I am using the Login user and Restrict access for page from the Dreamweaver MX server behaviors panel. Here is my code for the adminLogin.php page
<?php require_once('Connections/newsConn.php'); ?>
<?php
// *** Start the session
session_start();
// *** Validate request to log in to this site.
$auth_username=$_POST["auth_username"];
$auth_password=md5($_POST["auth_password"]);
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".$HTTP_SERVER_VARS['QUERY_STRING'];
if (isset($HTTP_POST_VARS['auth_username'])) {
  $FF_valUsername=$HTTP_POST_VARS['auth_username'];
  $FF_valPassword=$HTTP_POST_VARS['auth_password'];
  $FF_fldUserAuthorization="access_id";
  $FF_redirectLoginSuccess="admin/admin.php";
  $FF_redirectLoginFailed="indexMain.htm";
  $FF_rsUser_Source="SELECT auth_username, auth_password ";
  if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
  $FF_rsUser_Source .= " FROM author WHERE auth_username='" . $FF_valUsername . "' AND auth_password='" . $FF_valPassword . "'";
  mysql_select_db($database_newsConn, $newsConn);
  $FF_rsUser=mysql_query($FF_rsUser_Source, $newsConn) or die(mysql_error());
  $row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
  if(mysql_num_rows($FF_rsUser) > 0) {
    // username and password match - this is a valid user
    $MM_Username=$FF_valUsername;
    session_register("MM_Username");
    if ($FF_fldUserAuthorization != "") {
      $MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
    } else {
      $MM_UserAuthorization="";
    }
    session_register("MM_UserAuthorization");
    if (isset($accessdenied) && false) {
      $FF_redirectLoginSuccess = $accessdenied;
    }
    mysql_free_result($FF_rsUser);
    session_register("FF_login_failed");
    $FF_login_failed = false;
    header ("Location: $FF_redirectLoginSuccess");
    exit;
  }
  mysql_free_result($FF_rsUser);
  session_register("FF_login_failed");
  $FF_login_failed = true;
  header ("Location: $FF_redirectLoginFailed");
  exit;
}
?>

and here is the code from the admin.php page in the admin folder that I am restricting access to for only admin

<?php
// *** Restrict Access To Page: Grant or deny access to this page
$FF_authorizedUsers=" admin";
$FF_authFailedURL="../indexMain.htm";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
  if (false || !(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) || $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
    $FF_grantAccess = 1;
  }
}
if (!$FF_grantAccess) {
  $FF_qsChar = "?";
  if (strpos($FF_authFailedURL, "?")) $FF_qsChar = "&";
  $FF_referrer = $HTTP_SERVER_VARS['PHP_SELF'];
  if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && strlen($HTTP_SERVER_VARS['QUERY_STRING']) > 0) $FF_referrer .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
  $FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);
  header("Location: $FF_authFailedURL");
  exit;
}
?>

For some reason I can not make this authenticate. I have a feild in my author table called access_id with a value of admin in it and still this code kicks me to the indexMain.htm page every time.

Can someone help me with this.

JM

Hi there,

Are you sure that your session mechanism is working correctly? I ran into this issue some time ago and had the same behavior that you described. It turned out that for each hit to the page, a new session was created. Checkout your temp / session folder and see if there are lots of temporary (session) files.

If there are, try out a few simple .php pages that start a session, and set some variables and see if you can get that to work correctly.

HtH,

Imar

You can use this code also to restrict access to protected pages:

<?php
(phpversion() > "4.0.6") ? $HTTP_SESSION_VARS = &$_SESSION:"";
if (($HTTP_SESSION_VARS["sessionvarname"]) == ("sessionvarvalue")) {
header("Location: login.php"); }
?>

J.S.
http://www.ultrasuite.com/