Wrox Programmer Forums
|
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Dreamweaver (all versions) section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 9th, 2003, 01:00 AM
Registered User
  
Join Date: Jun 2003
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Restrict Accewss to Page Behavior
I am using the Login user and Restrict access for page from the Dreamweaver MX server behaviors panel. Here is my code for the adminLogin.php page
<?php require_once('Connections/newsConn.php'); ?>
<?php
// *** Start the session
session_start();
// *** Validate request to log in to this site.
$auth_username=$_POST["auth_username"];
$auth_password=md5($_POST["auth_password"]);
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".$HTTP_SERVER_VARS['QUERY_STRING'];
if (isset($HTTP_POST_VARS['auth_username'])) {
  $FF_valUsername=$HTTP_POST_VARS['auth_username'];
  $FF_valPassword=$HTTP_POST_VARS['auth_password'];
  $FF_fldUserAuthorization="access_id";
  $FF_redirectLoginSuccess="admin/admin.php";
  $FF_redirectLoginFailed="indexMain.htm";
  $FF_rsUser_Source="SELECT auth_username, auth_password ";
  if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
  $FF_rsUser_Source .= " FROM author WHERE auth_username='" . $FF_valUsername . "' AND auth_password='" . $FF_valPassword . "'";
  mysql_select_db($database_newsConn, $newsConn);
  $FF_rsUser=mysql_query($FF_rsUser_Source, $newsConn) or die(mysql_error());
  $row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
  if(mysql_num_rows($FF_rsUser) > 0) {
    // username and password match - this is a valid user
    $MM_Username=$FF_valUsername;
    session_register("MM_Username");
    if ($FF_fldUserAuthorization != "") {
      $MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
    } else {
      $MM_UserAuthorization="";
    }
    session_register("MM_UserAuthorization");
    if (isset($accessdenied) && false) {
      $FF_redirectLoginSuccess = $accessdenied;
    }
    mysql_free_result($FF_rsUser);
    session_register("FF_login_failed");
    $FF_login_failed = false;
    header ("Location: $FF_redirectLoginSuccess");
    exit;
  }
  mysql_free_result($FF_rsUser);
  session_register("FF_login_failed");
  $FF_login_failed = true;
  header ("Location: $FF_redirectLoginFailed");
  exit;
}
?>

and here is the code from the admin.php page in the admin folder that I am restricting access to for only admin

<?php
// *** Restrict Access To Page: Grant or deny access to this page
$FF_authorizedUsers=" admin";
$FF_authFailedURL="../indexMain.htm";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
  if (false || !(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) || $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" || strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
    $FF_grantAccess = 1;
  }
}
if (!$FF_grantAccess) {
  $FF_qsChar = "?";
  if (strpos($FF_authFailedURL, "?")) $FF_qsChar = "&";
  $FF_referrer = $HTTP_SERVER_VARS['PHP_SELF'];
  if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && strlen($HTTP_SERVER_VARS['QUERY_STRING']) > 0) $FF_referrer .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
  $FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);
  header("Location: $FF_authFailedURL");
  exit;
}
?>

For some reason I can not make this authenticate. I have a feild in my author table called access_id with a value of admin in it and still this code kicks me to the indexMain.htm page every time.

Can someone help me with this.

JM
 
Old June 9th, 2003, 06:11 AM
Imar's Avatar
Wrox Author
  
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default
Hi there,

Are you sure that your session mechanism is working correctly? I ran into this issue some time ago and had the same behavior that you described. It turned out that for each hit to the page, a new session was created. Checkout your temp / session folder and see if there are lots of temporary (session) files.

If there are, try out a few simple .php pages that start a session, and set some variables and see if you can get that to work correctly.

HtH,

Imar
 
Old June 20th, 2003, 04:53 PM
Registered User
  
Join Date: Jun 2003
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default
You can use this code also to restrict access to protected pages:

<?php
(phpversion() > "4.0.6") ? $HTTP_SESSION_VARS = &$_SESSION:"";
if (($HTTP_SESSION_VARS["sessionvarname"]) == ("sessionvarvalue")) {
header("Location: login.php"); }
?>

J.S.
http://www.ultrasuite.com/





Similar Threads
Thread Thread Starter Forum Replies Last Post
restrict to paste values only jcellens Excel VBA 1 July 18th, 2006 11:36 AM
how can i restrict the acessing except login page. ramana123 ASP.NET 1.0 and 1.1 Basics 0 August 17th, 2005 12:10 AM
Restrict elements guozhang XML 0 April 28th, 2004 02:26 PM
unexpected behavior from microsoft web page ronaldo11 C# 0 July 6th, 2003 09:33 AM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.