Forum Moderators: coopster
I just cannot get the access level to work at all. I have used the 'restrict access to page' on the pages in question, specifying my two levels of access - 'board' and 'user. It either lets everyone in regardless or lets no one in. I have followed two different tutorials on this and nothing seems to work. Where am I going wrong? It should be easy! Ha!
thanks
I suspect most people reading here don't know much about Dreamweaver's PHP Behaviors. you might try either asking the question on the wysiwyg forum or telling a little bit more about how it's authenticating users.
Do you have it set up so that every page includes some sort of header that checks access privileges?
Are you then keeping track of the userid and access_level via sessions?
Tom
<?php require_once('Connections/myconnection.php');?><?php
// *** Validate request to login to this site.
session_start();
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "access_level";
$MM_redirectLoginSuccess = "board_area/index.php";
$MM_redirectLoginFailed = "login_failed.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_myconnection, $myconnection);
$LoginRS__query=sprintf("SELECT username, password, access_level FROM users WHERE username='%s' AND password='%s'",
get_magic_quotes_gpc()? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc()? $password : addslashes($password));
$LoginRS = mysql_query($LoginRS__query, $myconnection) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'access_level');
//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;
//register the session variables
session_register("MM_Username");
session_register("MM_UserAuthorization");
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
and each page has this:
<?php
// *** Restrict Access To Page: Grant or deny access to this page
$FF_authorizedUsers=" board";
$FF_authFailedURL="../fund_investors/fund_investors1.php";
$FF_grantAccess=0;
session_start();
if (isset($HTTP_SESSION_VARS["MM_Username"])) {
if (true ¦¦!(isset($HTTP_SESSION_VARS["MM_UserAuthorization"])) ¦¦ $HTTP_SESSION_VARS["MM_UserAuthorization"]=="" ¦¦ strpos($FF_authorizedUsers, $HTTP_SESSION_VARS["MM_UserAuthorization"])) {
$FF_grantAccess = 1;
}
}
if (!$FF_grantAccess) {
$FF_qsChar = "?";
if (strpos($FF_authFailedURL, "?")) $FF_qsChar = "&";
$FF_referrer = "Restricted Area";
$FF_authFailedURL = $FF_authFailedURL . $FF_qsChar . "accessdenied=" . urlencode($FF_referrer);
header("Location: $FF_authFailedURL");
exit;
}
?>
does this make any sense?
cheers
J
In any case, I can't see offhand why it's not working. What happens if you add the following to the bottom of a page
echo "<pre>";
echo<p>GLOBALS</p>
print_r($GLOBALS);
echo<p>SESSION</p>
print_r($_SESSION);
echo<p>POST</p>
print_r($_POST);
echo "\nFF_grantAccess = $FF_grantAccess \n";
echo "</pre>";
:-(
$GLOBALS['MM_UserGroup']
$FF_grantAccess
The thing you want to see is whether or not it's setting the access level correctly, but ignoring the setting, or simply setting it the same for everyone.
Tom
echoGLOBALS
print_r($GLOBALS);
echoSESSION
print_r($_SESSION);
echoPOST
print_r($_POST);
echo "\nFF_grantAccess = $FF_grantAccess \n";
for a user that SHOULD be allowed access it gives:
echoGLOBALS
print_r($GLOBALS);
echoSESSION
print_r($_SESSION);
echoPOST
print_r($_POST);
echo "\nFF_grantAccess = $FF_grantAccess \n";
exactly the same...what does this mean?
Tom
J
