Restrict Accewss to Page Behavior
I am using the Login user and Restrict access for page from the Dreamweaver MX server behaviors panel. Here is my code for the adminLogin.php page
<?php require_once('Connections/newsConn.php'); ?>
<?php
// *** Start the session
session_start();
// *** Validate request to log in to this site.
$auth_username=$_POST["auth_username"];
$auth_password=md5($_POST["auth_password"]);
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".$HTTP_SERVER_VARS['QUERY_STRING'];
if (isset($HTTP_POST_VARS['auth_username'])) {
$FF_valUsername=$HTTP_POST_VARS['auth_username'];
$FF_valPassword=$HTTP_POST_VARS['auth_password'];
$FF_fldUserAuthorization="access_id";
$FF_redirectLoginSuccess="admin/admin.php";
$FF_redirectLoginFailed="indexMain.htm";
$FF_rsUser_Source="SELECT auth_username, auth_password ";
if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
$FF_rsUser_Source .= " FROM author WHERE auth_username='" . $FF_valUsername . "' AND auth_password='" . $FF_valPassword . "'";
mysql_select_db($database_newsConn, $newsConn);
$FF_rsUser=mysql_query($FF_rsUser_Source, $newsConn) or die(mysql_error());
$row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
if(mysql_num_rows($FF_rsUser) > 0) {
// username and password match - this is a valid user
$MM_Username=$FF_valUsername;
session_register("MM_Username");
if ($FF_fldUserAuthorization != "") {
$MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
} else {
$MM_UserAuthorization="";
}
session_register("MM_UserAuthorization");
if (isset($accessdenied) && false) {
$FF_redirectLoginSuccess = $accessdenied;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = false;
header ("Location: $FF_redirectLoginSuccess");
exit;
}
mysql_free_result($FF_rsUser);
session_register("FF_login_failed");
$FF_login_failed = true;
header ("Location: $FF_redirectLoginFailed");
exit;
}
?>
and here is the code from the admin.php page in the admin folder that I am restricting access to for only admin
<?php
// *** Restrict Access To Page: Grant or deny access to this page
$FF_authorizedUsers=" admin";
$FF_authFailedURL="../indexMain.htm";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
if (false || !(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) || $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
$FF_grantAccess = 1;
}
}
if (!$FF_grantAccess) {
$FF_qsChar = "?";
if (strpos($FF_authFailedURL, "?")) $FF_qsChar = "&";
$FF_referrer = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && strlen($HTTP_SERVER_VARS['QUERY_STRING']) > 0) $FF_referrer .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
$FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);
header("Location: $FF_authFailedURL");
exit;
}
?>
For some reason I can not make this authenticate. I have a feild in my author table called access_id with a value of admin in it and still this code kicks me to the indexMain.htm page every time.
Can someone help me with this.
JM
|