Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Web Programming > Adobe Web Programming > Dreamweaver (all versions)
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Dreamweaver (all versions) section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old June 9th, 2003, 01:00 AM
Registered User
 
Join Date: Jun 2003
Location: , , .
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Restrict Accewss to Page Behavior

I am using the Login user and Restrict access for page from the Dreamweaver MX server behaviors panel. Here is my code for the adminLogin.php page
<?php require_once('Connections/newsConn.php'); ?>
<?php
// *** Start the session
session_start();
// *** Validate request to log in to this site.
$auth_username=$_POST["auth_username"];
$auth_password=md5($_POST["auth_password"]);
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".$HTTP_SERVER_VARS['QUERY_STRING'];
if (isset($HTTP_POST_VARS['auth_username'])) {
  $FF_valUsername=$HTTP_POST_VARS['auth_username'];
  $FF_valPassword=$HTTP_POST_VARS['auth_password'];
  $FF_fldUserAuthorization="access_id";
  $FF_redirectLoginSuccess="admin/admin.php";
  $FF_redirectLoginFailed="indexMain.htm";
  $FF_rsUser_Source="SELECT auth_username, auth_password ";
  if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
  $FF_rsUser_Source .= " FROM author WHERE auth_username='" . $FF_valUsername . "' AND auth_password='" . $FF_valPassword . "'";
  mysql_select_db($database_newsConn, $newsConn);
  $FF_rsUser=mysql_query($FF_rsUser_Source, $newsConn) or die(mysql_error());
  $row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
  if(mysql_num_rows($FF_rsUser) > 0) {
    // username and password match - this is a valid user
    $MM_Username=$FF_valUsername;
    session_register("MM_Username");
    if ($FF_fldUserAuthorization != "") {
      $MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
    } else {
      $MM_UserAuthorization="";
    }
    session_register("MM_UserAuthorization");
    if (isset($accessdenied) && false) {
      $FF_redirectLoginSuccess = $accessdenied;
    }
    mysql_free_result($FF_rsUser);
    session_register("FF_login_failed");
    $FF_login_failed = false;
    header ("Location: $FF_redirectLoginSuccess");
    exit;
  }
  mysql_free_result($FF_rsUser);
  session_register("FF_login_failed");
  $FF_login_failed = true;
  header ("Location: $FF_redirectLoginFailed");
  exit;
}
?>

and here is the code from the admin.php page in the admin folder that I am restricting access to for only admin

<?php
// *** Restrict Access To Page: Grant or deny access to this page
$FF_authorizedUsers=" admin";
$FF_authFailedURL="../indexMain.htm";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
  if (false || !(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) || $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
    $FF_grantAccess = 1;
  }
}
if (!$FF_grantAccess) {
  $FF_qsChar = "?";
  if (strpos($FF_authFailedURL, "?")) $FF_qsChar = "&";
  $FF_referrer = $HTTP_SERVER_VARS['PHP_SELF'];
  if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && strlen($HTTP_SERVER_VARS['QUERY_STRING']) > 0) $FF_referrer .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
  $FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);
  header("Location: $FF_authFailedURL");
  exit;
}
?>

For some reason I can not make this authenticate. I have a feild in my author table called access_id with a value of admin in it and still this code kicks me to the indexMain.htm page every time.

Can someone help me with this.

JM
Reply With Quote
  #2 (permalink)  
Old June 9th, 2003, 06:11 AM
Imar's Avatar
Wrox Author
Points: 72,055, Level: 100
Points: 72,055, Level: 100 Points: 72,055, Level: 100 Points: 72,055, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,086
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi there,

Are you sure that your session mechanism is working correctly? I ran into this issue some time ago and had the same behavior that you described. It turned out that for each hit to the page, a new session was created. Checkout your temp / session folder and see if there are lots of temporary (session) files.

If there are, try out a few simple .php pages that start a session, and set some variables and see if you can get that to work correctly.

HtH,

Imar
Reply With Quote
  #3 (permalink)  
Old June 20th, 2003, 04:53 PM
Registered User
 
Join Date: Jun 2003
Location: , , .
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

You can use this code also to restrict access to protected pages:

<?php
(phpversion() > "4.0.6") ? $HTTP_SESSION_VARS = &$_SESSION:"";
if (($HTTP_SESSION_VARS["sessionvarname"]) == ("sessionvarvalue")) {
header("Location: login.php"); }
?>

J.S.
http://www.ultrasuite.com/
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
restrict to paste values only jcellens Excel VBA 1 July 18th, 2006 11:36 AM
how can i restrict the acessing except login page. ramana123 ASP.NET 1.0 and 1.1 Basics 0 August 17th, 2005 12:10 AM
Restrict elements guozhang XML 0 April 28th, 2004 02:26 PM
unexpected behavior from microsoft web page ronaldo11 C# 0 July 6th, 2003 09:33 AM



All times are GMT -4. The time now is 03:52 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.