php">Photo Gallery</a></li>
<li><a href="/calendar.php">Calendar</a></li>
<li><a href="/news.php">Blog/News</a></li>
<li><a href="/links.php">Links</a></li>
<li><a href="/contact.php">Contact Us</a></li>
</ul>
<br />
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<span class="lefttext">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="8567201">
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!" />
<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">
</img></input></input>
</span>
</form>
<span class="lefttext"><br />
</span>
<center>
<span class="lefttext"><a href="http://www.facebook.com/pages/Santa-Fe-NM/Hondo-Volunteer-Fire-Department/74284233488" target="_blank" class="lefttext">Hondo VFD on Facebook</a></span>
</center>
</div>
<div id="sidebar2">
    <p><a href="/membersonly/login.php">Log In</a> | <a href="/membersonly/logout.php">Log Out</a></p>
    <p>Call Statistics for <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/month.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?> as of <?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/date.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td width="60%">EMS Calls</td>
    <td width="40%"><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/emscalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
<tr>
    <td>Fire Calls</td>
    <td><?php
$myFile = "/var/home/hondovfd/hondovfd.org/www/membersonly/firecalls.txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
echo $theData;
?></td>
</tr>
</table>
<hr />
    <div id="cse" style="width:100%;">Loading</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
<script type="text/javascript">
google.load('search', '1');
google.setOnLoadCallback(function(){
    new google.search.CustomSearchControl().draw('cse');
}, true);
</script>
     
</div>

<div id="mainContent">
<div class="top"></div><div class="wrap">
    <table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
    <td height="47" class="h2">Members Only Area</td>
</tr>
<tr>
    <td><p><a href="/membersonly/documents.php">Useful Documents</a></p>
      <p><a href="/membersonly/IncidentCount01_08.pdf">Current Call Statistics</a> as of 9/3/09</p>
      </td>
</tr>
</table>
<script type="text/javascript">

</script>
</div>
<div class="bottom"></div>
</div>
      <br class="clearfloat" />
<div id="footer">
    <p align="center">© Copyright 2009 Hondo Volunteer Fire Department | <a href="mailto:[email protected]">Contact Us</a><a href="http://www.legalhelpers.com/chapter-13-bankruptcy/chapter13.html"></a><br />Hosting provided by <a href="http://studiox.com/" target="_blank">Studio X</a></p>
</div>
</div>
<script type="text/javascript">

</script>
<?php include_once("/var/home/hondovfd/hondovfd.org/www/analyticstracking.php"); ?>
</body>
</html>

you don't need all that bloat. set a session during login of some kind of uniquely identifying id. i.e.
$_SESSION['id'] = $row_rs['id'];
then on the pages you need to protect, check it like this....
<?php
session_start();
if (!(isset($_SESSION['id']) && $_SESSION['id'] != '')) {
die(header("Location: http://www.notinprotectedareas.com")); }
?>
you can use an include file i.e.
<?php require_once('login_check.php'); ?>
where file is name login_check.php to make your auth controls clean on your protected pages.

Restricted access to confidential documents in DMS

Similar Messages

Maybe you are looking for